Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Plugin 13855 - installed hotfixes

from [Andrew Court] Network Security [Permanent Link]
Subject: RE: Plugin 13855 - installed hotfixes
Date: Wed, 31 Oct 2007 10:48:31 -0000 
Hi John, Thanks for our help. I really appreciate it. Ill test it today
and let you know how it goes.
 
Thanks again,

Andrew Court 

IT Security Specialist | BT Retail - Ireland |
E:Andrew.Court@bt.com |Mobile: +353 86 1720 692 | Fax: +353 1 432 5899|
www.btireland.com 

        -----Original Message-----
        From: John Scherff [mailto:jscherff@gmail.com] 
        Sent: 27 October 2007 07:09
        To: Andrew Court
        Cc: nessus@list.nessus.org
        Subject: RE: Plugin 13855 - installed hotfixes
        
        
        Andrew,
         
        Not sure if you received this earlier.  I sent it to you and to
the list this morning from my work account ( jscherff@24hourfit.com
<mailto:jscherff@24hourfit.com> ), but it never showed up on the list so
we might be having SMTP issues.  Anyway, here it is from my personal
email account, just in case. 
         
        John
         
        * * * * * * 
         
        Andrew,
         
        Nessus will tell you if you're missing any hotfixes.
         
        However, if you really need the list, try the below script... I
tested it on a couple hosts and it seems to work. Name it
smb_hotfixes_list.nasl or something, pick a different plugin ID if you
wish (I can never remember which range I'm supposed to use), place it in
the /opt/nessus/lib/nessus/plugins directory, run
/opt/nessus/sbin/nessusd -t, restart nessusd (just to be sure), and then
run a scan.  FYI, I put the results in a hash first (rather than
concatenating directly to the report string) to remove duplicates and
sort the output. 
         
        If you want these in MSYY-NNN format, you'll have to write an
include file that does the mapping for you... probably an exercise in
futility. 
         
        Cheers,
         
        John Scherff
        24 Hour Fitness
        Sr. IT Security Engineer
         
         
        

        # ==========================================================
        # Author: John Scherff, 24 Hour Fitness, 25 October 2007
        # ========================================================== 
         
        desc["english"] = "
        Synopsis :
         
        Installed Windows Hotfixes
         
        Description :
         
        The Windows hotfixes listed below are installed on this
computer.
         
        Risk factor :
         
        None";
         
        if( description ) {
         
          script_id( 66001 );
          script_version( "$Revision: 1.60 $" );
          script_description( english: desc["english"] );
          script_category( ACT_GATHER_INFO ); 
         
          name["english"] = "Installed Windows Hotfix List";
          script_name( english: name["english"] );
         
          summary["english"] = "Lists Windows hotfixes that have been
installed on the computer.";
          script_summary( english: summary["english"] ); 
         
          copyright["english"] = "This Script is Copyright (C) 2007 John
Scherff / 24 Hour Fitness";
          script_copyright( english: copyright["english"] ); 
         
          family["english"] = "Windows";
          script_family( english: family["english"] );
         
          script_dependencies( "smb_hotfixes.nasl" );
          script_require_keys( "SMB/Registry/Enumerated" );
         
          exit( 0 );
        }
         
        smbEnumerationStatus = get_kb_item( "SMB/Registry/Enumerated" );
        if( smbEnumerationStatus != TRUE ) exit( 0 );
         
        hotfixHash = make_array();
        hotfixList = '';
         
        kbPrefixAry = make_list(
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/*",
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows
NT/CurrentVersion/HotFix/*", 
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Fpc/Hotfixes/*",
          "SMB/Registry/HKLM/SOFTWARE/Microsoft/Updates/Windows Media
Player/*"
        );
         
        foreach kbPrefix ( kbPrefixAry ) {
          kbHash = get_kb_list( kbPrefix );
          foreach kbKey ( keys( kbHash ) ) {
            if( kbHash[kbKey] == TRUE ) {
              match = eregmatch( 
                pattern: '/(KB[0-9]{6}[A-Z0-9_]{0,6})',
                string: kbKey,
                icase: TRUE
              );
              if( match ) hotfixHash[match[1]] = 1;
            }
          }
        }
         
        foreach hotfixKey ( sort( keys( hotfixHash ) ) ) {
          hotfixList += ' - ' + hotfixKey + '\n';
        }
         
        if( hotfixList) {
          report = string( desc["english"], '\n\nPlugin Output :\n\n' +
hotfixList + '\n' );
          security_note( port: 0, data: report ); 
        }
         
         
         

________________________________

        From: nessus-bounces@list.nessus.org
[mailto:nessus-bounces@list.nessus.org] On Behalf Of Andrew Court
        Sent: Thursday, October 25, 2007 12:10 PM
        To: nessus@list.nessus.org
        Subject: Plugin 13855 - installed hotfixes
        
         

        Hi, 

        This is probably pretty basic, but, here goes. Plugin 13855
enumerates the list of installed hotfixes on a windows box. It stores
the information in the KB to prevent extended use of the remote
registry. However I want that list of installed hotfixes. How do I
include it in the nsr/nbe report that nessus outputs. I know I can use
get_kb_item in a nasl script to get information from the kb but I am not
sure how to tell it which info to get. I want the list of installed
patches for a patch audit, so if anyone has any custom scripts they have
used for patch audits, I would be very much obliged if they sent them to
me. 

        Kind Regards, 

        Andrew Court 

        IT Security Specialist | BT Retail - Ireland |
        E: Andrew.Court@bt.com <mailto:Andrew.Court@bt.com>  |Mobile:
+353 86 1720 692 | Fax: +353 1 432 5899| www.btireland.com
<file://www.btireland.com/>  



_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Nessus Client 3.0.0 build 2G161_Q, jfvanmeter
Next by Date:  RE: Knoppix, Andrew Court
Previous by Thread:  RE: Plugin 13855 - installed hotfixes, John Scherff
Next by Thread:  Re: Plugin 13855 - installed hotfixes, Pavithra H
Indexes:  [Date] [Thread] [Top] [All Lists]