Search...

Ipswitch Instant Messaging Server Detection

2007-07-25T00:00:00

ID IPSWITCH_IMSERVER_DETECT.NASL
Type nessus
Reporter This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2021-01-02T00:00:00

Description

The remote service is an Ipswitch IM Server, the server portion of Ipswitch Instant Messaging, a secure, instant messaging product targeted at businesses and running on Windows.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(25761);
  script_version("1.8");
  script_cvs_date("Date: 2019/11/22");

  script_name(english:"Ipswitch Instant Messaging Server Detection");
  script_summary(english:"Tries to log in to IMServer");

 script_set_attribute(attribute:"synopsis", value:
"An instant messaging server is listening on the remote host." );
 script_set_attribute(attribute:"description", value:
"The remote service is an Ipswitch IM Server, the server portion of
Ipswitch Instant Messaging, a secure, instant messaging product
targeted at businesses and running on Windows." );
 script_set_attribute(attribute:"see_also", value:"http://www.ipswitch.com/products/instant_messaging/index.asp" );
 script_set_attribute(attribute:"solution", value:
"Limit incoming traffic to this port if desired." );
 script_set_attribute(attribute:"risk_factor", value:"None" );
 script_set_attribute(attribute:"plugin_publication_date", value: "2007/07/25");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe",value:"cpe:/a:ipswitch:imserver");
script_set_attribute(attribute:"asset_inventory", value:"True");
script_end_attributes();


  script_category(ACT_GATHER_INFO);
  script_family(english:"Service detection");

  script_copyright(english:"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("find_service1.nasl");
  script_require_ports("Services/unknown", 5177);

  exit(0);
}


include("byte_func.inc");
include("global_settings.inc");
include("misc_func.inc");


if (thorough_tests && ! get_kb_item("global_settings/disable_service_discovery") )
{
  port = get_unknown_svc(5177);
  if (!port) exit(0);
}
else port = 5177;
if (known_service(port:port)) exit(0);
if (!get_tcp_port_state(port)) exit(0);


soc = open_sock_tcp(port);
if (!soc) exit(0);


set_byte_order(BYTE_ORDER_BIG_ENDIAN);


# Simulate a login.
req1 = mkdword(0x07) + mkdword(0x01);
req2 = raw_string(
  0x80, 0xd5, 0x20, 0x4a, 0xef, 0x0d, 0x0a, 0xc0, 
  0xd9, 0x9f, 0x1e, 0x07, 0x4e, 0x81, 0xb4, 0xcf, 
  0x87, 0xc4, 0x1a, 0x75, 0x7c, 0x94, 0x1c, 0xb8, 
  0x84, 0x3d, 0x5d, 0xb6, 0xb6, 0xa8, 0xc7, 0xb9, 
  0xdd, 0x44, 0x1d, 0xcc, 0x59, 0x25, 0x9c, 0x2e, 
  0x47, 0xf7, 0xed, 0xcd, 0x47, 0x61, 0x72, 0x45, 
  0x0c, 0xd4, 0x77, 0x01, 0x8f, 0xf9, 0x91, 0xe8, 
  0x16, 0xeb, 0x19, 0xb1, 0x35, 0x37, 0x04, 0xe1, 
  0xf5, 0xf3, 0x15, 0x89, 0xf6, 0xbb, 0x8e, 0x4f, 
  0x99, 0x5d, 0x51, 0x2c, 0x4e, 0x3a, 0x0a, 0x3f, 
  0x67, 0x8e, 0x2b, 0x10, 0x4b, 0x09, 0xf1, 0xbb, 
  0x53, 0x76, 0xdd, 0x0f, 0xf1, 0x97, 0x39, 0xc0
);
send(socket:soc, data:req1+req2);
res1 = recv(socket:soc, length:8);


# If...
if (
  # we got 8 characters and...
  strlen(res1) == 8 &&
  # the response equals our first packet
  res1 == req1
)
{
  # Receive the next packet.
  res2 = recv(socket:soc, length:128);
  subres2 = substr(res2, 0, 7);
  
