Re: How to select only Local Audits to Windows?

Tue, 15 Aug 2006 18:47:49 -0700 

Hi Nicolas,

Thank you, perfect exactilly what I needes. This list
is updated daily ?

Maybe a little off topic, bus if you can clarify me
this lines:

1) The line "if ( hotfix_check_sp(xp:3, win2k:5,
win2003:1) <= 0 ) exit(0);" check the OS Version, so
it  check the Operation system and SP installed? 

In the case Windows XP with SP3 or Windows 2000 with
SP5 or Windows 2003 with SP1 ? If I would like to
check a machine with Windows 2003 without service
pack, should I replace "win2003:1" by "win2003:0" ?

Well, it check this versions and if the version is
lower than this specified it call exit() with make me
thing it skip this check (and doesn't report it
vulnerable), I'm right? But if it's doesn't have the
basic SP requeriments shouldn't it be reported as
vulnerable?

2) This line " if ( hotfix_is_vulnerable (os:"5.2",
sp:0, file:"Authz.dll", version:"5.2.3790.274",
dir:"\system32") ||
hotfix_is_vulnerable (os:"5.1", sp:1,
file:"Authz.dll", version:"5.1.2600.1634",
dir:"\system32") ||
hotfix_is_vulnerable (os:"5.1", sp:2,
file:"Authz.dll", version:"5.1.2600.2622",
dir:"\system32") ||
hotfix_is_vulnerable (os:"5.0", file:"Authz.dll",
version:"5.0.2195.7028", dir:"\system32") )
security_hole (get_kb_item("SMB/transport"));"

The os: 5.0 mean Windows 2000? The os: 5.1 mean
Windows XP? The os: 5.2 mean Windows 2003? And
longhorn (os:5.3)?

What make this security_hole() function, report it as
vulnerable? what is the get_bk_item()

3) The line "if ( hotfix_missing(name:"890859") > 0 )"
check for a hotfix missing. Why not check only with
hotfix_is_vulnerable() or hotfix_missing()? Why test
with both? Only one should be enought to detect if the
system is vulnerable?

Thank you and sorry for amount of questions,

Cheers



--- Nicolas Pouvesle <[EMAIL PROTECTED]>
escreveu:

> Danett song wrote:
> > Hi Nicolas,
> > 
> > I understood. But is there any online place where
> I
> > can see all source codes of nasl plugins to
> Windows
> > family Local Exploits?
> > 
> 
>
http://www.nessus.org/plugins/index.php?view=all&family=Windows+%3A+Microsoft+Bulletins
> ?
> 
> 
> Nicolas
> _______________________________________________
> Nessus mailing list
> [email protected]
> http://mail.nessus.org/mailman/listinfo/nessus
> 



                
_______________________________________________________ 
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. 
Registre seu aparelho agora! 
http://br.mobile.yahoo.com/mailalertas/ 
 

_______________________________________________
Nessus mailing list
[email protected]
http://mail.nessus.org/mailman/listinfo/nessus

Reply via email to