Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Windows Local Group Names

from [John Scherff] Network Security [Permanent Link]
Subject: Windows Local Group Names
Date: Tue, 8 May 2007 08:28:44 -0700 
I'm writing a plugin to verify compliance with company standards
regarding local users and groups (renaming admin, decoy accounts, group
memberships, disabled accounts, etc.)  I had no problem getting NASL to
do what I wanted, with ONE exception:
 
I need to be able to use the local host SID and local group RIDs to
retrieve the actual NAMEs of local groups.
 
I can establish a session to the $IPC share, I can get the local group
RIDs using NetUserGetLocalGroups(), I can an LSA handle with
LsaOpenPolicy(), I can get the hex sid of the host from another plugin,
and I can convert the hex sid to a raw sid with hex2raw2().  
 
I know I need to massage the sid a little more and pass it to
LsaLookupSid(), and I know I need to convert its return value with
parse_lsalookupsid().  I've seen it done a couple ways in other plugins.
 
But I can't seem to make it work.
 
I'm not that smart on how local objects are represented internally in
Windows ...  one problem may be that I'm trying to retrieve the local
GROUP name from the RID in exactly the same way I'd retrieve the local
USER name using the RID.  Is that a bad premise?
 
John Scherff
24 Hour Fitness

_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Windows Local Group Names, John Scherff <=
Previous by Date:  Nessus :: Port scanners - tcp connect() & SYN scan MISSING, Asterisks *
Next by Date:  RE: RUN-ONCE PLUGINS?, John Scherff
Previous by Thread:  Nessus :: Port scanners - tcp connect() & SYN scan MISSING, Asterisks *
Next by Thread:  Not able to scan with Nessus-3.1.3, Varun Chandramohan
Indexes:  [Date] [Thread] [Top] [All Lists]