1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#
# This script was written by Noam Rathaus <noamr@securiteam.com>
#
# See the Nessus Scripts License for details
#
if(description)
{
script_id(10175);
script_version ("$Revision: 1.16 $");
name["english"] = "Detect presence of PGPNet server and its version";
script_name(english:name["english"]);
desc["english"] = "
It is possible to detect the existing of PGPNet, by connecting to its
open UDP port (500) and sending it a session init packet, the PGPNet daemon
would respond (making it possible to know that PGPNet is installed on the
computer) with the version of the OpenPGP package it uses.
Solution: Block those ports from outside communication
Risk factor : Medium";
script_description(english:desc["english"]);
summary["english"] = "Detect presence of PGPNet server and its version";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 1999 SecuriTeam");
script_family(english:"Service detection");
exit(0);
}
#
# The script code starts here
#
if(islocalhost())exit(0);
srcaddr = this_host();
dstaddr = get_host_ip();
magic_num = rand();
r1 = rand() % 255;
r2 = rand() % 255;
raw_data = raw_string(
r1, r2, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x0D, 0x00, 0x00, 0x5C, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x01, 0x01, 0x00,
0x02, 0x03, 0x00, 0x00, 0x24, 0x01, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x06,
0x80, 0x02, 0x00, 0x02, 0x80, 0x03, 0x00, 0x03, 0x80, 0x04, 0x00, 0x05, 0x80,
0x0B, 0x00, 0x01, 0x00, 0x0C, 0x00, 0x04, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00,
0x00, 0x24, 0x02, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x05, 0x80, 0x02, 0x00,
0x01, 0x80, 0x03, 0x00, 0x03, 0x80, 0x04, 0x00, 0x02, 0x80, 0x0B, 0x00, 0x01,
0x00, 0x0C, 0x00, 0x04, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00, 0x00, 0x10);
raw_data = raw_data + "OpenPGPdetect";
IPH = 20;
UDPH = 8;
PGPNET_BASE = 137;
UDP_LEN = UDPH + PGPNET_BASE;
IP_LEN = IPH + UDP_LEN;
ip = forge_ip_packet(ip_v : 4,
ip_hl : 5,
ip_tos : 0,
ip_len : IP_LEN,
ip_id : 0xABBA,
ip_p : IPPROTO_UDP,
ip_ttl : 255,
ip_off : 0,
ip_src : srcaddr,
ip_dst : dstaddr);
dstport = 500;
srcport = 500;
udpip = forge_udp_packet(ip : ip,
uh_sport : srcport,
uh_dport : dstport,
uh_ulen : UDP_LEN, #udp = 8
data : raw_data);
filter = string("((udp and dst port ", srcport, ") or (icmp)) and src host ", dstaddr, " and dst host ", srcaddr);
result_suc = send_packet(udpip, pcap_active:TRUE, pcap_filter:filter);
if (result_suc)
{
protocol_type = get_ip_element(ip:result_suc, element:"ip_p");
if (protocol_type == IPPROTO_UDP)
{
result = get_udp_element(udp:result_suc, element:"data");
if(strlen(result) < 88) exit(0);
if ((result[2] == raw_string(0x00)) && (result[3] == raw_string(0x00)) &&
(result[4] == raw_string(0x00)) && (result[5] == raw_string(0x00)) &&
(result[6] == raw_string(0x00)) && (result[7] == raw_string(0x00)))
{
if (
(result[16] == raw_string(0x01)) && (result[17] == raw_string(0x10)) &&
(result[18] == raw_string(0x02)))
{
OpenPGP = "";
for (i = 0; i < 1000; i = i + 1)
{
if (result[88+i] == raw_string(0x00))
{
i = 1000;
}
else
{
OpenPGP = OpenPGP + result[88+i];
}
}
if (i == 1000)
{
warning_text = "PGPNet uses OpenPGP build version: ";
warning_text = warning_text + OpenPGP;
security_note(port:500, data:warning_text);
}
}
}
}
}
|
