Hello, > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On > Behalf Of Dražen Popovic > Sent: Saturday, February 27, 2010 12:48 AM > To: [email protected] > Subject: [Openvas-plugins] MS-RPC for GSoC > > Hello everyone. :) > > I have an idea for GSoC, so I would like to hear your > thoughts about it. > I've spent a lot of hours programming remote checks in NASL, > and I must admit that it was somewhat a painfull experience. > I think that remote checks are very important in pentesting, > as such NASL should provide a strong framework for their > development. By a "strong framework" I mean, various network > protocols support including packet building/dissecting > ".inc"s.
What others apart from DCERPC/SMB do you think are inadequate? It'll be useful information to list them all somewhere. > For example, my goal is to port all of Metasploits > DCERPC/SMB based exploits to OpenVAS in a form of intrusive > checks, also utilize the use of MSRPC in all kinds of > enumeration (service, users, shares...). So far my every step > in implementing MSRPC was severly slowed down due to > inadequate/incomplete NASL implementation of underlying > network protocols such as SMB and NetBT. Why MS-RPC (a > Microsofts port of DCE-RPC)? Because it seems to be a > vulnerability "surfboard". Just count the Metasploit > SMB/DCERPC exploit modules, or even CANVASs. To sum it all > up, my idea is to implement the MSRPC protocol in NASL, > including packet crafting .inc, data types handling (Network > Data Representation marshalling and unmarashalling), > statefull operations (bind, request, fault) and ofcourse > calls to Windows remote procedures extracted from SAMBA 4.0 > .idls. The main design guidelines would be Pythons Impacket > DCERPC implementation and a beautiful NMAPs NSE MSRPC implementation. Nice idea! I agree that the current facility available through smb_nt.inc is inadequate to write some of the SMB and RPC checks. We had discussed this during last DevCon and the idea that emerged was to integrate low level Samba functions into OpenVAS space. I still have to write CR for that. If you think it is possible to write .inc based on Impacket or MSRPC implementation of Nmap, it would be the way to go. Thanks, Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
