Hi. I wrote this plugin, which detects which port is running the SSH server. I'm just studying and testing plugins. In the PoC (Proof of Concept) I created 2 Virtual Machine (CentOS and Ubuntu), one is with SSH on port 22 and another on port 3333 only to learn it:
Sample: # script_id 99300 # plugin_id FINT-4310 # Mon 06 Jun 2011 11:21:19 AM BRT # Mauro Risonho de Paula Assumpção # Security Analist - Pentester # [email protected] # Port default 22 # Port 3333 if(description) { script_id(99300); script_copyright("This script is Copyleft 2011 GNU 3"); script_version("1.0"); name["english"] = "FINT-4310-Linux - Checking AFICK"; desc["english"] = "This script logs on the remote machine and checking AFICK. Risk: High"; script_description(english:desc["english"]); script_name(english:name["english"]); family["english"] = "FINT-Security"; script_family(english:family["english"]); summary["english"] = "This script logs on the remote machine and checking AFICK"; script_summary(english:summary["english"]); script_dependencie("find_service2.nasl"); script_category(ACT_INIT); exit(0); } include("misc_func.inc"); include("ssh_func.inc"); include("global_settings.inc"); account = "test"; password = "12345"; display("remote loginn"); soc = open_sock_tcp(22); if ( soc ) { ret = ssh_login(socket:soc, login:account, password:password); display("Checking AFICKn"); cmd000=ssh_cmd(socket:soc, cmd:"ps aux|grep 'afick'"); display(cmd000); close(soc); } else { soc = open_sock_tcp(3333); ret = ssh_login(socket:soc, login:account, password:password); display("Checking AFICKn"); cmd000=ssh_cmd(socket:soc, cmd:"ps aux|grep 'afick'"); display(cmd000); close(soc); } Actually the way I'm doing works, and I get the results exper. The problem that bothers me is that it puts on the password directly in the plugin. Besides being cumbersome, because if you have many plugins every time you changed the password, you should also make the change in the plugin is also very insecure and is not a good security practice. I had an answer in the list by Mr Michael Wiegand: "Take a look at other NVTs using ssh_func.inc. The functions kb_ssh_login() and kb_ssh_password() will return the information you are looking for. Remember to add a dependency to ssh_authorization.nasl if you have not already done so." I saw some examples but could not understand a simple way. If someone on the list have any simple example of the use or modify a bit to get my plugin to work with ssh_func.inc, I would greatly appreciate the help, because I'm a few weeks without this solution;) Thanks @firebitsbr
_______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
