*** Julián Vilas wrote:
> I'd want to contribute with a simple plugin, but it's my first time. I've
> snooping the NVT development section of webpage and some scripts, but till
> now I'm quite lost :). Could any point me to a good plugin example that I
> may use for doing something like this?
>
> For every tcp opened port send a payload and check the response. If the
> response matches a defined constant, then report a vulnerability. I've to
> say that the vulnerability is not an implementation bug that should be
> patched but it's a bad configuration that leads to remote code execution.
##########
port = get_kb_item("TCP/PORTS"); # this will fork for every port
if( ! get_port_state( port ) ) exit( 0 );
soc = open_sock_tcp( port ); # open a socket
if( ! soc ) exit( 0 );
req = your_payload:
your_defined_constant = 'foobar';
send( socket:soc, data:req ); # send date
buf = recv( socket:soc, length: 512 ); # recv data
close( soc );
if( ! buf ) exit( 0 );
if( buf =~ your_defined_constant ) # or eregmatch(), egrep(), ...
{
security_message( port:port );
exit( 0 );
}
exit( 99 );
##########
If you have more questions, just send me a mail or join our irc
(http://openvas.org/online-chat.html)
--
Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6
http://www.greenbone.net/
Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG
Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
_______________________________________________
Openvas-plugins mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
