PREFERENCES messages / ntp 1.2

Stuart Kendrick skendric at fhcrc.org
Tue Jan 4 15:58:30 EST 2005 

hi folks,

i'm wanting to understand what nessusd wants to see when it receives 
PREFERENCES messages via NTP.


i'm building my own client, in Perl (on top of Net::Nessus::ScanLite), and 
i've run into a glitch when sending PREFERENCES messages.

in general, i send PREFERENCES messages which look like this:

CLIENT port_range <|> 1-1024
CLIENT ssl_version <|> none
[...]
CLIENT Login configurations[entry]:SMB account <|> snoopy
CLIENT Login configurations[password]:SMB password <|> secret


but i've found that with *plugin* preferences, the message needs to 
look like this:

CLIENT Login configurations[entry]:SMB account : <|> snoopy
CLIENT Login configurations[password]:SMB password : <|> secret

notice the " : " in front of the "<|>"


if i skip the " : " part, then nessusd silently ignores the PREFERENCE.

[i fiddled with ntp_11.c, adding logging statements inside
ntp_11_read_prefs, and verified that the arg_set_value calls succeeded 
... but evidently, that isn't good enough]

[...]
      if ( value[0] != '\0' )value[strlen(value)-1]='\0';

      if( old != NULL )
      {
       if( strcmp(old, value) != 0 )
        {
         efree(&old);
         v = estrdup(value);
         rv = arg_set_value(preferences, pref, strlen(v), v);
        old = arg_get_value(preferences,pref);
        syslog(LOG_INFO,"read_prefs (set): rv = %d. set %s to %s",rv,pref,v);
        }
      }
      else
      {
       v = estrdup(value);
       arg_add_value(preferences, pref, ARG_STRING, strlen(v), v);
        old = arg_get_value(preferences,pref);
        syslog(LOG_INFO,"read_prefs (add): set %s to %s",pref,v);
      }
    }


using the 'Communications Protocol Tracer' window in NessusWX [wow, this
tool sure beats crawling through Ethereal traces!] i can see that NessusWX
sets plugin preferences as i describe above ... i.e. with the " : " in the
text.

[...]
CLIENT Services[file]:SSL certificate : <|> 
CLIENT Services[file]:SSL private key : <|> 
[...]

but ... not always ... i notice, for instance, that sometimes NessusWX
skips the " : " ... here's an example:

[...]
CLIENT Brute force login (Hydra)[file]:Logins file : <|> 
CLIENT Brute force login (Hydra)[file]:Passwords file : <|> 
CLIENT Brute force login (Hydra)[checkbox]:Brute force telnet <|> no
CLIENT Brute force login (Hydra)[checkbox]:Brute force FTP <|> no
[...]

notice how the two 'Brute force' lines do *not* display the " : " pattern.



so here's my question:  what's the rule around when to send " : " and when
not to?

i've poked through ../nessus-core/doc/ntp ... but i don't see this " : " 
business described there.

--sk

stuart kendrick
fhcrc

More information about the Nessus mailing list