Question 1.
I want to write a plugin to check for the existence of three specific files in the
c:\windows\system32 SMB share. I tried to find examples of other plugins
that look for specific files in an SMB share but could not find any. The
closest I found was smb_accessible_shares.nasl and
smb_accessible_shares_copyrighted_content.nasl but they loop through all
files on every share found. Can someone point me in the right direction
with an example of how to search for a specific file in a specific
directory?
Question 2.
One of the files I want to look for starts with an ASCII DEC 255
character. I wrote a test plugin to make sure the script renders the
name correctly. The following is the contents of the plugin:
packet = raw_string(0xff, 0x73, 0x76, 0x63, 0x68, 0x6F, 0x73,
0x74, 0x2E, 0x65,0x78, 0x65);
display("[", packet, "]\n");
Note: According to http://protein.bio.puc.cl/cardex/home/ascii.html
DEC 255 is Hex ff.
when I run this plugin I get the following output:
test:/var/lib/nessus/plugins# nasl test.nasl
[.svchost.exe]
test:/var/lib/nessus/plugins#
The dec 255 character is not a "."
Just to make sure I'm not mistaken I ran it through ood
test:/var/lib/nessus/plugins# nasl test.nasl |od -b
0000000 133 056 163 166 143 150 157 163 164 056 145 170 145 135 012
0000017
Is the raw string not rendered correctly by my bash shell, or is nessus
converting the DEC 255 character to a DEC 46 character?
Thank you,
--
- Josh
I want to write a plugin to check for the existence of three specific files in the
c:\windows\system32 SMB share. I tried to find examples of other plugins
that look for specific files in an SMB share but could not find any. The
closest I found was smb_accessible_shares.nasl and
smb_accessible_shares_copyrighted_content.nasl but they loop through all
files on every share found. Can someone point me in the right direction
with an example of how to search for a specific file in a specific
directory?
Question 2.
One of the files I want to look for starts with an ASCII DEC 255
character. I wrote a test plugin to make sure the script renders the
name correctly. The following is the contents of the plugin:
packet = raw_string(0xff, 0x73, 0x76, 0x63, 0x68, 0x6F, 0x73,
0x74, 0x2E, 0x65,0x78, 0x65);
display("[", packet, "]\n");
Note: According to http://protein.bio.puc.cl/cardex/home/ascii.html
DEC 255 is Hex ff.
when I run this plugin I get the following output:
test:/var/lib/nessus/plugins# nasl test.nasl
[.svchost.exe]
test:/var/lib/nessus/plugins#
The dec 255 character is not a "."
Just to make sure I'm not mistaken I ran it through ood
test:/var/lib/nessus/plugins# nasl test.nasl |od -b
0000000 133 056 163 166 143 150 157 163 164 056 145 170 145 135 012
0000017
Is the raw string not rendered correctly by my bash shell, or is nessus
converting the DEC 255 character to a DEC 46 character?
Thank you,
--
- Josh