List Info

Thread: Extracting info from the Windows registry
Extracting info from the Windows registry
user name
 2006-12-14 16:26:06 

  


  

    Hi,

 


I have had 
many abortive attempts at trying to get report using the plug-in mentioned in " 
Sucking the Machine Name out of the Registry" 
from John Eder in 2004 .


 


Does anyone 
actually have a plug-in that they care to share?  All I am trying to do is 
to extract the computer name from our Windows machines' registry to help with 
our AV audit that we run each week as our current naming resolution is a bit 
....err .... umm .....on the flaky side ...




Kind 
Regards


 


Phil


 

  

  
  
   
     
    

  

    Extracting info from the Windows
registry
  


  

     user name

     2006-12-15 22:19:17
  


  

    
I wrote this plugin YEARS ago, I have no clue if it still
works. It did
at one point.
 ......................................................


#
# (C) Jeff Adams <jadamsnetcentrics.com>
#
if(description)
{
 script_id(98781);
 script_version("$Revision: 1.1 $");
 name["english"] = "Host Info Gathering
Script";
 
 script_name(english:name["english"]);
 
 desc["english"] = "
This script collects information useful in assisting
corporations
(System Administrators) in identifying machines on their
local LANs.
It is most useful when used in locating and identifying
machines flagged
as vulnerable by other plug-ins.
The following information will be collected:
User, Host, Domain, Owner, Org, OS, Version, Service Pack,
Start Time,
Manufacturer, Model, and CPU.

Solution: Info Only
Risk factor: None";

 script_description(english:desc["english"]);
 
 summary["english"] = "Host Info Gathering
Script";

 script_summary(english:summary["english"]);
 
 script_category(ACT_GATHER_INFO);
 
 script_copyright(english:"This script is Copyright (C)
2004 Jeff
Adams");
 family["english"] = "Windows";
 script_family(english:family["english"]);
 
 script_dependencies("netbios_name_get.nasl",
 		    
"smb_login.nasl","smb_registry_full_access.na
sl");
 script_require_keys("SMB/name",
"SMB/login", "SMB/password",
		     "SMB/registry_full_access");


 script_require_ports(139, 445);
 exit(0);
}

include("smb_nt.inc");
port = get_kb_item("SMB/transport");
if(!port)port = 139;



user = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon",
item:"DefaultUserName");
domain =
registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersionWinlogon",
item:"DefaultDomainName");
host =
registry_get_sz(key:"SYSTEMCurrentControlSetServices
TcpipParameters"
, item:"Hostname");
owner = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersion", item:"RegisteredOwner");
org = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersion",
item:"RegisteredOrganization");
os = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersion",
item:"ProductName");
ver = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersion", item:"CurrentVersion");
sp = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersion",
item:"CSDVersion");
time = registry_get_sz(key:"SOFTWAREMicrosoftWindows
NTCurrentVersionPrefetcher",
item:"StartTime");
make =
registry_get_sz(key:"SOFTWAREMicrosoftWindowsCurrent
VersionWindowsUp
dateOemInfo", item:"WbemOem");
model =
registry_get_sz(key:"SOFTWAREMicrosoftWindowsCurrent
VersionWindowsUp
dateOemInfo", item:"WbemProduct");
cpu =
registry_get_sz(key:"HARDWAREDESCRIPTIONSystemCentra
lProcessor",
item:"ProcessorNameString");

report = string ("This script collects information
useful in assisting
corporations (System Administrators) in identifying machines
on their
local LANs.
It is most useful when used in locating and identifying
machines flagged
as vulnerable by other plug-ins.

The following information was gathered about the remote
host:
User:   ", user, "
Domain:   ", domain, "
Host Name:   ", host, "
Registered Owner:   ", owner, "
Registrered Org:   ", org, "
OS:   ", os, "
Version:   ", ver, "
Service Pack :   ", sp, "
Start Time:   ", time, "
Manufacturer:   ", make, "
Model:   ", model, "
CPU:   ", cpu);
security_note(port:port, data:report);

________________________________

From: plugins-writers-bounceslist.nessus.org
[mailto:plugins-writers-bounceslist.nessus.org] On Behalf
Of Morris,
Philip (JSY)
Sent: Thursday, December 14, 2006 11:26 AM
To: 'plugins-writerslist.nessus.org.'
Subject: [Plugins-writers] Extracting info from the Windows
registry


Hi,
 
I have had many abortive attempts at trying to get report
using the
plug-in mentioned in " Sucking the Machine Name out of
the Registry"
from John Eder in 2004 .
 
Does anyone actually have a plug-in that they care to share?
 All I am
trying to do is to extract the computer name from our
Windows machines'
registry to help with our AV audit that we run each week as
our current
naming resolution is a bit ....err .... umm .....on the
flaky side ...

Kind Regards

 

Phil

_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers


  


  

    
  

  
  
   
     
    

  

    Extracting info from the Windows
registry
  


  

     user name

     2006-12-15 14:39:08
  


  

    

  


  

    It should be along the lines of

computername = get_kb_item("
SystemCurrentControlSetControlComputerNameComputerNameComputerName");

which is where the name of the computer is kept.

you will likely need to have


script_require_keys("SMB/Registry/Enumerated&quot;);

somewhere at the beginning. Another way to handle it would be to do something like what is found in the smb_reg_loginscreen.nasl script, which is pretty much the exact same thing (querying a single key and getting a value) only using 
SystemCurrentControlSetControlComputerNameComputerName 
as the key and "Computer Name" as the item

that's actually a pretty handy thing. Useful for writing some other things like "why is your machine name and dns name not the same".


On 12/14/06, Morris, Philip (JSY) < Philip.Morriskbci.com">Philip.Morriskbci.com
> wrote:









Hi,


 


I have had 
many abortive attempts at trying to get report using the plug-in mentioned in " 
Sucking the Machine Name out of the Registry&quot; 
from John Eder in 2004 .


 


Does anyone 
actually have a plug-in that they care to share?&nbsp; All I am trying to do is 
to extract the computer name from our Windows machines' registry to help with 
our AV audit that we run each week as our current naming resolution is a bit 
....err .... umm .....on the flaky side ...




Kind 
Regards


 


Phil


&nbsp;



_______________________________________________
Plugins-writers mailing list
list.nessus.org">Plugins-writerslist.nessus.org

http://mail.nessus.org/mailman/listinfo/plugins-writers






-- 
Doug Nordwall
Unix, Network, and Security Administrator
Noise proves nothing. Often a hen who has merely laid an egg cackles as if she laid an asteroid. -- Mark Twain

  

  
  
   
     
    






 [1-3]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )