Hi Michael, lots of thanks for your help :)
Cheers! 2014-05-30 18:54 GMT+02:00 Michael Meyer <[email protected]>: > *** Julián Vilas wrote: > > > I'd want to contribute with a simple plugin, but it's my first time. I've > > snooping the NVT development section of webpage and some scripts, but > till > > now I'm quite lost :). Could any point me to a good plugin example that I > > may use for doing something like this? > > > > For every tcp opened port send a payload and check the response. If the > > response matches a defined constant, then report a vulnerability. I've to > > say that the vulnerability is not an implementation bug that should be > > patched but it's a bad configuration that leads to remote code execution. > > ########## > > port = get_kb_item("TCP/PORTS"); # this will fork for every port > if( ! get_port_state( port ) ) exit( 0 ); > > soc = open_sock_tcp( port ); # open a socket > if( ! soc ) exit( 0 ); > > req = your_payload: > your_defined_constant = 'foobar'; > > send( socket:soc, data:req ); # send date > buf = recv( socket:soc, length: 512 ); # recv data > > close( soc ); > > if( ! buf ) exit( 0 ); > > if( buf =~ your_defined_constant ) # or eregmatch(), egrep(), ... > { > security_message( port:port ); > exit( 0 ); > } > > exit( 99 ); > > ########## > > If you have more questions, just send me a mail or join our irc > (http://openvas.org/online-chat.html) > > > -- > Michael Meyer OpenPGP Key: 0xAF069E9152A6EFA6 > http://www.greenbone.net/ > Greenbone Networks GmbH, Neuer Graben 17, 49074 Osnabrück | AG > Osnabrück, HR B 202460 > Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner > _______________________________________________ > Openvas-plugins mailing list > [email protected] > https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins >
_______________________________________________ Openvas-plugins mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-plugins
