Hello Chirstian, I don't have mDNS setup to try. In this line,
length = ord(stringa[51]) x 256 + ord(stringa[52]) - 1; You are trying to get ord() and call that 256 times. This ord(stringa[51]) will not change any number of times you call. That's why I was asking what you are trying to do in the above line. Chandra. -----Original Message----- From: Christian Eric Edjenguele [mailto:[email protected]] Sent: Friday, March 13, 2009 1:45 AM To: Chandrashekhar B Cc: [email protected] Subject: Re: [Openvas-plugins] help on nasl -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Chandrashekhar B wrote: > Christian, > > What's 'X' supposed to do in ln 80? Guess, you wanted it to be '*' ? the 'x' must repeat 'x times' the string, according to nasl documentation for more details please see the complete script bellow: # OpenVAS Vulnerability Test # $Id$ # Description: # MDNS, Bonjour, zeroconf Service detection and Information Gathering # # remote-detect-MDNS.nasl # # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2+, # as published by the Free Software Foundation # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. # if(description) { script_id(101002); name["english"] = "Ensure the presence of the MDNS Service"; script_name(english:name["english"]); desc["english"] = " The Remote Host is Running the MDNS Service. Zeroconf, or Zero Configuration Networking, often kwon as MDNS or Bonjour/rendez-vous, is a set of techniques that automatically create a usable IP network without configuration or special servers. Solution : It's recommanded to disable this service if not use. Risk factor : None"; script_description(english:desc["english"]); summary["english"] = "Detects the presence of the MDNS service"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Written by Christian Eric Edjenguele <[email protected]> and released under GPL v2 or later"); family["english"] = "Service detection"; script_family(english:family["english"]); script_require_ports(5353); exit(0); } # # The script code starts here # include("misc_func.inc"); # # Functions for mdns protocol manipulation # function grabHostInfos(stringa) { length = ord(stringa[51]) x 256 + ord(stringa[52]) - 1; straddr = substr(stringa, 54, 51 + length); pad = split(straddr, sep:"["); addr = str_replace(string:pad[1], find:"]", replace:""); na = str_replace(string:pad[0], find:"0xe20x800x99", replace:""); nb = str_replace(string:na, find:'\ ', replace:"-"); n = str_replace(string:nb, find:'\'', replace:""); limits = max_index(n) - 1; name = n[limits]; # save the mac address and hostname infos = make_array(0, addr, 1, name); return (infos); } function grabCpuInfos(stringa) { offset = 13 + ord(stringa[12]) + 23; # determine the limits to extract cpu type cpu_len = ord(stringa[offset]); mn = offset + 1; mj = mn + cpu_len; cpu_type = substr(stringa , mn , mj); # determine the limits to extract operating system type offset += cpu_len + 1; minor = offset + 1; major = minor + ord(stringa[offset]); pados = substr(stringa , minor , major ); os = split(pados, sep:";"); os_x = os[0]; # save cpu type and operating system infos = make_array(0, cpu_type, 1, os_x); return (infos); } function RunMDNSQuery(query, itype) { if(strlen(query) != 3) return; pkt2 = ""; pkt1 = "0x000x4a0x010x000x000x010x000x000x000x000x000x00"; foreach element (query) { length = strlen(element); pkt1 += raw_string(length) + element; } if(itype == 'PTR') pkt1 += "0x000x000x0c0x000x01"; if(itype == 'HINFO') { foreach element (query) { pkt1 += "0x000x0d0x000x010x00"; return (pkt1); } } return (pkt1); } # # NVT starts here # # define some local variables port = 5353; version = ""; qry1 = make_list('_daap', '_tcp', 'local'); qry2 = make_list('_workstation', '_tcp', 'local'); # forge the MDNS Host Infos negociation protocol pkt1 = RunMDNSQuery(query:qry1, itype:'PTR'); pkt2 = RunMDNSQuery(query:qry2, itype:'PTR'); if(get_port_state(port)) { soc = open_sock_udp(port); if(soc) { send(socket:soc, data:pkt1); send(socket:soc, data:pkt2); reply = recv(socket:soc, length:1024); if(reply) # get host informations hostinfos = grabHostInfos(stringa:reply); qry3 = make_list(hostinfos[1], 'local', ''); # forge the MDNS CPU Infos negociation protocol pkt3 = RunMDNSQuery(query:qry3, itype:'HINFO'); send(socket:soc, data:pkt3); reply = recv(socket:soc, length:4096); # get cpu informations cpuinfos = grabCpuInfos(stringa:reply); close(soc); } # save gathered informations into variables mac_address = hostinfos[0]; hostname = hostinfos[1]; cpu_type = cpuinfos[0]; operating_system = cpuinfos[1]; # build report string report = 'Hostname: ' + hostname; report += ' \nMAC Address: ' + mac_address; report += '\nCPU Type: ' + cpu_type; report += '\nOperating System: ' + operating_system; # Save informations into the kb set_kb_item (name:"MDNS/Host/hostname", value:hostname); set_kb_item (name:"MDNS/Host/OS", value:operating_system); set_kb_item (name:"MDNS/Host/MacAddress", value:mac_address); set_kb_item (name:"MDNS/Host/CpuType", value:cpu_type); register_service(port:port, ipproto:"udp", proto:"mdns"); # report MDNS service running security_note(port:port, data:report); } > > Chandra. > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Christian > Eric Edjenguele > Sent: Tuesday, March 10, 2009 6:23 PM > To: [email protected] > Subject: [Openvas-plugins] help on nasl > > Hello I'm writing a nvt to fingerprint os through MDNS on windows, I got > an error, see screenshot attached for details. > > any suggestion ? > Thanks. - -- Christian Eric Edjenguele IT Security Software Engineer / IT Enterprise Software Architect Mobile (IT): +39 3408580513 PGP KeyID: 0xB1654498 Key Server: http://pgp.mit.edu - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.9 (GNU/Linux) mQENBEmka7IBCAC5e8/9BlCZR/3XHMO4DWHYoewaODmQypHqPaCfKR+BLTAy8xLZ eVJ0wwNwaLheZeLPfBqu3r/lp58xJhgYHm9gzihfqPbmJh4Dibc/d2XL9UQ1eshs K0JkTlvZtdK5Zo5VmeOZCWlKEMXzlg6HjuYUV4qokqD3qIj6/rhubjtrjlw/XA8P 6pGOFhsDZFXbn+lj80XhRdkObMnmWU6wdgJvEPx1vxvhV9D1sJgZz6FVoXAfTOb3 EjYpluEKdDod46hhF45UJ4Avc8q4DaXxmci5Kdx9rzF2tbvB3Ua6O7l5RaMGNZR2 QtVY65xVxRfAYF+yE3n+YkFQxWGlqVIajry/ABEBAAG0WkNocmlzdGlhbiBFcmlj IEVESkVOR1VFTEUgKElUIFNlY3VyaXR5IFNvZnR3YXJlIEVuZ2luZWVyKSA8Y2hy aXN0aWFuLmVkamVuZ3VlbGVAb3dhc3Aub3JnPokBNgQTAQIAIAUCSaRrsgIbAwYL CQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJENETScWxZUSYS9QH+gOpYUPkon/D/eNm RLCbTaqJhSV6jRH9t+pomm6FiYgphCxDW96OpzA9BieiFEPHhVXAFcHkEBMlk/u0 wILqDNfBoZk3oCq0+/+Zc7z0zRZfgMHwB4czpqhUCrINEjLO0rb2Jff6Hh0C5S9w 8l+x9IiOG9hHNO8ftVr1sNHGDTAWNNZ+pcCt5ROhqiiqnZsvowO1TcDMKEGD9NTW BN+jLFGZRY9/MQsUkWoXBQ8K5S9AP1EPPbSTX68VTj0vINLTk2/XfsJlV9Vd9b7G NkhbAdrvujbqLHDSE3ALpx8sWKg2vPCUAxJJY6S6danpw/XPGKkpcSNfqn4k8sCV e+9MJSu5Ag0ESaRthQEQALEj8eO2WCRqhOHakHhpvGQ4tFEIDS6Z3mnBaNaMc9VM i89LNYvJOgOSnWvIu8EF6Ah+PnhOayb9E3wvH+0nfOwzp6XhDor7h8WLQNL+qzk3 cPxkxdfNDaQdyJclstUqa0nIaPOJgbIRs12N6bCxhAeOKffIkrIdDqjxshTI3S3z fq7choduX8tNHoFzIIl6T+4Q0QXMT8xu5MeBHr+vxlgqNUTWOQn6Q/B6QnrVzWDA gEq4Id45vN4j18iXGqMy8/xWQg3kRHaU563zx8u+7cjV81feMDbQiC6p6nqQHsD4 U07JIVDqjbJESLdeqju6HsNzYKohi/gxhsgouPXdFTrfgkWCklAGwqT7QE0ZnL/t SVC0xpmCLneXAxWGGo27zJKVJ1/iMUgi/i4R+u2K4eQbsBXXYwh0gSxwYReTyr+C 51ugKkvYjTy+U2Fedq3lXEVtnRV02zpO/LlpJR446jRAapVH+ZF9tGMoIHg5hATZ KEzGw9x19/wQSRumTvV0HAQ0lqWW9/0n2VuwI/Sh7YHQ2j/DhyF0blFrooGyIxd2 x5+Xu1PWlYwlUbu7ZsOw1V9cqL5yv5m+w4mL+h8ytHJHHL2Cg8/3qp/QxLT7CnfX fOHAjNxGkS/QfoxEhuSwigPi/Yd51wHcaOLyUdGceOZ79ciQtPgvCFdyrDrfDhSr ABEBAAGJAR8EGAECAAkFAkmkbYUCGwwACgkQ0RNJxbFlRJhbLAgAsCBA7KmGkTmQ mjPNA7Iig8tA5S9fYavbKydNQNxPpL47GLf9V3la4P2/LPLa3rH31Bt+ScfSqAKC 5/geB5BKwmQqRomsQpjhmrpBenPjYrUYG2dEB/BOMvOyvr3dTpWtAg5CwYYnHTNy yJn7dc7whiE94ZxqFdt58K0H5/H449/VHuCJue+uzy0ldrTK8VVpK6uGgrJc5kre 2bpdGVbALpC+yeNMyXCqgGigg9gu1iHXSSGgbQfW+AhsFpiN37fPq8zDNU2C8sp3 4Y45EYRmRCZ+0a9WSRnYALRZFdvjysKfRjP3o4Ax/d4cSi6v2pT93yfoA2TQMkLF E1MQObpE5A== =7VGF - -----END PGP PUBLIC KEY BLOCK----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEcBAEBAgAGBQJJuW0YAAoJENETScWxZUSYJJAH/Rv+fFLZbFj1JsEfk8L8QX6r zqyVFpvylk0FRO8S5Lz9ua6qYU47CBv1QcGmR0FPIe4LtOlTf1y2vkYI3xuNkAxr i/EPJzdjHLtHc50Kjdik6cae15snhjraBSpCLkusq2FMW52rzF+KMJ8/wvtgyluS kgJe3Hw9i5ojmzvr+xjiIueRiLJJFmYy+o3fCPR/U/c9cNMa2awdiNJDiDGn08BU wsCzm5zuQeaCLUKxOU6ST9qxlTTzH2N/1mhJfnxsK7L038IpurHnvjxpfM9Iwzr7 iUXGzDtw5w07/SSiwnqADSKSDhlnfLgrbkgyLugtJU1eb1JqGrNPGwleJ5tCzZc= =ZmWJ -----END PGP SIGNATURE----- _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
