diff --git a/nselib/ssh1.lua b/nselib/ssh1.lua index f0a6dda14..f72463bc4 100644 --- a/nselib/ssh1.lua +++ b/nselib/ssh1.lua @@ -6,7 +6,6 @@ -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -local bin = require "bin" local io = require "io" local math = require "math" local nmap = require "nmap" @@ -30,8 +29,7 @@ _ENV = stdnse.module("ssh1", stdnse.seeall) -- the return is similar to the lua function string:find() check_packet_length = function( buffer ) if #buffer < 4 then return nil end - local payload_length, packet_length, offset - offset, payload_length = bin.unpack( ">I", buffer ) + local payload_length = string.unpack( ">I4", buffer ) local padding = 8 - payload_length % 8 assert(payload_length) local total = 4+payload_length+padding; @@ -53,6 +51,11 @@ receive_ssh_packet = function( socket ) return status, packet end +local function unpack_with_padding(len_bytes, data, offset) + local length, offset = string.unpack( ">I".. len_bytes, data, offset ) + return string.unpack( ">c" .. math.ceil( length / 8 ), data, offset ) +end + --- Fetch an SSH-1 host key. -- @param host Nmap host table. -- @param port Nmap port table. @@ -78,29 +81,25 @@ fetch_host_key = function(host, port) socket:close() if not status then return end - offset, packet_length = bin.unpack( ">i", data ) + packet_length, offset = string.unpack( ">I4", data ) padding = 8 - packet_length % 8 offset = offset + padding if padding + packet_length + 4 == #data then -- seems to be a proper SSH1 packet local msg_code,host_key_bits,exp,mod,length,fp_input - offset, msg_code = bin.unpack( ">c", data, offset ) + msg_code, offset = string.unpack( ">B", data, offset ) if msg_code == 2 then -- 2 => SSH_SMSG_PUBLIC_KEY -- ignore cookie and server key bits - offset, _, _ = bin.unpack( ">A8i", data, offset ) + offset = offset + 8 + 4 -- skip server key exponent and modulus - offset, length = bin.unpack( ">S", data, offset ) - offset = offset + math.ceil( length / 8 ) - offset, length = bin.unpack( ">S", data, offset ) - offset = offset + math.ceil( length / 8 ) + _, offset = unpack_with_padding(2, data, offset) + _, offset = unpack_with_padding(2, data, offset) - offset, host_key_bits = bin.unpack( ">i", data, offset ) - offset, length = bin.unpack( ">S", data, offset ) - offset, exp = bin.unpack( ">A" .. math.ceil( length / 8 ), data, offset ) + host_key_bits, offset = string.unpack( ">I4", data, offset ) + exp, offset = unpack_with_padding(2, data, offset) exp = openssl.bignum_bin2bn( exp ) - offset, length = bin.unpack( ">S", data, offset ) - offset, mod = bin.unpack( ">A" .. math.ceil( length / 8 ), data, offset ) + mod, offset = unpack_with_padding(2, data, offset) mod = openssl.bignum_bin2bn( mod ) fp_input = mod:tobin()..exp:tobin() diff --git a/nselib/sslcert.lua b/nselib/sslcert.lua index a4085b12e..4a2e4aa3d 100644 --- a/nselib/sslcert.lua +++ b/nselib/sslcert.lua @@ -22,7 +22,6 @@ -- @author Patrik Karlsson local asn1 = require "asn1" -local bin = require "bin" local comm = require "comm" local ftp = require "ftp" local ldap = require "ldap" @@ -283,7 +282,7 @@ StartTLS = { -- 0x80 = 10000001 = 10 0 00000 -- hex binary Context Primitive value Field: requestName Value: 0 - local encodedOID = bin.pack('HAA' , '80', string.char(#oid), oid) + local encodedOID = string.pack('Bs1', 0x80, oid) local ldapRequest, ldapRequestId local ExtendedRequest = 23 @@ -440,7 +439,7 @@ StartTLS = { postgres_prepare_tls_without_reconnect = function(host, port) -- http://www.postgresql.org/docs/devel/static/protocol-message-formats.html -- 80877103 is "SSLRequest" in v2 and v3 of Postgres protocol - local s, resp = comm.opencon(host, port, bin.pack(">II", 8, 80877103)) + local s, resp = comm.opencon(host, port, string.pack(">I4I4", 8, 80877103)) if not s then return false, ("Failed to connect to Postgres server: %s"):format(resp) end @@ -509,14 +508,14 @@ StartTLS = { if not status then return status, preloginResponse end local encryption - local pos, optype, oppos, oplen = bin.unpack('>CSS', result) + local optype, oppos, oplen, pos = string.unpack('>BI2I2', result) while optype ~= mssql.PreLoginPacket.OPTION_TYPE.Terminator do --stdnse.debug1("optype: %d, oppos: %x, oplen: %d", optype, oppos, oplen) if optype == mssql.PreLoginPacket.OPTION_TYPE.Encryption then - pos, encryption = bin.unpack('C', result, oppos + 1) + encryption, pos = string.unpack('B', result, oppos + 1) break end - pos, optype, oppos, oplen = bin.unpack('>CSS', result, pos) + optype, oppos, oplen, pos = string.unpack('>BI2I2', result, pos) end if not encryption then starttls_supported(host, port, false) @@ -564,9 +563,9 @@ StartTLS = { -- read in the TDS headers local packetType, messageStatus, packetLength - pos, packetType, messageStatus, packetLength = bin.unpack(">CCS", readBuffer, pos ) + packetType, messageStatus, packetLength, pos = string.unpack(">BBI2", readBuffer, pos ) local spid, packetId, window - pos, spid, packetId, window = bin.unpack(">SCC", readBuffer, pos ) + spid, packetId, window, pos = string.unpack(">I2BB", readBuffer, pos ) if packetLength > #readBuffer then status, result = tds._socket:receive_bytes(packetLength - #readBuffer) @@ -648,7 +647,7 @@ StartTLS = { starttls_supported(host, port, false) return false, "No TLS VeNCrypt auth subtype received" end - sock:send(bin.pack(">I", best)) + sock:send(string.pack(">I4", best)) local status, buf = sock:receive_buf(match.numbytes(1), true) if not status or string.byte(buf, 1) ~= 1 then starttls_supported(host, port, false) @@ -657,7 +656,7 @@ StartTLS = { starttls_supported(host, port, true) return true, sock elseif v:supportsSecType(vnc.VNC.sectypes.TLS) then - status = sock:send( bin.pack("C", vnc.VNC.sectypes.TLS) ) + status = sock:send( string.pack("B", vnc.VNC.sectypes.TLS) ) if not status then starttls_supported(host, port, false) return false, "Failed to select TLS authentication type"