Testing a network vulnerabilityTest and debugging proceduresTest and debugging proceduresTesting a local vulnerability

Testing a local vulnerability

Here is an example of using the openvas-nasl tool to perform a test:

First test if your script written in NASL is syntactically correct. This could be done by using openvas-nasl with the -p option, e.g.:

# openvas-nasl -p broken-example.nasl
syntax error, unexpected IDENT, expecting ')'
Parse error at or near line 17

This is telling us that this script has a syntax error. Test the functionality of your script only after you've made sure your script contains only syntactically correct NASL.

Now you can test on your target host, if the LVT is correct, by writing debug-output into a debug file:

 openvas-nasl  -T /tmp/debug-lvt.txt -X  example-lvt.nasl

The debug output will be written into the debug-lvt.txt file, which in this example will look like this:

[...]
NASL:0196> make_list(...)
[9831]() NASL> [080c9968] <- "qpkg"
[9831]() NASL> [080c9a00] <- "-nc"
[9831]() NASL> [080c9f38] <- "-I"
[9831]() NASL> [080c9f98] <- "-v"
[9831](example-lvt.nasl) NASL> Call make_list(1: "qpkg", 2: "-nc", 3: "-I", 4:
"-v")
[9831](example-lvt.nasl) NASL> Return make_list: ???? (DYN_ARRAY (64))
[9831]() NASL> [080c9e88] <- (VAR2_ARRAY)
[9831](example-lvt.nasl) NASL> Call pread(cmd: "qpkg", argv: ???? (DYN_ARRAY
(64)))
[9831](example-lvt.nasl) NASL> Return pread: "qpkg: invalid option -- n
Usage: qpkg <opt..."
[9831]() NASL> [080c95c0] <- "qpkg: invalid option -- n
Usage: qpkg <opts> <misc args> : manipulate Gentoo binpkgs

Options: -[cpP:vqChV]
  -c, --clean          * clean pkgdir of unused binary files
  -p, --pretend        * pretend only
  -P, --pkgdir   <arg> * alternate package directory
  -v, --verbose        * Make a lot of noise
  -q, --quiet          * Tighter output; suppress warnings
  -C, --nocolor        * Don't output color
  -h, --help           * Print this help and exit
  -V, --version        * Print version and exit
"
NASL:0199> if (! (qpkg_list)) { ... }
[9831](example-lvt.nasl) NASL> [080c95c0] -> "qpkg: invalid option -- n
Usage: qpkg <opts> <misc args> : manipulate Gentoo binpkgs

Options: -[cpP:vqChV]
  -c, --clean          * clean pkgdir of unused binary files
  -p, --pretend        * pretend only
  -P, --pkgdir   <arg> * alternate package directory
  -v, --verbose        * Make a lot of noise
  -q, --quiet          * Tighter output; suppress warnings
  -C, --nocolor        * Don't output color
  -h, --help           * Print this help and exit
  -V, --version        * Print version and exit
"
NASL:0201> if (((arch) && (my_arch)) && (my_arch >!< arch)) { ... }
[9831](example-lvt.nasl) NASL> [080c9948] -> undef
NASL:0201> l=egrep(...);
NASL:0201> egrep(...)
[9831](example-lvt.nasl) NASL> [080c95c0] -> "qpkg: invalid option -- n
Usage: qpkg <opts> <misc args> : manipulate Gentoo binpkgs

Options: -[cpP:vqChV]
  -c, --clean          * clean pkgdir of unused binary files
  -p, --pretend        * pretend only
  -P, --pkgdir   <arg> * alternate package directory
  -v, --verbose        * Make a lot of noise
  -q, --quiet          * Tighter output; suppress warnings
  -C, --nocolor        * Don't output color
  -h, --help           * Print this help and exit
  -V, --version        * Print version and exit
"
[9831]() NASL> [080c9890] <- "qpkg: invalid option ? n
[...]

The last line tells us that an incorrect syntax for the qpkg tool was given to the LVT.


Testing a network vulnerabilityTest and debugging proceduresTest and debugging proceduresTesting a local vulnerability