  # If that looks like...
  if (
    # an unsuccessful login response or...
    subres2 == raw_string(0x88, 0x50, 0xb7, 0x26, 0xc4, 0x8f, 0x4f, 0x09) ||
    # a successful login response
    subres2 == raw_string(0xd9, 0x9f, 0x1e, 0x07, 0x4e, 0x81, 0xb4, 0xcf)
  )
  {
    # Register and report the service.
    register_service(port:port, ipproto:"tcp", proto:"ipswitch_imserver");
    security_note(port);
  }
}
close(soc);

JSON Vulners Source

Initial Source

{"id": "IPSWITCH_IMSERVER_DETECT.NASL", "bulletinFamily": "scanner", "title": "Ipswitch Instant Messaging Server Detection", "description": "The remote service is an Ipswitch IM Server, the server portion of\nIpswitch Instant Messaging, a secure, instant messaging product\ntargeted at businesses and running on Windows.", "published": "2007-07-25T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/25761", "reporter": "This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.ipswitch.com/products/instant_messaging/index.asp"], "cvelist": [], "type": "nessus", "lastseen": "2021-01-01T03:16:41", "edition": 21, "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["UNKNOWN_SERVICES.NASL"]}], "modified": "2021-01-01T03:16:41", "rev": 2}, "score": {"value": -0.4, "vector": "NONE", "modified": "2021-01-01T03:16:41", "rev": 2}, "vulnersScore": -0.4}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25761);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/22\");\n\n script_name(english:\"Ipswitch Instant Messaging Server Detection\");\n script_summary(english:\"Tries to log in to IMServer\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An instant messaging server is listening on the remote host.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The remote service is an Ipswitch IM Server, the server portion of\nIpswitch Instant Messaging, a secure, instant messaging product\ntargeted at businesses and running on Windows.\" );\n script_set_attribute(attribute:\"see_also\", value:\"http://www.ipswitch.com/products/instant_messaging/index.asp\" );\n script_set_attribute(attribute:\"solution\", value:\n\"Limit incoming traffic to this port if desired.\" );\n script_set_attribute(attribute:\"risk_factor\", value:\"None\" );\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2007/07/25\");\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_set_attribute(attribute:\"cpe\",value:\"cpe:/a:ipswitch:imserver\");\nscript_set_attribute(attribute:\"asset_inventory\", value:\"True\");\nscript_end_attributes();\n\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Service detection\");\n\n script_copyright(english:\"This script is Copyright (C) 2007-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"find_service1.nasl\");\n script_require_ports(\"Services/unknown\", 5177);\n\n exit(0);\n}\n\n\ninclude(\"byte_func.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\n\nif (thorough_tests && ! get_kb_item(\"global_settings/disable_service_discovery\") )\n{\n port = get_unknown_svc(5177);\n if (!port) exit(0);\n}\nelse port = 5177;\nif (known_service(port:port)) exit(0);\nif (!get_tcp_port_state(port)) exit(0);\n\n\nsoc = open_sock_tcp(port);\nif (!soc) exit(0);\n\n\nset_byte_order(BYTE_ORDER_BIG_ENDIAN);\n\n\n# Simulate a login.\nreq1 = mkdword(0x07) + mkdword(0x01);\nreq2 = raw_string(\n 0x80, 0xd5, 0x20, 0x4a, 0xef, 0x0d, 0x0a, 0xc0, \n 0xd9, 0x9f, 0x1e, 0x07, 0x4e, 0x81, 0xb4, 0xcf, \n 0x87, 0xc4, 0x1a, 0x75, 0x7c, 0x94, 0x1c, 0xb8, \n 0x84, 0x3d, 0x5d, 0xb6, 0xb6, 0xa8, 0xc7, 0xb9, \n 0xdd, 0x44, 0x1d, 0xcc, 0x59, 0x25, 0x9c, 0x2e, \n 0x47, 0xf7, 0xed, 0xcd, 0x47, 0x61, 0x72, 0x45, \n 0x0c, 0xd4, 0x77, 0x01, 0x8f, 0xf9, 0x91, 0xe8, \n 0x16, 0xeb, 0x19, 0xb1, 0x35, 0x37, 0x04, 0xe1, \n 0xf5, 0xf3, 0x15, 0x89, 0xf6, 0xbb, 0x8e, 0x4f, \n 0x99, 0x5d, 0x51, 0x2c, 0x4e, 0x3a, 0x0a, 0x3f, \n 0x67, 0x8e, 0x2b, 0x10, 0x4b, 0x09, 0xf1, 0xbb, \n 0x53, 0x76, 0xdd, 0x0f, 0xf1, 0x97, 0x39, 0xc0\n);\nsend(socket:soc, data:req1+req2);\nres1 = recv(socket:soc, length:8);\n\n\n# If...\nif (\n # we got 8 characters and...\n strlen(res1) == 8 &&\n # the response equals our first packet\n res1 == req1\n)\n{\n # Receive the next packet.\n res2 = recv(socket:soc, length:128);\n subres2 = substr(res2, 0, 7);\n \n # If that looks like...\n if (\n # an unsuccessful login response or...\n subres2 == raw_string(0x88, 0x50, 0xb7, 0x26, 0xc4, 0x8f, 0x4f, 0x09) ||\n # a successful login response\n subres2 == raw_string(0xd9, 0x9f, 0x1e, 0x07, 0x4e, 0x81, 0xb4, 0xcf)\n )\n {\n # Register and report the service.\n register_service(port:port, ipproto:\"tcp\", proto:\"ipswitch_imserver\");\n security_note(port);\n }\n}\nclose(soc);\n", "naslFamily": "Service detection", "pluginID": "25761", "cpe": ["cpe:/a:ipswitch:imserver"], "scheme": null}

{"nessus": [{"lastseen": "2021-01-01T06:57:47", "description": "Nessus was unable to identify a service on the remote host even though\nit returned a banner of some type.", "edition": 20, "published": "2002-11-18T00:00:00", "title": "Unknown Service Detection: Banner Retrieval", "type": "nessus", "bulletinFamily": "scanner", "cvelist": [], "modified": "2021-01-02T00:00:00", "cpe": [], "id": "UNKNOWN_SERVICES.NASL", "href": "https://www.tenable.com/plugins/nessus/11154", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(11154);\n script_version(\"1.68\");\n script_cvs_date(\"Date: 2018/07/24 17:29:25\");\n\n script_name(english:\"Unknown Service Detection: Banner Retrieval\");\n script_summary(english:\"Displays the unknown services banners.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"There is an unknown service running on the remote host.\");\n script_set_attribute(attribute:\"description\", value:\n\"Nessus was unable to identify a service on the remote host even though\nit returned a banner of some type.\");\n script_set_attribute(attribute:\"solution\", value:\"n/a\");\n script_set_attribute(attribute:\"risk_factor\", value:\"None\");\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2002/11/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_end_attributes();\n\n script_category(ACT_END);\n script_copyright(english:\"This script is Copyright (C) 2002-2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Service detection\");\n script_dependencies(\n \"apcnisd_detect.nasl\",\n \"asip-status.nasl\",\n \"auth_enabled.nasl\",\n \"aximilter_detect.nasl\",\n \"bugbear.nasl\",\n \"cacam_detect.nasl\",\n \"cifs445.nasl\",\n \"cp-firewall-auth.nasl\",\n \"dcetest.nasl\",\n \"dns_server.nasl\",\n \"dotnet_remoting_services_detect.nasl\",\n \"echo.nasl\",\n \"find_service1.nasl\",\n \"find_service2.nasl\",\n \"flexnet_publisher_detection.nbin\",\n \"hp_openview_ovalarmsrv.nasl\",\n \"hp_openview_ovtopmd.nasl\",\n \"hp_openview_ovuispmd.nasl\",\n \"hp_data_protector_installed.nasl\",\n \"ipswitch_imclient_detect.nasl\",\n \"ipswitch_imserver_detect.nasl\",\n \"landesk_remote_control_detect.nbin\",\n \"lisa_detect.nasl\",\n \"memcached_detect.nasl\",\n \"mldonkey_telnet.nasl\",\n \"mssqlserver_detect.nasl\",\n \"mysql_version.nasl\",\n \"nagios_statd_detect.nasl\",\n \"nessus_detect.nasl\",\n \"PC_anywhere_tcp.nasl\",\n \"perforce_server_detect.nasl\",\n \"postfix_policyd_detect.nbin\",\n \"qmtp_detect.nasl\",\n \"quote.nasl\",\n \"radmin_detect.nasl\",\n \"res_wm_agent_detection.nasl\",\n \"res_wm_relay_detection.nasl\",\n \"rpc_portmap.nasl\",\n \"rpcinfo.nasl\",\n \"rsh.nasl\",\n \"rtsp_detect.nasl\",\n \"sap_router_detect.nbin\",\n \"SHN_discard.nasl\",\n \"squeezecenter_cli_detect.nasl\",\n \"telnet.nasl\",\n \"tinc_vpn_detect.nbin\",\n \"veritas_agent_detect.nasl\",\n \"veritas_netbackup_detect.nasl\",\n \"veritas_netbackup_vmd_detect.nasl\",\n \"weblogic_nodemanager_detect.nasl\",\n \"X.nasl\",\n \"xmpp_server_detect.nasl\",\n \"xtel_detect.nasl\",\n \"xtelw_detect.nasl\",\n \"zebedee_detect.nasl\",\n \"zenworks_rma_detect.nasl\"\n );\n script_require_ports(\"Services/unknown\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"dump.inc\");\n\nif ( get_kb_item(\"global_settings/disable_service_discovery\") ) exit(0);\n\nport = get_unknown_svc();\nif (!port) audit(AUDIT_SVC_KNOWN);\n\nif (!get_port_state(port)) audit(AUDIT_PORT_CLOSED, port);\nif (port == 139) exit(0, \"Port 139 is ignored.\");\t# Avoid silly messages\nif (!service_is_unknown(port: port)) exit(0, \"The service listening on port \"+port+\" is already known.\");\n\na = get_unknown_banner2(port: port, dontfetch: 1);\nif (isnull(a)) exit(0, \"Did not receive a banner from the service listening on port \"+port+\".\");\nbanner = a[0]; type = a[1];\nif (isnull(banner)) exit(0, \"There is no banner from the service listening on port \"+port+\".\");\n\nh = hexdump(ddata: banner);\nif( strlen(banner) >= 3 )\n{\n # See if the service is maybe SSL-wrapped.\n test_ssl = get_preference(\"Service Detection[radio]:Test SSL based services\");\n encaps = get_port_transport(port);\n\n if (\n (strlen(test_ssl) && \"All\" >!< test_ssl) &&\n encaps == ENCAPS_IP &&\n (\n # nb: TLSv1 alert of some type.\n stridx(banner, '\\x15\\x03\\x01\\x00\\x02') == 0 ||\n # nb: TLSv1 handshake.\n stridx(banner, '\\x16\\x03\\x01') == 0 ||\n # nb: SSLv3 alert of some type.\n stridx(banner, '\\x15\\x03\\x00\\x00\\x02') == 0 ||\n # nb: SSLv3 handshake.\n stridx(banner, '\\x16\\x03\\x00') == 0 ||\n # nb: SSLv2 alert of some type.\n stridx(banner, '\\x80\\x03\\x00\\x00\\x01') == 0\n )\n )\n {\n info = '\\n' + \"The service on this port appears to be encrypted with SSL. If you\" +\n '\\n' + \"would like Nessus to try harder to detect it, change the 'Test SSL\" +\n '\\n' + \"based services' preference to 'All' and re-run the scan.\" +\n '\\n';\n }\n else\n {\n h = str_replace(find:'\\n', replace:'\\n ', string:h);\n info = '\\n' + 'If you know what this service is and think the banner could be used to' +\n '\\n' + 'identify it, please send a description of the service along with the' +\n '\\n' + 'following output to svc-signatures@nessus.org :' +\n '\\n' +\n '\\n' + ' Port : ' + port +\n '\\n' + ' Type : ' + type +\n '\\n' + ' Banner : ' +\n '\\n' + h +\n '\\n';\n }\n\n # only one process should be detected per port, but just to be on the safe side\n # this will do a get_kb_list() to ensure the plugin won't fork\n exes = get_kb_list('Host/Listeners/tcp/' + port); # Linux / AIX\n if (isnull(exes))\n exes = get_kb_list('Host/Windows/ListenProcess/tcp/' + port); # Windows\n\n if (!isnull(exes))\n {\n info +=\n '\\nNessus detected the following process listening on this port :\\n\\n' +\n join(make_list(exes), sep:'\\n') +\n '\\n';\n }\n\n security_note(port:port, extra:info);\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}