Application Security Testing: An Integral Part of DevOps
Environment and Other Notes
- Compiler: VC++ 5
- Libs: Standard plus netapi32.lib
- Source: Included, compiles cleanly at warning 4, non MFC
- Copyright: None
- Unicode: Yes, required
When I started this little code sample, I needed a way to programmatically send a pop-up message to a specific user. I found the documentation to be sparse and the sample code to be non-existent.
In sending a pop-up message to a user using NetMessageBufferSend() I found that many of the documented parameters were hard to understand and once understood I could obtain that information programmatically too (i.e. server name). So, basically I implemented four basic calls to the NetXxx API:
- NetMessageNameEnum() - Which gets the names of the alias (user names) on the specified server.
- NetMessageBufferSend() - Which sends a message to a specified user.
- NetServerGetInfo() - Which gets the name of the server we're running on.
- NetWkstaUserGetInfo() - Which gets the name of the user account we're logged in as.
Also, the NetMessageBufferSend() does not return an accurate return code if you don't have proper security rights. Logged on to an NT Workstation under a user id that does not have Administrator rights and attempting to send a message to anyone, including your self and NetMessageBufferSend() returns immediately with an error code of NERR_NameNotFound. When logged in with Administrator rights this return code is not seen and the message is indeed sent (even to yourself). The documentation clearly states that you do not need special rights to use this API unless you are accessing a server remotely and this proved to not be the case.
As for the program, it accepts a user name to send a pop-up message to and a message to send. The message must be surrounded by quotes or else just the first word of the message will be sent.