1.4. The NASL InterpreterUse the NASL interpreter, nasl, to run and test NASL scripts via the command line. Invoke it with the -v flag to see what version is installed on your system: [notroot]$ nasl -v nasl 2.0.10 Copyright (C) 1999 - 2003 Renaud Deraison <deraison@cvs.nessus.org> Copyright (C) 2002 - 2003 Michel Arboi <arboi@noos.fr> See the license for details A vanilla Nessus installation comes packaged with NASL scripts that act as plug-ins for the Nessus scanner. The Nessus server executes these scripts to test for vulnerabilities, and you can find the scripts in the /usr/local/lib/ness/plugins/ directory. You can execute these scripts directly by invoking them with nasl. For example, the finger.nasl script checks to see if fingerd is enabled on a remote host. Finger is a service that listens on port 79 by default, and you can use it to query information about users. To run this script against a host with the IP address of 192.168.1.1 using the NASL interpreter, execute the following: [notroot]$ nasl -t 192.168.1.1 finger.nasl ** WARNING : packet forgery will not work ** as NASL is not running as root The 'finger' service provides useful information to attackers, since it allows them to gain usernames, check if a machine is being used, and so on... Here is the output we obtained for 'root' : Login: root Name: System Administrator Directory: /var/root Shell: /bin/sh On since Wed 5 May 08:51 (CDT) on ttyp2 from 127.0.0.1:0.0 No Mail. No Plan. Solution : comment out the 'finger' line in /etc/inetd.conf Risk factor : Low [6533] plug_set_key:send(0)['1 finger/active=1; '](0 out of 19): Socket operation on non-socket The preceding output is from the finger.nasl script, which was able to use the finger server running on host 192.168.1.1 to find out information about the root user. |