Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2005 SecuriTeamOPENVAS:136141256231010175
HistoryNov 03, 2005 - 12:00 a.m.

Detect presence of PGPNet server and its version

2005-11-0300:00:00
Copyright (C) 2005 SecuriTeam
plugins.openvas.org
9
JSON

It is possible to detect the existing of PGPNet, by connecting to its
open UDP port (500) and sending it a session init packet, the PGPNet daemon
would respond (making it possible to know that PGPNet is installed on the
computer) with the version of the OpenPGP package it uses.

# SPDX-FileCopyrightText: 2005 SecuriTeam
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.10175");
  script_version("2023-08-01T13:29:10+0000");
  script_tag(name:"last_modification", value:"2023-08-01 13:29:10 +0000 (Tue, 01 Aug 2023)");
  script_tag(name:"creation_date", value:"2005-11-03 14:08:04 +0100 (Thu, 03 Nov 2005)");
  script_tag(name:"cvss_base", value:"0.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:N");
  script_name("Detect presence of PGPNet server and its version");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2005 SecuriTeam");
  script_family("Service detection");
  script_dependencies("global_settings.nasl");
  script_require_udp_ports(500);
  script_exclude_keys("keys/islocalhost", "keys/TARGET_IS_IPV6");

  script_tag(name:"solution", value:"Block those ports from outside communication");

  script_tag(name:"summary", value:"It is possible to detect the existing of PGPNet, by connecting to its
  open UDP port (500) and sending it a session init packet, the PGPNet daemon
  would respond (making it possible to know that PGPNet is installed on the
  computer) with the version of the OpenPGP package it uses.");

  script_tag(name:"qod_type", value:"remote_banner");
  script_tag(name:"solution_type", value:"Mitigation");

  exit(0);
}

if(TARGET_IS_IPV6())exit(0);
if(islocalhost())exit(0);

srcaddr = this_host();
dstaddr = get_host_ip();

magic_num = rand();

r1 = rand() % 255;
r2 = rand() % 255;

raw_data = raw_string(
r1,    r2,  0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x10, 0x02, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x88, 0x0D, 0x00, 0x00, 0x5C, 0x00, 0x00,
0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x50, 0x01, 0x01, 0x00,
0x02, 0x03, 0x00, 0x00, 0x24, 0x01, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x06,
0x80, 0x02, 0x00, 0x02, 0x80, 0x03, 0x00, 0x03, 0x80, 0x04, 0x00, 0x05, 0x80,
0x0B, 0x00, 0x01, 0x00, 0x0C, 0x00, 0x04, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00,
0x00, 0x24, 0x02, 0x01, 0x00, 0x00, 0x80, 0x01, 0x00, 0x05, 0x80, 0x02, 0x00,
0x01, 0x80, 0x03, 0x00, 0x03, 0x80, 0x04, 0x00, 0x02, 0x80, 0x0B, 0x00, 0x01,
0x00, 0x0C, 0x00, 0x04, 0x00, 0x01, 0x51, 0x80, 0x00, 0x00, 0x00, 0x10);
raw_data = raw_data + "OpenPGPdetect";

IPH = 20;
UDPH = 8;
PGPNET_BASE = 137;
UDP_LEN = UDPH + PGPNET_BASE;
IP_LEN = IPH + UDP_LEN;

ip = forge_ip_packet(ip_v : 4,
                                         ip_hl : 5,
                                         ip_tos : 0,
                                         ip_len : IP_LEN,
                                         ip_id : 0xABBA,
                                         ip_p : IPPROTO_UDP,
                                         ip_ttl : 255,
                                         ip_off : 0,
                                         ip_src : srcaddr,
                                         ip_dst : dstaddr);

dstport = 500;
srcport = 500;
if( ! get_udp_port_state( dstport ) ) exit(0);

udpip = forge_udp_packet(ip : ip,
                                                 uh_sport : srcport,
                                                 uh_dport : dstport,
                                                 uh_ulen : UDP_LEN, #udp = 8
                                                 data : raw_data);

filter = string("((udp and dst port ", srcport, ") or (icmp)) and src host ", dstaddr, " and dst host ", srcaddr);
result_suc = send_packet(udpip, pcap_active:TRUE, pcap_filter:filter);
if (result_suc)
{
 protocol_type = get_ip_element(ip:result_suc, element:"ip_p");
 if (protocol_type == IPPROTO_UDP)
 {
  result = get_udp_element(udp:result_suc, element:"data");
  if(strlen(result) < 88) exit(0);
  if ((result[2] == raw_string(0x00)) && (result[3] == raw_string(0x00)) &&
      (result[4] == raw_string(0x00)) && (result[5] == raw_string(0x00)) &&
          (result[6] == raw_string(0x00)) && (result[7] == raw_string(0x00)))
   {
    if (
            (result[16] == raw_string(0x01)) && (result[17] == raw_string(0x10)) &&
        (result[18] == raw_string(0x02)))
        {
             OpenPGP = "";
             for (i = 0; i < 1000; i = i + 1)
             {
              if (result[88+i] == raw_string(0x00))
          {
           i = 1000;
          }
          else
          {
           OpenPGP = OpenPGP + result[88+i];
          }
                 }
                 if (i == 1000)
                 {
                  warning_text = "PGPNet uses OpenPGP build version: ";
                  warning_text = warning_text + OpenPGP;
                  log_message(port:500, data: warning_text);
                 }
        }
   }
 }
}
JSON