Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
radmin detection
arboi at noos
Sep 3, 2002, 10:09 AM
Post #1 of 5 (1061 views)
Permalink
Not sure it is very useful...
Re: radmin detection [ In reply to ]
noamr at beyondsecurity
Sep 3, 2002, 10:27 AM
Post #2 of 5 (1036 views)
Permalink
Hi,

Actually if you do the following test (r is the return buffer):
if (r[5] == raw_string(0x01))
{
display("NTLM security enabled\n");
}
if (r[5] == raw_string(0x00))
{
display("Password security enabled\n");
}

You can know what type of security system was enabled.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "Michel Arboi" <arboi@noos.fr>
To: <plugins-writers@list.nessus.org>
Sent: Tuesday, September 03, 2002 8:09 PM
Subject: radmin detection


> Not sure it is very useful...
>
>
Re: radmin detection [ In reply to ]
arboi at noos
Sep 15, 2002, 2:10 AM
Post #3 of 5 (1035 views)
Permalink
"Noam Rathaus" <noamr@beyondsecurity.com> writes:

> Actually if you do the following test (r is the return buffer):
> if (r[5] == raw_string(0x01))
> {
> display("NTLM security enabled\n");
> }
> if (r[5] == raw_string(0x00))
> {
> display("Password security enabled\n");
> }

> You can know what type of security system was enabled.

I double-checked this morning: on my test configuration, I still get
the same reply with NTLM or password security.
Re: radmin detection [ In reply to ]
noamr at beyondsecurity
Sep 15, 2002, 3:38 AM
Post #4 of 5 (1038 views)
Permalink
Hi,

Weird... might be a fluke on my Radmin Server.

Thanks
Noam Rathaus
CTO
Beyond Security Ltd
http://www.SecurITeam.com
http://www.BeyondSecurity.com
----- Original Message -----
From: "Michel Arboi" <arboi@noos.fr>
To: <plugins-writers@list.nessus.org>
Sent: Sunday, September 15, 2002 12:10 PM
Subject: Re: radmin detection


> "Noam Rathaus" <noamr@beyondsecurity.com> writes:
>
> > Actually if you do the following test (r is the return buffer):
> > if (r[5] == raw_string(0x01))
> > {
> > display("NTLM security enabled\n");
> > }
> > if (r[5] == raw_string(0x00))
> > {
> > display("Password security enabled\n");
> > }
>
> > You can know what type of security system was enabled.
>
> I double-checked this morning: on my test configuration, I still get
> the same reply with NTLM or password security.
>
>
Re: radmin detection [ In reply to ]
arboi at noos
Sep 15, 2002, 3:58 AM
Post #5 of 5 (1038 views)
Permalink
On Sun, 15 Sep 2002 13:38:37 +0300
"Noam Rathaus" <noamr@beyondsecurity.com> wrote:

> Weird... might be a fluke on my Radmin Server.

Or a different version? I tried radmin v2.1
Anyway, I'll try to make the NASL script more robust.

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal