文章作者:zhouzhen [E.S.T]
信息来源:邪恶八进制信息安全团队
最近在写毕业论文,时间少,也没发什么东西,丢个垃圾上来。:)
使用的是Nessus的nasl脚本语言
复制内容到剪贴板
代码:
if(description)
{
script_id(1000000);
script_version ("$Revision: 1.0 $");
name["english"] = "detect os";
script_name(english:name["english"]);
desc["english"] = "
This script connects to the remote host
using a null session, and detect os type
Risk factor : Medium";
script_description(english:desc["english"]);
summary["english"] = "determinite remote windows host os type";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2005 zhouzhen");
family["english"] = "Windows";
script_family(english:family["english"]);
script_dependencies("netbios_name_get.nasl", "smb_login.nasl");
script_require_keys("SMB/transport", "SMB/name", "SMB/login", "SMB/password");
script_require_ports(139, 445);
exit(0);
}
include("smb_nt.inc");
if ( get_kb_item("SMB/samba") ) exit(0);
name = kb_smb_name();
if(!name)
name = "*SMBSERVER";
_smb_port = kb_smb_transport();
if(!_smb_port)
_smb_port = 139;
if(!get_port_state(_smb_port))return(FALSE);
login = kb_smb_login();
pass = kb_smb_password();
domain = kb_smb_domain();
if(!login)login = "";
if(!pass) pass = "";
soc = open_sock_tcp(_smb_port);
if(!soc)return(FALSE);
#
# Request the session
#
r = smb_session_request(soc:soc, remote:name);
if(!r) { close(soc); return(FALSE); }
#
# Negociate the protocol
#
prot = smb_neg_prot(soc:soc);
if(!prot){ close(soc); return(FALSE); }
#
# Set up our session
#
r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);
if(!r){ close(soc); return(FALSE); }
osType = "";
for (i=0; i<37; i++)
osType = osType + raw_string(ord(r[45+i]));
display(osType);
