The NASL Interpreter

Use the NASL interpreter, nasl, to run and test NASL scripts via the command line. Invoke it with the -v flag to see what version is installed on your system:

[notroot]$ nasl -v

nasl 2.0.10

See the license for details

A vanilla Nessus installation comes packaged with NASL scripts that act as plug-ins for the Nessus scanner. The Nessus server executes these scripts to test for vulnerabilities, and you can find the scripts in the /usr/local/lib/ness/plugins/ directory. You can execute these scripts directly by invoking them with nasl. For example, the finger.nasl script checks to see if fingerd is enabled on a remote host. Finger is a service that listens on port 79 by default, and you can use it to query information about users. To run this script against a host with the IP address of 192.168.1.1 using the NASL interpreter, execute the following:

[notroot]$ nasl -t 192.168.1.1 finger.nasl

** WARNING : packet forgery will not work

** as NASL is not running as root

The ‘finger’ service provides useful information to attackers, since it allows them to gain usernames, check if a machine is being used, and so on. Here is the output we obtained for ‘root’ :

Login: root Name: System Administrator

Directory: /var/root Shell: /bin/sh

On since Wed 5 May 08:51 (CDT) on ttyp2 from 127.0.0.1:0.0

No Mail.

No Plan.

Solution : comment out the ‘finger’ line in /etc/inetd.conf

Risk factor : Low

[6533] plug_set_key:send(0)[‘1 finger/active=1;

‘](0 out of 19): Socket operation on non-socket

The preceding output is from the finger.nasl script, which was able to use the finger server running on host 192.168.1.1 to find out information about the root user.