List Info

Thread: Accessing multiple sub keys in the Windows registery
Accessing multiple sub keys in the Windows registery
user name
 2006-04-06 15:49:24 

  


  

    Thank you for the Help

Below is the code that I'm working with


 


if(description)
{
 script_name(english:"DCOM LaunchPermissions");
desc["english"] = "



Solution : Verify that the Launch Permission are correct and meet the requires outlined in the 
organization security Policy
Reference http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dndcom/html/msdn_dcomtec.asp
Risk factor : High";
 script_description(english:"Connect to a remote registry and check the DCOM Launch Permissions");
 script_summary(english:"connects on remote tcp port 135");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Windows");
 script_copyright(english:"This script was written by ***");
script_dependencies("netbios_name_get.nasl",
"smb_login.nasl", "smb_registry_access.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login", "SMB/password", "SMB/registry_access");
script_require_ports(139, 445);
  exit(0);
}



# Setup Connection
if ( ! get_port_state(port) ) exit(0);
soc = open_sock_tcp(port);
if ( ! soc ) exit(0);


session_init(socket:soc, hostname:name);
r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 ) exit(0);



#To read the value of a subkey; Function ReadRegistryGetSubkey which allows you to enumerate
#all the keys below a specified key. Useful for building a directory tree of the registry just call it
#continuously until "Not Found" is returned and store the returned value(s) in an array or something.


Text1 = 0;
Res = 0;
i = 0;
Text1.Text = [ "one", "two", "three" ]; 


RegistryLocation = "AppID\.Default";
Text1 = ReadRegistry(HKEY_CLASSES_ROOT, RegistryLocation, "");
Res = ReadRegistryGetSubkey(HKEY_CLASSES_ROOT, "AppID", i);
Do Until Res = "Not Found"
   Text1.Text = Text1.Text & " " & Res
   i = i + 1
   Res = ReadRegistryGetSubkey(HKEY_CLASSES_ROOT, "AppID", i);
exit(0);
}


 


What I'm trying to do is take the output from the loop, and write it to an array. 


 


When I run nasl -t localhost ip address /opt/nessus/lib/nessus/plugins/dcom2.nasl


I get an error, syntax error, unexpected IDENT


on or near line 48


 ;


Nessusd loads all the other plugins but fails the dcom2.nasl


-------------- Original message -------------- 
From: "George A. Theall" <thealltenablesecurity.com&gt; 

> On Thu, Apr 06, 2006 at 01:04:46PM +0000, jfvanmetercomcast.net wrote: 
> 
> > Would this work to to enumerate all the keys below a specified key and 
> > store the values? 
> 
> Personally, I'd find it more useful if you included actual code snippets 
> along with any output you do receive. 
> 
> > when i run nasl -t localhost appid.nasl I dont' 
> > receive any errors, 
> 
> What happens when you run it via nessusd? 
> 
> 
> George 
> -- 
> thealltenablesecurity.com 
> _______________________________________________ 
> Plugins-writers mailing list 
> Plugins-writerslist.nessus.org 
> http://mail.nessus.org/mailman/listinfo/plugins-wr
 iters 

  

  
  
   
     
    

  

    Accessing multiple sub keys in the
Windows registery
  


  

     user name

     2006-04-06 19:51:31
  


  

    
On Thu, Apr 06, 2006 at 03:49:24PM +0000, jfvanmetercomcast.net wrote:

> # Setup Connection
> if ( ! get_port_state(port) ) exit(0);

You haven't initialized 'port'.

> #To read the value of a subkey; Function
ReadRegistryGetSubkey which
> allows you to enumerate
> #all the keys below a specified key. Useful for
building a directory
> tree of the registry just call it
> #continuously until "Not Found" is returned
and store the returned
> value(s) in an array or something.
> Text1 = 0;
> Res = 0;
> i = 0;
> Text1.Text = [ "one", "two",
"three" ];
> RegistryLocation = "AppID\.Default";
> Text1 = ReadRegistry(HKEY_CLASSES_ROOT,
RegistryLocation, "");
> Res = ReadRegistryGetSubkey(HKEY_CLASSES_ROOT,
"AppID", i);
> Do Until Res = "Not Found"
>    Text1.Text = Text1.Text & " " &
Res
>    i = i + 1
>    Res = ReadRegistryGetSubkey(HKEY_CLASSES_ROOT,
"AppID", i);
> exit(0);

Where did you come up with this? This looks like
VisualBasic, not NASL.

Take a look at Michel Arboi's on-line NASL reference,
<http://mich
el.arboi.free.fr/nasl2ref/>, especially the part
about
smb_nt.inc. Then take an existing plugin and use it as a
template to do
what you want. For example, gator.nasl is a really simple
one that pulls
info from the registry.

Btw, note that you can't use the commandline NASL
interpreter to access
the remote Windows registry; you will need to run your
scripts using
nessusd.


George
_______________________________________________
Plugins-writers mailing list
Plugins-writerslist.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers


  


  

    
  

  
  
   
     
    






 [1-2]











   
 





about | contact  Other archives ( Real Estate discussion Medical topics )