'uddi stuff'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus-plugins-writers
Subject:    uddi stuff
From:       "j_lampe" <j_lampe () bellsouth ! net>
Date:       2002-08-31 21:34:20
Message-ID: Pine.LNX.4.21.0208311732450.4626-300000 () f00dikator ! hn ! org
[Download RAW message or body]

This is a multi-part message in MIME format.

--_----------=_1088641837461199
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain

The attached script (uddi.nasl) finds UDDI-friendly servers (tested on
.NET).  The uddi.inc file has the function which creates the XML envelope,
body, and message...

--
John W. Lampe
https://f00dikator.hn.org



--_----------=_1088641837461199
Content-Disposition: inline; filename="uddi.nasl"
Content-Length: 2690
Content-Transfer-Encoding: binary
Content-Type: text/plain; name="uddi.nasl"

#
# Copyright 2002 by John Lampe...j_lampe@bellsouth.net
#
# See the Nessus Scripts License for details
#
#

if(description)
{
    script_id();
    script_version ("$Revision: 0.1 $");
    name["english"] = "UDDI detection";
    script_name(english:name["english"]);
    desc["english"] = "
    The tested Web server seems to be friendly to UDDI requests.  The server could be \
potentially offering web services  under some other directory (we only tested the web \
root directory)

    Risk factor : Medium/Low";

    script_description(english:desc["english"]);
    summary["english"] = "Find UDDI";
    script_summary(english:summary["english"]);
    script_category(ACT_GATHER_INFO);
    script_copyright(english:"This script is Copyright (C) 2002 John \
Lampe...j_lampe@bellsouth.net");  family["english"] = "General";
    script_family(english:family["english"]);
    exit(0);
}

#
# The script code starts here
#




include("uddi.inc");

port = 80;
mypath = "/";

mymessage = create_uddi_xml(ktype:"UDDI_QUERY_FBUSINESS", path:mypath, key:"", \
name:"e");  #loop through ETAOIN? soc = open_sock_tcp(port);

if(soc) {
  send(socket:soc, data:mymessage);
  getreply = recv(socket:soc, length:1024);
}
close(soc);

mystr = strstr(getreply, "serviceKey");
if (!mystr) {
    if (egrep(pattern: ".*200 OK.*", string:getreply)) {
        mywarning = string("The server seems to accept UDDI queries.  This could \
indicate");  mywarning = string(mywarning, " that the server is offering web \
services");  security_warning(port:port, data:mywarning);
    }
    exit(0);
}

flag = 0;
mykey = "";
for (i=12; flag < 1 ; i = i + 1) {                        #jump over servicekey="
    if ( (mystr[i] < "#") && (mystr[i] > "!") ) {         # BLECH!  
        flag = flag + 1;
    } else {
        mykey = string(mykey, mystr[i]);
    }
}

mymessage = create_uddi_xml(ktype:"UDDI_QUERY_GSERVICE_DETAIL", path:mypath, \
key:mykey);

soc = open_sock_tcp(port);
if (soc) {
   send(socket:soc, data:mymessage);
   getreply = recv(socket:soc, length:1024);
}

if (egrep(pattern:mykey, string:getreply)) {
        mywarning = string("The server is accepting UDDI queries.  This indicates");
	mywarning = string(mywarning, " that the server is offering web services");
	security_warning(port:port, data:mywarning);
        exit(0);
}

if (egrep(pattern: ".*200 OK.*", string:getreply)) {
        mywarning = string("The server seems to accept UDDI queries.  This could \
indicate");  mywarning = string(mywarning, " that the server is offering web \
services");  security_warning(port:port, data:mywarning);
	exit(0);`
}


--_----------=_1088641837461199
Content-Disposition: inline; filename="uddi.inc"
Content-Length: 1884
Content-Transfer-Encoding: binary
Content-Type: text/plain; name="uddi.inc"

function create_uddi_xml (ktype,path,key,name) {
    envelope_header = string("<?xml version='1.0' encoding='UTF-8'?> <s:Envelope");
    envelope_header = string(envelope_header, " \
xmlns:s='http://schemas.xmlsoap.org/soap/envelope/'><s:Body>");

    get_servicedetail = string("<get_serviceDetail generic='1.0' \
xmlns='urn:uddi-org:api'>");   get_servicedetail = string(get_servicedetail, \
"<serviceKey>", key, "</serviceKey></get_serviceDetail>");

    find_business = string("<find_business generic='1.0' xmlns='urn:uddi-org:api'>");
    find_business = string(find_business, "<name>",name,"</name></find_business>");

    find_service = string("<find_service generic='1.0' xmlns='urn:uddi-org:api' \
businessKey='",key, "'>");  find_service = string(find_service, "<name>", name, \
"</name></find_service>");

    close_envelope = string("</s:Body></s:Envelope>");

    if (ktype == "UDDI_QUERY_FBUSINESS")       {method = find_business;}
    if (ktype == "UDDI_QUERY_FSERVICE")        {method = find_service;}
    if (ktype == "UDDI_QUERY_GSERVICE_DETAIL") {method = get_servicedetail;}

    xml = string(envelope_header, method, close_envelope);
    len = strlen(xml);

    finished_message =  string("POST ", path,  " HTTP/1.0\r\n");
    finished_message =  string(finished_message, "Accept: text/xml\r\n");
    finished_message =  string(finished_message, "Accept: multipart/*\r\n");
    finished_message =  string(finished_message, "Host: ", get_host_ip(), "\r\n");
    finished_message =  string(finished_message, "User-Agent: NESSUS::SOAP\r\n");
    finished_message =  string(finished_message, "Content-Length: ", len, "\r\n");
    finished_message =  string(finished_message, "Content-Type: text/xml; \
charset=utf-8\r\n");   finished_message =  string(finished_message, "SOAPAction: \
''\r\n\r\n", xml);  return(finished_message);
}



--_----------=_1088641837461199--


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic