home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / bargainbuddy_detection.nasl < prev    next >
Text File  |  2005-01-14  |  6KB  |  167 lines
  1. #
  2. # Copyright (C) 2004 Tenable Network Security 
  3. #
  4. #
  5.  
  6. if(description)
  7. {
  8.  script_id(12010);
  9.  
  10.  script_version("$Revision: 1.4 $");
  11.  
  12.  name["english"] = "BARGAINBUDDY detection";
  13.  
  14.  script_name(english:name["english"]);
  15.  
  16.  desc["english"] = "
  17. The remote host is using the BARGAINBUDDY program.  
  18. You should ensure that:
  19. - the user intended to install BARGAINBUDDY (it is sometimes silently installed)
  20. - the use of BARGAINBUDDY matches your corporate mandates and security policies.
  21.  
  22. To remove this sort of software, you may wish to check out ad-aware or spybot. 
  23.  
  24. See also : http://pestpatrol.com/PestInfo/b/bargainbuddy.asp 
  25.  
  26.  
  27. Solution : Uninstall this software
  28. Risk factor : High";
  29.  
  30.  
  31.  
  32.  script_description(english:desc["english"]);
  33.  
  34.  summary["english"] = "BARGAINBUDDY detection";
  35.  
  36.  script_summary(english:summary["english"]);
  37.  
  38.  script_category(ACT_GATHER_INFO);
  39.  
  40.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  41.  family["english"] = "Windows";
  42.  script_family(english:family["english"]);
  43.  
  44.  script_dependencies("netbios_name_get.nasl",
  45.               "smb_login.nasl","smb_registry_full_access.nasl");
  46.  script_require_keys("SMB/registry_full_access");
  47.  
  48.  script_require_ports(139, 445);
  49.  exit(0);
  50. }
  51.  
  52.  
  53. # start the script
  54. if ( ! get_kb_item("SMB/registry_full_access") ) exit(0);
  55.  
  56. path[0] = "software\bargains";
  57. path[1] = "software\classes\apuc.urlcatcher";
  58. path[2] = "software\classes\apuc.urlcatcher.1";
  59. path[3] = "software\classes\apuc.urlcatcher\clsid";
  60. path[4] = "software\classes\bho.clsurlsearch";
  61. path[5] = "software\classes\clsid\{000004cc-e4ff-4f2c-bc30-dbef0b983bc9}";
  62. path[6] = "software\classes\clsid\{00000ef1-34e3-4633-87c6-1aa7a44296da}";
  63. path[7] = "software\classes\clsid\{014da6c1-189f-421a-88cd-07cfe51cff10}";
  64. path[8] = "software\classes\clsid\{014da6c2-189f-421a-88cd-07cfe51cff10}";
  65. path[9] = "software\classes\clsid\{014da6c3-189f-421a-88cd-07cfe51cff10}";
  66. path[10] = "software\classes\clsid\{014da6c5-189f-421a-88cd-07cfe51cff10}";
  67. path[11] = "software\classes\clsid\{014da6c7-189f-421a-88cd-07cfe51cff10}";
  68. path[12] = "software\classes\clsid\{014da6cb-189f-421a-88cd-07cfe51cff10}";
  69. path[13] = "software\classes\clsid\{018b7ec3-eeca-11d3-8e71-0000e82c6c0d}";
  70. path[14] = "software\classes\clsid\{136a9d1d-1f4b-43d4-8359-6f2382449255}";
  71. path[15] = "software\classes\clsid\{49c3014f-03ed-4634-9fb2-2881f2c7a057}";
  72. path[16] = "software\classes\clsid\{4f9d4163-23f0-42e1-afda-4c1a6f8607e7}";
  73. path[17] = "software\classes\clsid\{6e1c7285-263b-431d-8b83-c3cbce301704}";
  74. path[18] = "software\classes\clsid\{730f2451-a3fe-4a72-938c-fc8a74f15978}";
  75. path[19] = "software\classes\clsid\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}";
  76. path[20] = "software\classes\clsid\{cf1e49b3-24a6-4b17-94be-c25102e3bf04}";
  77. path[21] = "software\classes\clsid\{d7f2fd62-6c1b-4b52-85b1-f65a414bf050}";
  78. path[22] = "software\classes\clsid\{e5dfb380-3988-4c07-8afb-8a47769d9db5}";
  79. path[23] = "software\classes\f1.organizer";
  80. path[24] = "software\classes\f1.organizer.1";
  81. path[25] = "software\classes\f1.organizer\clsid";
  82. path[26] = "software\classes\f1.organizer\curver";
  83. path[27] = "software\classes\interface\{297afc77-2039-4d3c-bef9-598819eb2c8a}";
  84. path[28] = "software\classes\interface\{676058e3-89bd-11d6-8a8c-0050ba8452c0}";
  85. path[29] = "software\classes\interface\{9388907f-82f5-434d-a941-bb802c6dd7c1}";
  86. path[30] = "software\classes\interface\{9d1b86c7-1b93-4586-9009-ea3bd0ad63a5}";
  87. path[31] = "software\classes\interface\{b8afa251-4efb-4703-87d4-da7d2435ba5e}";
  88. path[32] = "software\classes\interface\{c6906a23-4717-4e1f-b6fd-f06ebed14177}";
  89. path[33] = "software\classes\interface\{df7d760c-b7e2-4735-bb77-f5a1a9745e16}";
  90. path[34] = "software\classes\interface\{f94c0089-9394-4e44-b4ea-58dba1f7b84e}";
  91. path[35] = "software\classes\ipinsigt.ipinsigtobj.1";
  92. path[36] = "software\classes\typelib\{014da6c0-189f-421a-88cd-07cfe51cff10}";
  93. path[37] = "software\classes\typelib\{4eb7bbe8-2e15-424b-9ddb-2cdb9516a2a3}";
  94. path[38] = "software\classes\typelib\{60f8fb2a-9915-4202-967d-1fa694a8bcf5}";
  95. path[39] = "software\classes\typelib\{676058db-89bd-11d6-8a8c-0050ba8452c0}";
  96. path[40] = "software\classes\typelib\{8c752c5e-3c10-4076-af0a-ffc69fa20d1b}";
  97. path[41] = "software\classes\typelib\{974cc25e-d62c-4278-84e6-a806726e37bc}";
  98. path[42] = "software\classes\typelib\{be35582c-9796-4cf1-aed9-556ada120b38}";
  99. path[43] = "software\classes\typelib\{ef100607-f409-426a-9e7c-cb211f2a9030}";
  100. path[44] = "software\microsoft\internet explorer\toolbar\{6e1c7285-263b-431d-8b83-c3cbce301704}";
  101. path[45] = "software\microsoft\windows\currentversion\app management\arpcache\bargain buddy";
  102. path[46] = "software\microsoft\windows\currentversion\explorer\browser helper objects\{ce31a1f7-3d90-4874-8fbe-a5d97f8bc8f1}";
  103. path[47] = "software\microsoft\windows\currentversion\run\bargains";
  104. path[48] = "software\microsoft\windows\currentversion\uninstall\bargain buddy";
  105.  
  106.  
  107.  
  108. global_var handle;
  109.  
  110. include("smb_nt.inc");
  111. x_name = kb_smb_name();
  112. if(!x_name)exit(0);
  113.  
  114. _smb_port = kb_smb_transport();
  115. if(!_smb_port)exit(0);
  116.  
  117. if(!get_port_state(_smb_port)) exit(0);
  118. login = kb_smb_login();
  119. pass  = kb_smb_password();
  120. domain = kb_smb_domain();
  121.  
  122. if(!login)login = "";
  123. if(!pass) pass = "";
  124.  
  125.           
  126. soc = open_sock_tcp(_smb_port);
  127. if(!soc) exit(0);
  128.  
  129. #
  130. # Request the session
  132. r = smb_session_request(soc:soc,  remote:x_name);
  133. if(!r) { close(soc); exit(0); }
  134.  
  135. #
  136. # Negociate the protocol
  137. #
  138. prot = smb_neg_prot(soc:soc);
  139. if(!prot){ close(soc); exit(0); }
  140.  
  141.  
  142. r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot);
  143. if(!r){ close(soc); exit(0); }
  144. uid = session_extract_uid(reply:r);
  145.  
  146. r = smb_tconx(soc:soc, name:x_name, uid:uid, share:"IPC$");
  147. tid = tconx_extract_tid(reply:r);
  148. if(!tid){ close(soc); exit(0); }
  149.  
  150.  
  151. r = smbntcreatex(soc:soc, uid:uid, tid:tid, name:"\winreg");
  152. if(!r){ close(soc); exit(0);}
  153. pipe = smbntcreatex_extract_pipe(reply:r);
  154.  
  155. r = pipe_accessible_registry(soc:soc, uid:uid, tid:tid, pipe:pipe);
  156. if(!r){ close(soc); exit(0); }
  157. handle = registry_open_hklm(soc:soc, uid:uid, tid:tid, pipe:pipe);
  158. if ( ! handle ) exit(0);
  159.  
  160.  
  161. for (i=0; path[i]; i++) {
  162.        key_h = registry_get_key(soc:soc, uid:uid, tid:tid, pipe:pipe, key:path[i], reply:handle);
  163.        if(key_h != NULL) {security_hole(kb_smb_transport()); exit(0); }
  164. }
  165.  
  166. close(soc);
  167.