Hello everyone. :) I have an idea for GSoC, so I would like to hear your thoughts about it. I've spent a lot of hours programming remote checks in NASL, and I must admit that it was somewhat a painfull experience. I think that remote checks are very important in pentesting, as such NASL should provide a strong framework for their development. By a "strong framework" I mean, various network protocols support including packet building/dissecting ".inc"s. For example, my goal is to port all of Metasploits DCERPC/SMB based exploits to OpenVAS in a form of intrusive checks, also utilize the use of MSRPC in all kinds of enumeration (service, users, shares...). So far my every step in implementing MSRPC was severly slowed down due to inadequate/incomplete NASL implementation of underlying network protocols such as SMB and NetBT. Why MS-RPC (a Microsofts port of DCE-RPC)? Because it seems to be a vulnerability "surfboard". Just count the Metasploit SMB/DCERPC exploit modules, or even CANVASs. To sum it all up, my idea is to implement the MSRPC protocol in NASL, including packet crafting .inc, data types handling (Network Data Representation marshalling and unmarashalling), statefull operations (bind, request, fault) and ofcourse calls to Windows remote procedures extracted from SAMBA 4.0 .idls. The main design guidelines would be Pythons Impacket DCERPC implementation and a beautiful NMAPs NSE MSRPC implementation.
Regards, D. -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
