Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Xexcg50 plugin 11889

from [George A. Theall] Network Security [Permanent Link]
Subject: Re: Xexcg50 plugin 11889
Date: Mon, 22 May 2006 13:42:36 -0400 
On Mon, May 22, 2006 at 10:03:55AM -0700, Larry Petty Jr. wrote:


Retina finds the Xexcg50 vulnerability on a host I'm working on but Nessus
does not. Below is the results from testing the NASL manually.  The Nessus
plugin contains the string "^354 Send Binary Data".  The actual grab is
"354 Send Binary Data".  The "carrot" is the difference.  


Actually, the Nessus plugin contains "^354 Send binary" (note the
difference in case). Since it's in an egrep(), this is actually a
regular express, and "^" anchors it to the start of the line.


Is this a fat
finger in the Nessus plugin?  I need to find out what tool is correct...
Retina or Nessus. Thanks.


Would you edit the plugin (exchange_xexch50_overflow.nasl) and add the
following line:

  debug = 1;

after the one that reads "greeting = smtp_recv_banner(socket:soc);"? Run
the plugin from a commandline (eg, "nasl -t target
exchange_xexch50_overflow.nasl") and check the output.

There are two issues that might be occuring:

1) the plugin does a (case-insensitive) check for "microsoft" in the
banner, which might be affected if there's a proxy between your nessusd
host and the target. [I'm not clear where you ran your test from.]

2) The plugin uses a "EHLO" rather than "HELO" and makes sure "XEXCH50"
is reported as a supported command.


George
-- 
theall@tenablesecurity.com
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Xexcg50 plugin 11889, Larry Petty Jr.
Next by Date:  RE: Nessus 3.0.3 / 2.2.8 released ; NessusClient 1.0.0.RC5 available, Cintron, Jose J.
Previous by Thread:  Xexcg50 plugin 11889, Larry Petty Jr.
Next by Thread:  Re: Xexcg50 plugin 11889, Larry Petty Jr.
Indexes:  [Date] [Thread] [Top] [All Lists]