Mailing List Archive

On Tue, Nov 29, 2005 at 11:17:39PM +0800, ??(Allen) wrote:

> I need help to write a plugin that can call external program.
> For example, write a plugin to execute the "dir" command under the
> windows DOS mode or execute the "ls -a" command on the Linux ?
> Is it possible to do it ?

NASL plugins that run external programs need to be signed using the
private key corresponding to nessus_org.pem, which Renaud controls.

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

On Nov 29, 2005, at 11:55, George A. Theall wrote:

> On Tue, Nov 29, 2005 at 11:17:39PM +0800, ??(Allen) wrote:
>
>> I need help to write a plugin that can call external program.
>> For example, write a plugin to execute the "dir" command under the
>> windows DOS mode or execute the "ls -a" command on the Linux ?
>> Is it possible to do it ?
>
> NASL plugins that run external programs need to be signed using the
> private key corresponding to nessus_org.pem, which Renaud controls.


Or you can set the option "nasl_no_signature_check" to "yes" in
nessusd.conf (*)

To answer your question, if you want to execute a local command (on
the nessusd host) you'd do :


args = make_list("ls, "-a");
result = pread(cmd:"ls", argv:args);
display(results);


-- Renaud


(*) support for multiple keys is coming by the way
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Or, set nasl_no_signature_check = yes in nessusd.conf to override the
requirement for signed plugins. Make sure you understand and accept the
security implications of doing this.

To execute any shell command on a remote *nix system, first the system and
nessus have to be configured for local security checks over ssh according
to the documenation on the nessus web site. Then, it's as simple as having
the following in a nasl script:

You probably need the following in the description section (remove
comments):

script_dependencies("ssh_get_info.nasl"); # this makes sure that both
scripts don't run at the same time
script_require_keys("Secret/SSH/login"); # where the ssh credentials are
stored
script_require_ports(22, "Services/ssh"); # ssh has to be running on the
target

And you will need this at the start of your main code section:

include("ssh_func.inc"); # can't use this in a distributed script without
permission
port = kb_ssh_transport();
sock = ssh_login_or_reuse_connection();

Finally, to actually execute the command use something like this:

buf = ssh_cmd(socket:sock, cmd:"/usr/bin/ls -a
/path/you/want/listing/of/*");
if ( buf )
<process the command output>

Note that you cannot distribute a script that calls ssh_func.inc without
permission from Tenable. There should be no problems using it internally.
I'm using about 100 scripts I've written that check contents of various
configuration files, file permissions, etc. on Unix systems.

It would be difficult to write a plugin that would execute the "dir" DOS
mode command on Windows, unless the system has an ssh server on it. If you
really need to do this, there are plenty of good ssh servers for Windows.
There are functions within smb_func.inc that can probably be used to do
what you want. Again, you cannot distribute a script that calls
smb_func.inc without permission from Tenable.

Jerry Heidtke

plugins-writers-bounces@list.nessus.org wrote on 11/29/2005 10:55:14 AM:

> On Tue, Nov 29, 2005 at 11:17:39PM +0800, ??(Allen) wrote:
>
> > I need help to write a plugin that can call external program.
> > For example, write a plugin to execute the "dir" command under the
> > windows DOS mode or execute the "ls -a" command on the Linux ?
> > Is it possible to do it ?
>
> NASL plugins that run external programs need to be signed using the
> private key corresponding to nessus_org.pem, which Renaud controls.
>
> George
> --
> theall@tenablesecurity.com
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@list.nessus.org
> http://mail.nessus.org/mailman/listinfo/plugins-writers

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Hello,

Thank for your reply.
I just write these scripts to check my system internally and never
distribute them.
I have three questions about execute local command as follow:
1. Can it support all UNIX like system? For example,
Linux,FreeBSD,Sun..ect.
2. From Renaud's reeply, should I include any function on my script ?
3. Can I execute any local command from my script ? Any limitation ?

Regrads,

Allen

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers