1.4. The NASL Interpreter
Use the
NASL interpreter,
nasl, to run and test NASL scripts via the command
line. Invoke it with the -v flag to see what
version is installed on your system:
[notroot]$ nasl -v
nasl 2.0.10
Copyright (C) 1999 - 2003 Renaud Deraison <deraison@cvs.nessus.org>
Copyright (C) 2002 - 2003 Michel Arboi <arboi@noos.fr>
See the license for details
A vanilla Nessus installation comes packaged with NASL scripts that
act as
plug-ins for the
Nessus scanner. The Nessus server executes these scripts to test for
vulnerabilities, and you can find the scripts in the
/usr/local/lib/ness/plugins/ directory. You can
execute these scripts directly by invoking them with
nasl. For example, the
finger.nasl script checks to see if
fingerd is enabled on a remote host. Finger is a
service that listens on port 79 by default, and you can use it to
query information about
users. To run this script
against a host with the IP address of 192.168.1.1 using the NASL
interpreter, execute the following:
[notroot]$ nasl -t 192.168.1.1 finger.nasl
** WARNING : packet forgery will not work
** as NASL is not running as root
The 'finger' service provides useful information to attackers, since it allows
them to gain usernames, check if a machine is being used, and so on...
Here is the output we obtained for 'root' :
Login: root Name: System Administrator
Directory: /var/root Shell: /bin/sh
On since Wed 5 May 08:51 (CDT) on ttyp2 from 127.0.0.1:0.0
No Mail.
No Plan.
Solution : comment out the 'finger' line in /etc/inetd.conf
Risk factor : Low
[6533] plug_set_key:send(0)['1 finger/active=1;
'](0 out of 19): Socket operation on non-socket
The preceding output is from the finger.nasl
script, which was able to use the finger server
running on host 192.168.1.1 to find out information about the
root user.
|