Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Nessus ID : 21740 - how does it work?

from [Renaud Deraison] Network Security [Permanent Link]
Subject: Re: Nessus ID : 21740 - how does it work?
Date: Tue, 10 Apr 2007 20:06:25 -0400 


Hi Tony,

On Apr 10, 2007, at 2:02 PM, Tony wrote:

Im still fairly new to nessus, trying to learn the in's and outs. I ran across one of my scans that showed the trend OfficeScan version which I was interested in finding out how this plugin actually determined the version. The plugin ID is 21740, but im unable to see this in the plugins folder of my nessus installation. If this plugin uses some sort of registry scan (the only way I currently know how to get the version) then there is a flaw in my windows build because the default installation of nessus shouldnt be able to access my registry (at least id hope). Ive thought through a HTTP get command, but dont see any version info listed when 200OK is returned.

Anyone shed any light onto this? Ive searched all over and im unable to find anything pertaining to this. Also, where can I find this plugin? ive tried to earch all plugins for 21740 found int he file and nothing is returned.

Plugin #21740 actually "speaks" the Trend OfficeScan protocol on top of the port it's listening on (whatever it is) and gets it to tell us its version (the protocol is more complex than a simple GET request).

So have no worry, this info was not obtained thru the registry :)


                            -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Nessus ID : 21740 - how does it work?, Tony
Next by Date:  cannot open libnessus.so.2, Tim Rupp
Previous by Thread:  Nessus ID : 21740 - how does it work?, Tony
Next by Thread:  cannot open libnessus.so.2, Tim Rupp
Indexes:  [Date] [Thread] [Top] [All Lists]