Use the
NASL interpreter,
nasl
, to run and test NASL scripts via the command
line. Invoke it with the -v
flag to see what
version is installed on your system:
[notroot]$ nasl -v
nasl 2.0.10
Copyright (C) 1999 - 2003 Renaud Deraison <deraison@cvs.nessus.org>
Copyright (C) 2002 - 2003 Michel Arboi <arboi@noos.fr>
See the license for details
A vanilla Nessus installation comes packaged with NASL scripts that
act as
plug-ins for the
Nessus scanner. The Nessus server executes these scripts to test for
vulnerabilities, and you can find the scripts in the
/usr/local/lib/ness/plugins/ directory. You can
execute these scripts directly by invoking them with
nasl
. For example, the
finger.nasl
script checks to see if
fingerd
is enabled on a remote host. Finger is a
service that listens on port 79 by default, and you can use it to
query information about
users. To run this script
against a host with the IP address of 192.168.1.1 using the NASL
interpreter, execute the following:
[notroot]$ nasl -t 192.168.1.1 finger.nasl
** WARNING : packet forgery will not work
** as NASL is not running as root
The 'finger' service provides useful information to attackers, since it allows
them to gain usernames, check if a machine is being used, and so on...
Here is the output we obtained for 'root' :
Login: root Name: System Administrator
Directory: /var/root Shell: /bin/sh
On since Wed 5 May 08:51 (CDT) on ttyp2 from 127.0.0.1:0.0
No Mail.
No Plan.
Solution : comment out the 'finger' line in /etc/inetd.conf
Risk factor : Low
[6533] plug_set_key:send(0)['1 finger/active=1;
'](0 out of 19): Socket operation on non-socket
The preceding output is from the finger.nasl
script, which was able to use the finger
server
running on host 192.168.1.1 to find out information about the
root
user.
Get Network Security Tools now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.