diff --git a/CHANGELOG b/CHANGELOG index f1d3c9b69..b20ac00ea 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -2,23 +2,27 @@ [NOT YET RELEASED] +o [NSE] Added the new lexmark-config script that lists product information and + configuration for Lexmark printers. [Patrik Karlsson] + o [Ncat] Added support for HTTP Digest authentication of proxies, as both client and server. Previously only the less secure Basic was supported. [Venkat, David] o Added better match lines for MIT Kerberos from Matt Selsky. -o [NSE] Added 5 new NSE scripts and a library for use with MySQL. +o [NSE] Added 5 new NSE scripts and a library by Patrik Karlsson for use with + MySQL. * mysql-brute uses the unpwdb library to guess credentials for MySQL * mysql-databases queries MySQL for a list of databases * mysql-empty-password attempts to authenticate anonymously or as root with - an empty password + an empty password * mysql-users queries MySQL for a list of database users * mysql-variables queries MySQL for it's variables and their settings o [NSE] Added the new daap-get-library script which uses the Digital Audio Access Protocol to enumerate the contents of a library. The contents - contain the name of the artist, album and song. + contain the name of the artist, album and song. [Patrik] o [Ndiff] Show a nicer error message when an input file can't be loaded. Suggested by Derril Lucci, who also contributed a patch. diff --git a/scripts/lexmark-config.nse b/scripts/lexmark-config.nse new file mode 100644 index 000000000..a9ff6b807 --- /dev/null +++ b/scripts/lexmark-config.nse @@ -0,0 +1,79 @@ +description = [[ Retrieve Lexmark S300-S400 Configuration ]] + +-- The Lexmark S302 was found to respond with it's configuration to the NTPRequest probe +-- As the response decodes as MDNS the request was modified to resemble a MDNS request as close as possible +-- However, the port (9100/udp) is listed as something completely different (HBN3) in documentation from Lexmark +-- http://www.lexmark.com/vgn/images/portal/Security%20Features%20of%20Lexmark%20MFPs%20v1_1.pdf + +--- +--@output +-- Interesting ports on 192.168.1.111: +-- PORT STATE SERVICE REASON +-- 9100/udp unknown unknown unknown-response +-- | lexmark-config: +-- | IPADDRESS: 10.46.200.170 +-- | IPNETMASK: 255.255.255.0 +-- | IPGATEWAY: 10.46.200.2 +-- | IPNAME: "ET0020006E4A37" +-- | MACLAA: "000000000000" +-- | MACUAA: "0004007652EC" +-- | MDNSNAME: "S300-S400 Series (32)" +-- | ADAPTERTYPE: 2 +-- | IPADDRSOURCE: 1 +-- | ADAPTERCAP: "148FC000" +-- | OEMBYTE: 1 0 +-- | PASSWORDSET: FALSE +-- | NEWPASSWORDTYPE: TRUE +-- | 1284STRID: 1 "S300-S400 Series" +-- | CPDATTACHED: 1 1 +-- | SECUREMODE: FALSE +-- | PRINTERVIDPID: 1 "043d0180" +-- |_ product=(S300-S400: Series) + +-- Version 0.3 +-- Created 01/03/2010 - v0.1 - created by Patrik Karlsson +-- Revised 01/13/2010 - v0.2 - revised script to use dns library +-- Revised 01/23/2010 - v0.3 - revised script to use the proper ports + +author = "Patrik Karlsson" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = {"discovery", "safe"} + +require 'shortport' +require 'stdnse' +require 'dns' + +portrule = shortport.portnumber({5353,9100}, "udp") + +action = function( host, port ) + + + local catch = function() + stdnse.print_debug("lexmark-config failed to retrieve configuration") + end + + local try = nmap.new_try(catch) + + local result = {} + local response = try( dns.query( "", { port = port.number, host = host.ip, dtype="PTR", retPkt=true} ) ) + local txtrecords = try( dns.findNiceAnswer( dns.types.TXT, response, true ) ) + + for _, v in ipairs( txtrecords ) do + if ( v:len() > 0 ) then + if v:find("PRINTERVIDPID") then + port.version.name="hbn3" + end + if not v:find("product=") then + v = v:gsub(" ", ": ", 1) + end + table.insert( result, v ) + end + end + + -- set port to open + nmap.set_port_state(host, port, "open") + nmap.set_port_version(host, port, "hardmatched") + + return stdnse.format_output(true, result) +end +