Hello,
I want to retrieve the information from Windows server 2000 Active
Directory.
For example,
I want to check the directory as follow :
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administ
rative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
and check the attribute "oWAServer".
Is it possible to write a plugin to do it?
I find a plugin from Nessus Script.
The plugin ID is 12105 and the script as follow:
if (description)
{
script_id(12105);
script_version ("$Revision: 1.4 $");
name["english"] = "Use LDAP search request to retrieve information from
NT Directory Services";
script_name(english:name["english"]);
script_description(english:desc["english"]);
summary["english"] = "Use LDAP search request to retrieve information
from NT Directory Services";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004 David
Kyger");
script_family(english:"Remote file access");
script_require_ports(389);
exit(0);
}
#
# The script code starts here
#
include("misc_func.inc");
port = 389;
if ( ! get_port_state(port) ) exit(0);
senddata = raw_string(
0x30, 0x25, 0x02, 0x01, 0x01, 0x63, 0x20, 0x04, 0x00, 0x0a,
0x01, 0x00, 0x0a, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01,
0x00, 0x01, 0x01, 0x00, 0x87, 0x0b, 0x6f, 0x62, 0x6a, 0x65,
0x63, 0x74, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x30, 0x00
);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
send(socket:soc, data:senddata);
buf = recv(socket:soc, length:4096);
close(soc);
version = string(buf);
if (buf == NULL) exit(0);
if ("NTDS" >< buf) {
hbuf = hexstr(buf);
ntdsinfo = strstr(hbuf, "4e54445320");
ntdsinfo = ntdsinfo - strstr(ntdsinfo, "308400");
ntdsinfo = hex2raw(s:ntdsinfo);
warning = warning + string(ntdsinfo,"\n\n");
report = string (desc["english"],
"\n\nPlugin output :\n\n",
"The following information was pulled from the server via a LDAP
request:\n",
warning);
security_note(port:port, data:report);
}
Could someone give me a hint to make it possible ?
TIA,
allen
I want to retrieve the information from Windows server 2000 Active
Directory.
For example,
I want to check the directory as follow :
^CN=[^,]+,CN=IMAP4,CN=Protocols,CN=[^,]+,CN=Servers,CN=[^,]+,CN=Administ
rative Groups,CN=[^,]+,CN=Microsoft Exchange,CN=Services$
and check the attribute "oWAServer".
Is it possible to write a plugin to do it?
I find a plugin from Nessus Script.
The plugin ID is 12105 and the script as follow:
if (description)
{
script_id(12105);
script_version ("$Revision: 1.4 $");
name["english"] = "Use LDAP search request to retrieve information from
NT Directory Services";
script_name(english:name["english"]);
script_description(english:desc["english"]);
summary["english"] = "Use LDAP search request to retrieve information
from NT Directory Services";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004 David
Kyger");
script_family(english:"Remote file access");
script_require_ports(389);
exit(0);
}
#
# The script code starts here
#
include("misc_func.inc");
port = 389;
if ( ! get_port_state(port) ) exit(0);
senddata = raw_string(
0x30, 0x25, 0x02, 0x01, 0x01, 0x63, 0x20, 0x04, 0x00, 0x0a,
0x01, 0x00, 0x0a, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01,
0x00, 0x01, 0x01, 0x00, 0x87, 0x0b, 0x6f, 0x62, 0x6a, 0x65,
0x63, 0x74, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x30, 0x00
);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
send(socket:soc, data:senddata);
buf = recv(socket:soc, length:4096);
close(soc);
version = string(buf);
if (buf == NULL) exit(0);
if ("NTDS" >< buf) {
hbuf = hexstr(buf);
ntdsinfo = strstr(hbuf, "4e54445320");
ntdsinfo = ntdsinfo - strstr(ntdsinfo, "308400");
ntdsinfo = hex2raw(s:ntdsinfo);
warning = warning + string(ntdsinfo,"\n\n");
report = string (desc["english"],
"\n\nPlugin output :\n\n",
"The following information was pulled from the server via a LDAP
request:\n",
warning);
security_note(port:port, data:report);
}
Could someone give me a hint to make it possible ?
TIA,
allen