Mailing List Archive: Write a plugin to determine if LanDesk client is NOT listening

Write a plugin to determine if LanDesk client is NOT listening

Oct 6, 2006, 3:34 PM

Post #1 of 3 (2488 views)

Hello
I'm trying to write a plugin that scans hosts and only reports back
the workstations who are not
listening on tcp 9595 for LanDesk.

I pinched some code from telnet.nasl

please tell me if I'm on target:

# The script code starts here
#
include("misc_func.inc");

port = 9595;

if(get_port_state(port))
{
soc = open_sock_tcp(port);
if(!soc)
# security_note(port);
print "LanDesk not found";
}

Re: Write a plugin to determine if LanDesk client is NOT listening [ In reply to ]

theall at tenablesecurity

Oct 6, 2006, 5:27 PM

Post #2 of 3 (2366 views)

Permalink

On Fri, Oct 06, 2006 at 06:34:58PM -0400, James Kelly wrote:

> I'm trying to write a plugin that scans hosts and only reports back the
> workstations who are not
> listening on tcp 9595 for LanDesk.
...
> port = 9595;
>
> if(get_port_state(port))
> {
> soc = open_sock_tcp(port);
> if(!soc)
> # security_note(port);
> print "LanDesk not found";

This merely tests whether port 9595 is open. [.The 'print' statement,
btw, is invalid. What you probably want is something like
'security_note(port:port, data:"LanDesk not found");'.] While that might
meet your needs, I'd recommend adding some code that makes sure LanDesk
is really running on that port.

I'm not familiar with the app. How does it operate? Does Nessus
currently identify it? Does it spit out a banner when one connects? Or
can you simulate an initial connection as part of your check?

George
--
theall@tenablesecurity.com
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers

Re: Write a plugin to determine if LanDesk client is NOT listening [ In reply to ]

mikhail at nessus

Oct 7, 2006, 2:30 AM

Post #3 of 3 (2369 views)

Permalink

On Sat Oct 07 2006 at 00:34, James Kelly wrote:

> port = 9595;
> if(get_port_state(port))
> {
> soc = open_sock_tcp(port);
> if(!soc)
> # security_note(port);
> print "LanDesk not found";
> }

The logic is wrong.
get_port_state will return TRUE if :
- port 9595 was not scanned and "consider unscanned ports as closed"
is FALSE.
or:
- port 9595 was scanned and it is open.

Let's suppose it is scanned:
If it is open, get_port_state will return TRUE, and unless something
bad happens on the network at the moment, open_sock_tcp will succeed.
If it is closed, get_port_state will return FALSE.
In both cases, you don't execute the security_note statement (BTW, as
George said, there is nothing like "print" in NASL. Use display or
log_print from "global_settings.inc")

Your script will only work in one case:
the port is closed AND it was not scanned AND "consider unscanned
ports as closed" is unchecked.

Try something like this:

port = 9595;
k = strcat("Ports/tcp/", port);
if (get_kb_item(k)) # Port was found open by the scanner
exit(0);

flag = get_preference("unscanned_closed") ;
if (flag) exit(0); # Don't connect to unscanned or closed port

# Here, either the port is closed, or it was not scanned

soc = open_sock_tcp(port);
if (!soc)
security_note(port: port,
data: "Port is closed. LanDesk is not running");

If you want your script to always test 9595 even if it is not in the
port range, remove the get_preference call.
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers