Remove bin.lua packing from more scripts

scripts/broadcast-listener.nse

@@ -1,5 +1,4 @@
 local _G = require "_G"
-local bin = require "bin"
 local coroutine = require "coroutine"
 local nmap = require "nmap"
 local packet = require "packet"
@@ -166,7 +165,7 @@ sniffInterface = function(iface, Decoders, decodertab)
         -- in that case, check the ether Decoder table for pattern matches
       else
         -- attempt to find a match for a pattern
-        local pos, hex = bin.unpack("H" .. #data, data)
+        local hex = stdnse.tohex(data)
         local decoded = false
         for match, _ in pairs(Decoders.ether) do
           -- attempts to match the "raw" packet against a filter
@@ -185,7 +184,7 @@ sniffInterface = function(iface, Decoders, decodertab)
         end
         -- no decoder was found for this layer2 packet
         if ( not(decoded) and #data > 10 ) then
-          stdnse.debug1("No decoder for packet hex: %s", select(2, bin.unpack("H10", data) ) )
+          stdnse.debug1("No decoder for packet hex: %s", stdnse.tohex(data:sub(1,10)))
         end
       end
     end

scripts/citrix-enum-apps.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -42,7 +41,7 @@ portrule = shortport.portnumber(1604, "udp")
 -- @return string row delimited with \n containing all published applications
 function process_pa_response(response)
 
-  local pos, packet_len = bin.unpack("<S", response)
+  local packet_len, pos = string.unpack("<I2", response)
   local app_name
   local pa_list = {}
 
@@ -54,7 +53,7 @@ function process_pa_response(response)
   local offset = 41
 
   while offset < packet_len do
-    pos, app_name = bin.unpack("z", response:sub(offset))
+    app_name, pos = string.unpack("z", response:sub(offset))
     offset = offset + pos - 1
 
     table.insert(pa_list, app_name)

scripts/citrix-enum-servers.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -40,7 +39,7 @@ portrule = shortport.portnumber(1604, "udp")
 --
 function process_server_response(response)
 
-  local pos, packet_len = bin.unpack("<S", response)
+  local packet_len, pos = string.unpack("<I2", response)
   local server_name
   local server_list = {}
 
@@ -52,7 +51,7 @@ function process_server_response(response)
   local offset = 41
 
   while offset < packet_len do
-    pos, server_name = bin.unpack("z", response:sub(offset))
+    server_name, pos = string.unpack("z", response:sub(offset))
     offset = offset + pos - 1
     table.insert(server_list, server_name)
   end

scripts/dns-nsec3-enum.nse

@@ -2,7 +2,6 @@ local stdnse = require "stdnse"
 local shortport = require "shortport"
 local dns = require "dns"
 local base32 = require "base32"
-local bin = require "bin"
 local nmap = require "nmap"
 local string = require "string"
 local table = require "table"
@@ -178,10 +177,10 @@ local function generate_hash(domain, iter, salt)
   local random_domain = rand_str .. "." .. domain
   local packed_domain = {}
   for word in string.gmatch(random_domain, "[^%.]+") do
-    packed_domain[#packed_domain+1] = bin.pack("p", word)
+    packed_domain[#packed_domain+1] = string.pack("s1", word)
   end
   salt = stdnse.fromhex( salt)
-  local to_hash = bin.pack("AxA", table.concat(packed_domain), salt)
+  local to_hash = ("%s\0%s"):format(table.concat(packed_domain), salt)
   iter = iter - 1
   local hash = openssl.sha1(to_hash)
   for i=0,iter do

scripts/ipidseq.nse

@@ -1,9 +1,9 @@
-local bin = require "bin"
 local ipOps = require "ipOps"
 local math = require "math"
 local nmap = require "nmap"
 local packet = require "packet"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"
 
 description = [[
@@ -45,7 +45,7 @@ local ipidseqport
 -- @return Destination and source IP addresses and TCP ports
 local check = function(layer3)
   local ip = packet.Packet:new(layer3, layer3:len())
-  return bin.pack('AA=S=S', ip.ip_bin_dst, ip.ip_bin_src, ip.tcp_dport, ip.tcp_sport)
+  return string.pack('>zzI2I2', ip.ip_bin_dst, ip.ip_bin_src, ip.tcp_dport, ip.tcp_sport)
 end
 
 --- Updates a TCP Packet object
@@ -225,7 +225,7 @@ action = function(host)
     try(sock:ip_send(tcp.buf, host))
 
     local status, len, _, layer3 = pcap:pcap_receive()
-    local test = bin.pack('AA=S=S', tcp.ip_bin_src, tcp.ip_bin_dst, tcp.tcp_sport, tcp.tcp_dport)
+    local test = string.pack('>zzI2I2', tcp.ip_bin_src, tcp.ip_bin_dst, tcp.tcp_sport, tcp.tcp_dport)
     while status and test ~= check(layer3) do
       status, len, _, layer3 = pcap:pcap_receive()
     end

scripts/jdwp-exec.nse

@@ -1,7 +1,7 @@
-local bin = require "bin"
 local io = require "io"
 local jdwp = require "jdwp"
 local stdnse = require "stdnse"
+local string = require "string"
 local nmap = require "nmap"
 local shortport = require "shortport"
 
@@ -81,7 +81,7 @@ action = function(host, port)
     stdnse.debug1("Couldn't create string")
     return stdnse.format_output(false, cmdID)
   end
-  local runArgs = bin.pack(">CL",0x4c,cmdID)  -- 0x4c is object type tag
+  local runArgs = string.pack(">B I8", 0x4c, cmdID) -- 0x4c is object type tag
   -- invoke run method
   local result
   status, result = jdwp.invokeObjectMethod(socket,0,injectedClass.instance,injectedClass.thread,injectedClass.id,runMethodID,1,runArgs)
@@ -90,7 +90,7 @@ action = function(host, port)
     return stdnse.format_output(false, result)
   end
   -- get the result string
-  local _,_,stringID = bin.unpack(">CL",result)
+  local _, stringID = string.unpack(">B I8", result)
   status,result = jdwp.readString(socket,0,stringID)
   return stdnse.format_output(status,result)
 end

scripts/metasploit-info.nse

@@ -3,7 +3,6 @@ local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
 local http = require "http"
-local bin = require "bin"
 
 description = [[
 Gathers info from the Metasploit rpc service.  It requires a valid login pair.
@@ -54,12 +53,11 @@ local os_type
 
 -- returns a "prefix" that msgpack uses for strings
 local get_prefix = function(data)
-  if string.len(data) <= 31 then
-    return bin.pack("C",0xa0 + string.len(data))
+  if #data <= 31 then
+    return string.pack("B", 0xa0 + #data)
   else
-    return "\xda"  .. bin.pack(">s",string.len(data))
+    return "\xda"  .. string.pack(">I2", #data)
   end
-
 end
 
 -- returns a msgpacked data for console.read

scripts/ntp-monlist.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local ipOps = require "ipOps"
 local math = require "math"
 local nmap = require "nmap"
@@ -494,14 +493,14 @@ function make_udp_packet(response)
   -- dummy headers
   -- ip
   local dh = "\x45\x00" -- IPv4, 20-byte header, no DSCP, no ECN
-  .. bin.pack('>S', iplen) -- total length
+  .. string.pack('>I2', iplen) -- total length
   .. "\x00\x00" -- IPID 0
   .. "\x40\x00" -- DF
   .. "\x40\x11" -- TTL 0x40, UDP (proto 17)
   .. "\x00\x00" -- checksum 0
   .. "\x00\x00\x00\x00\x00\x00\x00\x00" -- Source, destination 0.0.0.0
   .. "\x00\x00\x00\x00" -- UDP source, dest port 0
-  .. bin.pack('S', udplen) -- UDP length
+  .. string.pack('>I2', udplen) -- UDP length
   .. "\x00\x00" -- UDP checksum 0
 
   return packet.Packet:new(dh .. response, iplen)

scripts/pcanywhere-brute.nse

@@ -4,7 +4,6 @@ local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
 local string = require "string"
-local bin = require "bin"
 local table = require "table"
 description = [[
 Performs brute force password auditing against the pcAnywhere remote access protocol.
@@ -120,14 +119,14 @@ Driver = {
     stdnse.debug1( "Trying %s/%s ...", user, pass )
     -- send username and password
     -- both are prefixed with 0x06, size and are encrypted
-    status, err = self.socket:send("\x06" .. bin.pack("C",string.len(user)) .. encrypt(user) ) -- send username
+    status, err = self.socket:send("\x06" .. string.pack("s1", encrypt(user)) ) -- send username
     status, response = self.socket:receive_bytes(0)
     if not status or string.find(response,"Enter password") == nil then
       stdnse.debug1("Sending username failed")
       return false, brute.Error:new( "Sending username failed." )
     end
     -- send password
-    status, err = self.socket:send("\x06" .. bin.pack("C",string.len(pass)) .. encrypt(pass) ) -- send password
+    status, err = self.socket:send("\x06" .. string.pack("s1", encrypt(pass)) ) -- send password
     status, response = self.socket:receive_bytes(0)
     if not status or string.find(response,"Login unsuccessful") or string.find(response,"Invalid login.")then
       stdnse.debug1("Incorrect username or password")

scripts/qscan.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local ipOps = require "ipOps"
 local math = require "math"
 local nmap = require "nmap"
@@ -179,7 +178,7 @@ end
 -- @return Destination and source IP addresses and TCP ports
 local check = function(layer3)
   local ip = packet.Packet:new(layer3, layer3:len())
-  return bin.pack('AA=S=S', ip.ip_bin_dst, ip.ip_bin_src, ip.tcp_dport, ip.tcp_sport)
+  return string.pack('>zzI2I2', ip.ip_bin_dst, ip.ip_bin_src, ip.tcp_dport, ip.tcp_sport)
 end
 
 --- Updates a TCP Packet object
@@ -457,7 +456,7 @@ action = function(host)
 
       stats[j].sent = stats[j].sent + 1
 
-      local test = bin.pack('AA=S=S', tcp.ip_bin_src, tcp.ip_bin_dst, tcp.tcp_sport, tcp.tcp_dport)
+      local test = string.pack('>zzI2I2', tcp.ip_bin_src, tcp.ip_bin_dst, tcp.tcp_sport, tcp.tcp_dport)
       local status, length, _, layer3, stop = pcap:pcap_receive()
       while status and test ~= check(layer3) do
         status, length, _, layer3, stop = pcap:pcap_receive()

scripts/quake1-info.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local comm = require "comm"
 local nmap = require "nmap"
 local stdnse = require "stdnse"
@@ -127,7 +126,7 @@ local color_codes = {
 -- player info as a table on success and raise an error on failure.
 local function get_player_info(host, port, id)
   local player_info = stdnse.output_table()
-  local req_pl = bin.pack('>SSCC',
+  local req_pl = string.pack('>I2 I2 BB',
     ctrl_pkt_type,     -- packet type
     2+2+1+1,           -- packet length
     ccreq_player_info, -- operation code
@@ -136,12 +135,13 @@ local function get_player_info(host, port, id)
 
   local status, rep_pl = comm.exchange(host, port, req_pl)
   assert_w_table(status, "No response to request for player info")
+  assert_w_table(#rep_pl >= 4, "Response too small for packet header")
 
   player_info.player_ratio = string.format("%d/%d=%f",
     rep_pl:len(), req_pl:len(),
     rep_pl:len()/req_pl:len() )
 
-  local pos, rep_pkt_type, rep_pl_len = bin.unpack('>SS', rep_pl)
+  local rep_pkt_type, rep_pl_len, pos = string.unpack('>I2 I2', rep_pl)
   assert_w_table(rep_pl_len == rep_pl:len(),
     string.format("Incorrect reply packet length: %d"
       .. " received, %d bytes in packet",
@@ -152,7 +152,7 @@ local function get_player_info(host, port, id)
     "Bad reply packet type", player_info)
 
   -- frags and connect_time are sent little endian:
-  local pos, rep_opc, player_id, name, colors, frags, connect_time, client_address = bin.unpack('>CCzCxxx<iI>z', rep_pl, pos)
+  local rep_opc, player_id, name, colors, frags, connect_time, client_address, pos = string.unpack('>BBzBxxx<i4I4>z', rep_pl, pos)
   assert_w_table(pos == term_pos, "Error parsing reply (packet type/ length)",
     player_info)
   assert_w_table(rep_opc == ccrep_player_info,
@@ -191,7 +191,7 @@ end
 -- raise an error on failure.
 local function get_server_info(host, port)
   local server_info = stdnse.output_table()
-  local req_pl = bin.pack('>SSCzC',
+  local req_pl = string.pack('>I2I2BzB',
     ctrl_pkt_type,             -- packet type
     2+2+1+game_name:len()+1+1, -- packet length
     ccreq_server_info,         -- operation code
@@ -201,13 +201,14 @@ local function get_server_info(host, port)
 
   local status, rep_pl = comm.exchange(host, port, req_pl)
   assert_w_table(status, "No response to request for server info")
+  assert_w_table(#rep_pl >= 4, "Response too small for packet header")
 
   nmap.set_port_state(host, port, 'open')
   server_info.server_ratio = string.format("%d/%d=%f",
     rep_pl:len(), req_pl:len(),
     rep_pl:len()/req_pl:len())
 
-  local pos, rep_pkt_type, rep_pl_len = bin.unpack('>SS', rep_pl)
+  local rep_pkt_type, rep_pl_len, pos = string.unpack('>I2 I2', rep_pl)
   assert_w_table(rep_pkt_type == ctrl_pkt_type,
     string.format("Bad reply packet type 0x%x, expected 0x%x",
     rep_pkt_type, ctrl_pkt_type), server_info)
@@ -217,12 +218,12 @@ local function get_server_info(host, port)
     rep_pl_len, rep_pl:len()), server_info)
   local term_pos = rep_pl_len + 1
 
-  local pos, rep_opc = bin.unpack('>C', rep_pl, pos)
+  local rep_opc, pos = string.unpack('>B', rep_pl, pos)
   assert_w_table(rep_opc == ccrep_server_info,
     string.format("Bad operation code 0x%x in reply,"
       .. " expected 0x%x",
     rep_opc, ccrep_server_info), server_info)
-  local pos, server_address, server_host_name, level_name, cur_players, max_players, net_protocol_version = bin.unpack('>zzzCCC', rep_pl, pos)
+  local server_address, server_host_name, level_name, cur_players, max_players, net_protocol_version, pos = string.unpack('>zzzBBB', rep_pl, pos)
   assert_w_table(pos == term_pos, "Error parsing reply (packet type/length)",
     server_info)
 

scripts/quake3-info.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local comm = require "comm"
 local nmap = require "nmap"
 local shortport = require "shortport"
@@ -191,8 +190,8 @@ local function assorted(fields)
 end
 
 action = function(host, port)
-  local GETSTATUS = bin.pack("CCCCA", 0xff, 0xff, 0xff, 0xff, "getstatus\n")
-  local STATUSRESP = bin.pack("CCCCA", 0xff, 0xff, 0xff, 0xff, "statusResponse")
+  local GETSTATUS = "\xff\xff\xff\xffgetstatus\n"
+  local STATUSRESP = "\xff\xff\xff\xffstatusResponse"
 
   local status, data = comm.exchange(host, port, GETSTATUS, {["proto"] = "udp"})
   if not status then

scripts/samba-vuln-cve-2012-1182.nse

@@ -1,4 +1,3 @@
-local bin = require "bin"
 local msrpc = require "msrpc"
 local smb = require "smb"
 local string = require "string"
@@ -110,9 +109,9 @@ from an anonymous connection.
   end
 
   -- create malicious packet, same as in the PoC
-  local data = bin.pack("<I",4096)  -- num_sids
+  local data = string.pack("<I4",4096)  -- num_sids
     .. "abcd"
-    ..bin.pack("<III",100
+    ..string.pack("<I4I4I4",100
       ,0
       ,100)
     ..string.rep("a",1000)

scripts/voldemort-info.nse

@@ -1,7 +1,7 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"
 
 description = [[
@@ -66,7 +66,7 @@ local function connect(host, port)
   end
 
   local response
-  status, response = socket:receive(2)
+  status, response = socket:receive_bytes(2)
   if ( not(status) ) then
     return false, "Failed to receive response from server"
   elseif( response ~= "ok" ) then
@@ -82,18 +82,18 @@ end
 -- @return data string as received from the server
 local function getMetadata(socket, file)
 
-  local req = bin.pack(">HCzIcz", "0100", #("metadata"), "metadata", 0, #file, file)
+  local req = "\x01\x00" .. string.pack(">s1x I4 s1x", "metadata", 0, file)
   local status, err = socket:send(req)
   if ( not(status) ) then
     return false, "Failed to send request to server"
   end
-  local status, data = socket:receive(8)
+  local status, data = socket:receive_bytes(10)
   if ( not(status) ) then
     return false, "Failed to receive response from server"
   end
-  local _, len = bin.unpack(">S", data, 9)
+  local len = string.unpack(">I2", data, 9)
   while( #data < len - 2 ) do
-    local status, tmp = socket:receive(len - 2 - #data)
+    local status, tmp = socket:receive_bytes(len - 2 - #data)
     if ( not(status) ) then
       return false, "Failed to receive response from server"
     end