[prev in list] [next in list] [prev in thread] [next in thread]
List: nessus-plugins-writers
Subject: uddi stuff
From: "j_lampe" <j_lampe () bellsouth ! net>
Date: 2002-08-31 21:34:20
Message-ID: Pine.LNX.4.21.0208311732450.4626-300000 () f00dikator ! hn ! org
[Download RAW message or body]
This is a multi-part message in MIME format.
--_----------=_1088641837461199
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
The attached script (uddi.nasl) finds UDDI-friendly servers (tested on
.NET). The uddi.inc file has the function which creates the XML envelope,
body, and message...
--
John W. Lampe
https://f00dikator.hn.org
--_----------=_1088641837461199
Content-Disposition: inline; filename="uddi.nasl"
Content-Length: 2690
Content-Transfer-Encoding: binary
Content-Type: text/plain; name="uddi.nasl"
#
# Copyright 2002 by John Lampe...j_lampe@bellsouth.net
#
# See the Nessus Scripts License for details
#
#
if(description)
{
script_id();
script_version ("$Revision: 0.1 $");
name["english"] = "UDDI detection";
script_name(english:name["english"]);
desc["english"] = "
The tested Web server seems to be friendly to UDDI requests. The server could be \
potentially offering web services under some other directory (we only tested the web \
root directory)
Risk factor : Medium/Low";
script_description(english:desc["english"]);
summary["english"] = "Find UDDI";
script_summary(english:summary["english"]);
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2002 John \
Lampe...j_lampe@bellsouth.net"); family["english"] = "General";
script_family(english:family["english"]);
exit(0);
}
#
# The script code starts here
#
include("uddi.inc");
port = 80;
mypath = "/";
mymessage = create_uddi_xml(ktype:"UDDI_QUERY_FBUSINESS", path:mypath, key:"", \
name:"e"); #loop through ETAOIN? soc = open_sock_tcp(port);
if(soc) {
send(socket:soc, data:mymessage);
getreply = recv(socket:soc, length:1024);
}
close(soc);
mystr = strstr(getreply, "serviceKey");
if (!mystr) {
if (egrep(pattern: ".*200 OK.*", string:getreply)) {
mywarning = string("The server seems to accept UDDI queries. This could \
indicate"); mywarning = string(mywarning, " that the server is offering web \
services"); security_warning(port:port, data:mywarning);
}
exit(0);
}
flag = 0;
mykey = "";
for (i=12; flag < 1 ; i = i + 1) { #jump over servicekey="
if ( (mystr[i] < "#") && (mystr[i] > "!") ) { # BLECH!
flag = flag + 1;
} else {
mykey = string(mykey, mystr[i]);
}
}
mymessage = create_uddi_xml(ktype:"UDDI_QUERY_GSERVICE_DETAIL", path:mypath, \
key:mykey);
soc = open_sock_tcp(port);
if (soc) {
send(socket:soc, data:mymessage);
getreply = recv(socket:soc, length:1024);
}
if (egrep(pattern:mykey, string:getreply)) {
mywarning = string("The server is accepting UDDI queries. This indicates");
mywarning = string(mywarning, " that the server is offering web services");
security_warning(port:port, data:mywarning);
exit(0);
}
if (egrep(pattern: ".*200 OK.*", string:getreply)) {
mywarning = string("The server seems to accept UDDI queries. This could \
indicate"); mywarning = string(mywarning, " that the server is offering web \
services"); security_warning(port:port, data:mywarning);
exit(0);`
}
--_----------=_1088641837461199
Content-Disposition: inline; filename="uddi.inc"
Content-Length: 1884
Content-Transfer-Encoding: binary
Content-Type: text/plain; name="uddi.inc"
function create_uddi_xml (ktype,path,key,name) {
envelope_header = string("<?xml version='1.0' encoding='UTF-8'?> <s:Envelope");
envelope_header = string(envelope_header, " \
xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body>");
get_servicedetail = string("<get_serviceDetail generic='1.0' \
xmlns='urn:uddi-org:api'>"); get_servicedetail = string(get_servicedetail, \
"<serviceKey>", key, "</serviceKey></get_serviceDetail>");
find_business = string("<find_business generic='1.0' xmlns='urn:uddi-org:api'>");
find_business = string(find_business, "<name>",name,"</name></find_business>");
find_service = string("<find_service generic='1.0' xmlns='urn:uddi-org:api' \
businessKey='",key, "'>"); find_service = string(find_service, "<name>", name, \
"</name></find_service>");
close_envelope = string("</s:Body></s:Envelope>");
if (ktype == "UDDI_QUERY_FBUSINESS") {method = find_business;}
if (ktype == "UDDI_QUERY_FSERVICE") {method = find_service;}
if (ktype == "UDDI_QUERY_GSERVICE_DETAIL") {method = get_servicedetail;}
xml = string(envelope_header, method, close_envelope);
len = strlen(xml);
finished_message = string("POST ", path, " HTTP/1.0\r\n");
finished_message = string(finished_message, "Accept: text/xml\r\n");
finished_message = string(finished_message, "Accept: multipart/*\r\n");
finished_message = string(finished_message, "Host: ", get_host_ip(), "\r\n");
finished_message = string(finished_message, "User-Agent: NESSUS::SOAP\r\n");
finished_message = string(finished_message, "Content-Length: ", len, "\r\n");
finished_message = string(finished_message, "Content-Type: text/xml; \
charset=utf-8\r\n"); finished_message = string(finished_message, "SOAPAction: \
''\r\n\r\n", xml); return(finished_message);
}
--_----------=_1088641837461199--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic