|
(This is a re-post. Tenable support kicked my ticket
(BFP-98828-930) to the curb, so I figured I'd ask one last time here...
C'mon you @tenablesecurity.com folks, help a fella
out...)
I wrote a
plugin (attached) to verify
compliance with company standards regarding local users and groups (renaming
admin, decoy accounts, group memberships, disabled accounts, etc.) I had no
problem getting NASL to do what I wanted, with ONE exception:
I need to be able to use the local host SID and local group RIDs to retrieve the actual NAMEs of local groups. I can establish a session to the $IPC share, I can get the local group RIDs using NetUserGetLocalGroups(), I can an LSA handle with LsaOpenPolicy(), I can get the hex sid of the host from the KB, and I can convert the hex sid + group RID to a raw sid with hex2raw2(). If I comment out the hex host SID -> raw host SID + group RID -> raw group SID conversion, and then paste just the raw group sid from, say, smb_group_backup_op.nasl, my plugin converts the raw SID to a group name. The group in question is the local Users group. NetUserGetLocalGroups returns '545' for this group, which I assume is the RID. - John
_______________________________________________ Nessus mailing list Nessus@list.nessus.org http://mail.nessus.org/mailman/listinfo/nessus |
