Hey, Note that it does not work on Windows Vista since the hotfix doesnt updates registry when it has been installed. You need to have an alternative method to get a list of installed hotfixes, like WMI Interface.
On Oct 31, 2007 4:18 PM, Andrew Court <[EMAIL PROTECTED]> wrote: > > > Hi John, Thanks for our help. I really appreciate it. Ill test it today and > let you know how it goes. > > Thanks again, > > > Andrew Court > > IT Security Specialist | BT Retail - Ireland | > E:[EMAIL PROTECTED] |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899| > www.btireland.com > > > -----Original Message----- > From: John Scherff [mailto:[EMAIL PROTECTED] > Sent: 27 October 2007 07:09 > To: Andrew Court > Cc: [email protected] > Subject: RE: Plugin 13855 - installed hotfixes > > > Andrew, > > Not sure if you received this earlier. I sent it to you and to the list > this morning from my work account ( [EMAIL PROTECTED]), but it never > showed up on the list so we might be having SMTP issues. Anyway, here it is > from my personal email account, just in case. > > John > > * * * * * * > > > > Andrew, > > Nessus will tell you if you're missing any hotfixes. > > However, if you really need the list, try the below script... I tested it on > a couple hosts and it seems to work. Name it smb_hotfixes_list.nasl or > something, pick a different plugin ID if you wish (I can never remember > which range I'm supposed to use), place it in the > /opt/nessus/lib/nessus/plugins directory, run /opt/nessus/sbin/nessusd -t, > restart nessusd (just to be sure), and then run a scan. FYI, I put the > results in a hash first (rather than concatenating directly to the report > string) to remove duplicates and sort the output. > > If you want these in MSYY-NNN format, you'll have to write an include file > that does the mapping for you... probably an exercise in futility. > > Cheers, > > John Scherff > 24 Hour Fitness > Sr. IT Security Engineer > > > > # ========================================================== > # Author: John Scherff, 24 Hour Fitness, 25 October 2007 > # ========================================================== > > desc["english"] = " > Synopsis : > > Installed Windows Hotfixes > > Description : > > The Windows hotfixes listed below are installed on this computer. > > Risk factor : > > None"; > > if( description ) { > > script_id( 66001 ); > script_version( "$Revision: 1.60 $" ); > script_description( english: desc["english"] ); > script_category( ACT_GATHER_INFO ); > > name["english"] = "Installed Windows Hotfix List"; > script_name( english: name["english"] ); > > summary["english"] = "Lists Windows hotfixes that have been installed on > the computer."; > script_summary( english: summary["english"] ); > > copyright["english"] = "This Script is Copyright (C) 2007 John Scherff / > 24 Hour Fitness"; > script_copyright( english: copyright["english"] ); > > family["english"] = "Windows"; > script_family( english: family["english"] ); > > script_dependencies( "smb_hotfixes.nasl" ); > script_require_keys( "SMB/Registry/Enumerated" ); > > exit( 0 ); > } > > smbEnumerationStatus = get_kb_item( "SMB/Registry/Enumerated" ); > if( smbEnumerationStatus != TRUE ) exit( 0 ); > > hotfixHash = make_array(); > hotfixList = ''; > > kbPrefixAry = make_list( > "SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/*", > "SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/HotFix/*", > "SMB/Registry/HKLM/SOFTWARE/Microsoft/Fpc/Hotfixes/*", > "SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/Windows Media Player/*" > ); > > foreach kbPrefix ( kbPrefixAry ) { > kbHash = get_kb_list( kbPrefix ); > foreach kbKey ( keys( kbHash ) ) { > if( kbHash[kbKey] == TRUE ) { > match = eregmatch( > pattern: '/(KB[0-9]{6}[A-Z0-9_]{0,6})', > string: kbKey, > icase: TRUE > ); > if( match ) hotfixHash[match[1]] = 1; > } > } > } > > foreach hotfixKey ( sort( keys( hotfixHash ) ) ) { > hotfixList += ' - ' + hotfixKey + '\n'; > } > > if( hotfixList) { > report = string( desc["english"], '\n\nPlugin Output :\n\n' + hotfixList + > '\n' ); > security_note( port: 0, data: report ); > } > > > > > > ________________________________ > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Andrew Court > Sent: Thursday, October 25, 2007 12:10 PM > To: [email protected] > Subject: Plugin 13855 - installed hotfixes > > > > > Hi, > > This is probably pretty basic, but, here goes. Plugin 13855 enumerates the > list of installed hotfixes on a windows box. It stores the information in > the KB to prevent extended use of the remote registry. However I want that > list of installed hotfixes. How do I include it in the nsr/nbe report that > nessus outputs. I know I can use get_kb_item in a nasl script to get > information from the kb but I am not sure how to tell it which info to get. > I want the list of installed patches for a patch audit, so if anyone has any > custom scripts they have used for patch audits, I would be very much obliged > if they sent them to me. > > Kind Regards, > > Andrew Court > > IT Security Specialist | BT Retail - Ireland | > E: [EMAIL PROTECTED] |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899| > www.btireland.com > > _______________________________________________ > Nessus mailing list > [email protected] > http://mail.nessus.org/mailman/listinfo/nessus > -- Thanks, Pavithra.H Research Analyst, Thirdbrigade Labs Bangalore _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
