Hi,
Been trying to use the SMB Registry : NT4 Service Pack version plugin to
come up with a plugin that detects Symantec Corp Edition Antivirus
version
When trying to load nessus (/opt/nessus/sbin/nessusd -D) I get the
following error
[4459] Could not allocate a pointer of size 1902128079 !
This is the modifications I did to the original plugin, my coding
abilities are not great, any help will be appreciated.
Thx
#
# This script was originally written by Tenable Network Security as SMB
Registry : NT4 Service Pack version
#
#
#
desc["english"] = "
Synopsis :
Symantec Anti Virus Corporate Edition Version.
Description :
By reading the registry key
HKLM\\SOFTWARE\\Intel\\LANDesk\\VirusProtect6\\Currentversion
it was possible to determine which version of Symantec AV CE is
installed.
Risk factor : None";
if(description)
{
script_id(90000);
script_version ("$Revision: 1.00 $");
name["english"] = "SMB Registry : Symantec Anti Virus Corporate Edition
Version";
script_name(english:name["english"]);
script_description(english:desc["english"]);
summary["english"] = "Determines the remote Anti Virus Corporate Edition
Version";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"none");
family["english"] = "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl", "smb_login.nasl",
"smb_registry_access.nasl");
if ( defined_func("bn_random") )
script_dependencie("ssh_get_info.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login",
"SMB/password", "SMB/registry_access");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
access = get_kb_item("SMB/registry_access");
if(!access)exit(0);
port = get_kb_item("SMB/transport");
if(!port)port = 139;
#---------------------------------------------------------------------#
# Here is our main() #
#---------------------------------------------------------------------#
name = kb_smb_name(); if(!name)exit(0);
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
port = kb_smb_transport();
if ( ! get_port_state(port) ) exit(0);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 ) exit(0);
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
NetUseDel();
exit(0);
}
key = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion";
item = "ProductVersion";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if ( ! isnull(key_h) )
{
value = RegQueryValue(handle:key_h, item:item);
if (!isnull (value))
set_kb_item(name:"SMB/SymantecVersion", value:value[1]);
if(value[1] == "131073002")
{
value2 = "10.0.2.2000"
set_kb_item(name:"SMB/Symantec/Version", "10.0.2.2000");
}
else if(value[1] == "65537001")
{
value2 = "10.0.2.2000"
set_kb_item(name:"SMB/Symantec/Version", "10.0.1.1000");
}
report = string (desc["english"],
"\n\nPlugin output :\n\n",
"The remote machine is running ", value2);
security_hole(data:report, port:port);
}
RegCloseKey(handle:key_h);
RegCloseKey(handle:hklm);
NetUseDel();
Been trying to use the SMB Registry : NT4 Service Pack version plugin to
come up with a plugin that detects Symantec Corp Edition Antivirus
version
When trying to load nessus (/opt/nessus/sbin/nessusd -D) I get the
following error
[4459] Could not allocate a pointer of size 1902128079 !
This is the modifications I did to the original plugin, my coding
abilities are not great, any help will be appreciated.
Thx
#
# This script was originally written by Tenable Network Security as SMB
Registry : NT4 Service Pack version
#
#
#
desc["english"] = "
Synopsis :
Symantec Anti Virus Corporate Edition Version.
Description :
By reading the registry key
HKLM\\SOFTWARE\\Intel\\LANDesk\\VirusProtect6\\Currentversion
it was possible to determine which version of Symantec AV CE is
installed.
Risk factor : None";
if(description)
{
script_id(90000);
script_version ("$Revision: 1.00 $");
name["english"] = "SMB Registry : Symantec Anti Virus Corporate Edition
Version";
script_name(english:name["english"]);
script_description(english:desc["english"]);
summary["english"] = "Determines the remote Anti Virus Corporate Edition
Version";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"none");
family["english"] = "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl", "smb_login.nasl",
"smb_registry_access.nasl");
if ( defined_func("bn_random") )
script_dependencie("ssh_get_info.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login",
"SMB/password", "SMB/registry_access");
script_require_ports(139, 445);
exit(0);
}
include("smb_func.inc");
access = get_kb_item("SMB/registry_access");
if(!access)exit(0);
port = get_kb_item("SMB/transport");
if(!port)port = 139;
#---------------------------------------------------------------------#
# Here is our main() #
#---------------------------------------------------------------------#
name = kb_smb_name(); if(!name)exit(0);
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
port = kb_smb_transport();
if ( ! get_port_state(port) ) exit(0);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);
session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 ) exit(0);
hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
NetUseDel();
exit(0);
}
key = "SOFTWARE\INTEL\LANDesk\VirusProtect6\CurrentVersion";
item = "ProductVersion";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if ( ! isnull(key_h) )
{
value = RegQueryValue(handle:key_h, item:item);
if (!isnull (value))
set_kb_item(name:"SMB/SymantecVersion", value:value[1]);
if(value[1] == "131073002")
{
value2 = "10.0.2.2000"
set_kb_item(name:"SMB/Symantec/Version", "10.0.2.2000");
}
else if(value[1] == "65537001")
{
value2 = "10.0.2.2000"
set_kb_item(name:"SMB/Symantec/Version", "10.0.1.1000");
}
report = string (desc["english"],
"\n\nPlugin output :\n\n",
"The remote machine is running ", value2);
security_hole(data:report, port:port);
}
RegCloseKey(handle:key_h);
RegCloseKey(handle:hklm);
NetUseDel();