Remove bin.lua calls from some scripts and libraries

2025-12-06 04:31:29 +00:00 · 2018-08-29 03:06:40 +00:00
parent dc996da218
commit 0d18bcdbc2
17 changed files with 65 additions and 67 deletions
--- a/nselib/http.lua
+++ b/nselib/http.lua
@@ -112,7 +112,6 @@


 local base64 = require "base64"
-local bin = require "bin"
 local comm = require "comm"
 local coroutine = require "coroutine"
 local nmap = require "nmap"
@@ -1331,9 +1330,9 @@ function generic_request(host, port, method, path, options)

    local auth_blob = "NTLMSSP\x00" .. -- NTLM signature
    "\x01\x00\x00\x00" .. -- NTLM Type 1 message
-    bin.pack("<I", 0xa208b207) .. -- flags 56, 128, Version, Extended Security, Always Sign, Workstation supplied, Domain Supplied, NTLM Key, OEM, Unicode
-    bin.pack("<SSISSI",#workstation_name, #workstation_name, 40 + #hostname, #hostname, #hostname, 40) .. -- Supplied Domain and Workstation
-    bin.pack("CC<S", -- OS version info
+    string.pack("<I4", 0xa208b207) .. -- flags 56, 128, Version, Extended Security, Always Sign, Workstation supplied, Domain Supplied, NTLM Key, OEM, Unicode
+    string.pack("<I2I2I4 I2I2I4",#workstation_name, #workstation_name, 40 + #hostname, #hostname, #hostname, 40) .. -- Supplied Domain and Workstation
+    string.pack("BB<I2", -- OS version info
    5, 1, 2600) .. -- 5.1.2600
    "\x00\x00\x00\x0f" .. -- OS version info end (static 0x0000000f)
    hostname.. -- HOST NAME
@@ -1367,7 +1366,7 @@ function generic_request(host, port, method, path, options)
    authentication_header = response.header['www-authenticate']
    -- take out the challenge
    local type2_response = authentication_header:sub(authentication_header:find(' ')+1, -1)
-    local _, _, message_type, _, _, _, flags_received, challenge= bin.unpack("<A8ISSIIA8", base64.dec(type2_response))
+    local _, message_type, _, _, _, flags_received, challenge= string.unpack("<c8 I4 I2I2I4 I4 c8", base64.dec(type2_response))
    -- check if the response is a type 2 message.
    if message_type ~= 0x02 then
      stdnse.debug1("Expected type 2 message as response.")
@@ -1399,7 +1398,7 @@ function generic_request(host, port, method, path, options)

    local BASE_OFFSET = 72 -- Version 3 -- The Session Key<empty in our case>, flags, and OS Version structure are all present.

-    auth_blob = bin.pack("<zISSISSISSISSISSISSIICCSAAAAA",
+    auth_blob = string.pack("<z I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I4 BBI2",
      "NTLMSSP",
      0x00000003,
      #lanman,
@@ -1423,12 +1422,12 @@ function generic_request(host, port, method, path, options)
      type_3_flags,
      5,
      1,
-      2600,
-      "\x00\x00\x00\x0f",
-      username,
-      hostname,
-      lanman,
-      ntlm)
+      2600)
+    .. "\x00\x00\x00\x0f"
+    .. username
+    .. hostname
+    .. lanman
+    .. ntlm

    custom_options.ntlmauth = auth_blob
    socket:send(build_request(host, port, method, path, custom_options))
--- a/nselib/multicast.lua
+++ b/nselib/multicast.lua
@@ -3,11 +3,11 @@
 --
 -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html

-local bin = require "bin"
 local nmap = require "nmap"
 local ipOps = require "ipOps"
 local packet = require "packet"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"

 _ENV = stdnse.module("multicast", stdnse.seeall)
@@ -79,14 +79,14 @@ mld_query = function( if_nfo, arg_timeout )
    ipOps.ip_to_str("::")   -- empty address - general MLD query
  )
  probe:build_icmpv6_header()
-  probe.exheader = bin.pack("CA",
+  probe.exheader = string.pack(">BBBB I2 BB",
    packet.IPPROTO_ICMPV6,  -- next header
-    "\x00" ..                 -- length not including first 8 octets
-    "\x05" ..                 -- type is router alert
-    "\x02" ..                 -- length 2 bytes
-    "\x00\x00" ..              -- router alert MLD
-    "\x01" ..                 -- padding type PadN
-    "\x00"                    -- padding length 0
+    0x00, -- length not including first 8 octets
+    0x05, -- type is router alert
+    0x02, -- length 2 bytes
+    0x00, -- router alert MLD
+    0x01, -- padding type PadN
+    0x00  -- padding length 0
  )
  probe.ip6_nhdr = packet.IPPROTO_HOPOPTS
  probe:build_ipv6_packet()
--- a/nselib/rsync.lua
+++ b/nselib/rsync.lua
@@ -4,10 +4,10 @@
 -- @author Patrik Karlsson <patrik@cqure.net>

 local base64 = require "base64"
-local bin = require "bin"
 local match = require "match"
 local nmap = require "nmap"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"
 local openssl = stdnse.silent_require "openssl"
 _ENV = stdnse.module("rsync", stdnse.seeall)
@@ -157,7 +157,7 @@ Helper = {
      return false, data
    end

-    local pos, len = bin.unpack("<S", data)
+    local len = string.unpack("<I2", data)
    status, data = self.socket:receive_buf(match.numbytes(len), false)
    if ( not(status) ) then
      return false, data
--- a/nselib/wsdd.lua
+++ b/nselib/wsdd.lua
@@ -32,7 +32,6 @@
 -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
 --

-local bin = require "bin"
 local nmap = require "nmap"
 local stdnse = require "stdnse"
 local table = require "table"
@@ -96,7 +95,7 @@ Util = {
  --
  -- @return uuid string containing a uuid
  generateUUID = function()
-    local rnd_bytes = select(2, bin.unpack( "H16", openssl.rand_bytes( 16 ) ) ):lower()
+    local rnd_bytes = stdnse.tohex(openssl.rand_bytes(16)):lower()

    return ("%s-%s-%s-%s-%s"):format( rnd_bytes:sub(1, 8),
    rnd_bytes:sub(9, 12), rnd_bytes:sub( 13, 16 ), rnd_bytes:sub( 17, 20 ),
--- a/scripts/broadcast-eigrp-discovery.nse
+++ b/scripts/broadcast-eigrp-discovery.nse
@@ -2,7 +2,6 @@ local eigrp = require "eigrp"
 local nmap = require "nmap"
 local stdnse = require "stdnse"
 local table = require "table"
-local bin = require "bin"
 local packet = require "packet"
 local ipOps = require "ipOps"
 local target = require "target"
@@ -104,7 +103,7 @@ local eigrpSend = function(interface, eigrp_raw)
  local sock = nmap.new_dnet()
  sock:ethernet_open(interface.device)
  -- Ethernet IPv4 multicast, our ethernet address and packet type IP
-  local eth_hdr = bin.pack("HAH", "01 00 5e 00 00 0a", interface.mac, "08 00")
+  local eth_hdr = stdnse.fromhex("01 00 5e 00 00 0a") .. interface.mac .. stdnse.fromhex("08 00")
  sock:ethernet_send(eth_hdr .. eigrp_packet.buf)
  sock:ethernet_close()
 end
--- a/scripts/broadcast-listener.nse
+++ b/scripts/broadcast-listener.nse
@@ -172,6 +172,7 @@ sniffInterface = function(iface, Decoders, decodertab)
          -- attempts to match the "raw" packet against a filter
          -- supplied in each ethernet packet decoder
          if ( hex:match(match) ) then
+            stdnse.debug1("Packet matched '%s'", match)
            if ( not(decodertab.ether[match]) ) then
              decodertab.ether[match] = Decoders.ether[match]:new()
            end
--- a/scripts/deluge-rpc-brute.nse
+++ b/scripts/deluge-rpc-brute.nse
@@ -1,5 +1,4 @@
 local brute = require "brute"
-local bin = require "bin"
 local creds = require "creds"
 local nmap = require "nmap"
 local shortport = require "shortport"
@@ -61,19 +60,24 @@ local rencoded_login_request = function(username, password)

  -- Encode the login request:
  -- ((0, 'daemon.login', ('username', 'password'), {}),)
-  local request = bin.pack("CCCCACCACAC",
+  local request = string.pack("BBBB",
    LIST_FIXED_START + 1,
    LIST_FIXED_START + 4,
    INT_POS_FIXED_START,
-    STR_FIXED_START + string.len("daemon.login"),
-    "daemon.login",
-    LIST_FIXED_START + 2,
-    STR_FIXED_START + string.len(username),
-    username,
-    STR_FIXED_START + string.len(password),
-    password,
-    DICT_FIXED_START
+    STR_FIXED_START + string.len("daemon.login")
    )
+  .. "daemon.login"
+  .. string.pack("BB",
+    LIST_FIXED_START + 2,
+    STR_FIXED_START + string.len(username)
+    )
+  ..  username
+  .. string.pack("B",
+    STR_FIXED_START + string.len(password)
+    )
+  ..  password
+  .. string.pack("B", DICT_FIXED_START)
+
  return request
 end

--- a/scripts/eppc-enum-processes.nse
+++ b/scripts/eppc-enum-processes.nse
@@ -2,6 +2,7 @@ local bin       = require('bin')
 local nmap      = require('nmap')
 local shortport = require('shortport')
 local stdnse    = require('stdnse')
+local string    = require('string')
 local tab       = require('tab')

 description = [[
@@ -84,7 +85,9 @@ action = function( host, port )
    local packets = {
      "PPCT\0\0\0\1\0\0\0\1",
      -- unfortunately I've found no packet specifications, so this has to do
-      bin.pack("HCpH", "e44c50525401e101", 225 + #app, app, "dfdbe302013ddfdfdfdfd500")
+      stdnse.fromhex("e44c50525401e101")
+      .. string.pack("Bs1", 225 + #app, app)
+      .. stdnse.fromhex("dfdbe302013ddfdfdfdfd500"),
    }

    for _, v in ipairs(packets) do
--- a/scripts/jdwp-info.nse
+++ b/scripts/jdwp-info.nse
@@ -1,7 +1,7 @@
-local bin = require "bin"
 local io = require "io"
 local jdwp = require "jdwp"
 local stdnse = require "stdnse"
+local string = require "string"
 local nmap = require "nmap"
 local shortport = require "shortport"

@@ -85,7 +85,7 @@ action = function(host, port)
    return stdnse.format_output(false, result)
  end
  -- get the result string
-  local _,_,stringID = bin.unpack(">CL",result)
+  local stringID = string.unpack(">x I8",result)
  status,result = jdwp.readString(socket,0,stringID)
  -- parse results
  return stdnse.format_output(status,result)
--- a/scripts/jdwp-inject.nse
+++ b/scripts/jdwp-inject.nse
@@ -1,4 +1,3 @@
-local bin = require "bin"
 local io = require "io"
 local jdwp = require "jdwp"
 local stdnse = require "stdnse"
@@ -80,7 +79,7 @@ action = function(host, port)
    return stdnse.format_output(false, result)
  end
  -- get the result string
-  local _,_,stringID = bin.unpack(">CL",result)
+  local stringID = string.unpack(">x I8",result)
  status,result = jdwp.readString(socket,0,stringID)
  -- parse results
  return stdnse.format_output(status,result)
--- a/scripts/maxdb-info.nse
+++ b/scripts/maxdb-info.nse
@@ -1,7 +1,7 @@
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
+local string = require "string"
 local tab = require "tab"
 local table = require "table"

@@ -55,7 +55,7 @@ local function exchPacket(socket, packet)
    stdnse.debug2("Failed to read packet from server")
    return false, "Failed to read packet from server"
  end
-  local pos, len = bin.unpack("<S", data)
+  local len = string.unpack("<I2", data)

  -- make sure we've got it all
  if ( len ~= #data ) then
--- a/scripts/murmur-version.nse
+++ b/scripts/murmur-version.nse
@@ -1,4 +1,3 @@
-local bin = require "bin"
 local comm = require "comm"
 local nmap = require "nmap"
 local shortport = require "shortport"
@@ -72,9 +71,8 @@ action = function(host, port)
    end

    -- Detected; extract relevant data
-    local _
-    _, r.v_a, r.v_b, r.v_c, _, r.users, r.maxusers, r.bandwidth =
-    bin.unpack(">CCCLIII", result, 2)
+    r.v_a, r.v_b, r.v_c, r.users, r.maxusers, r.bandwidth =
+    string.unpack(">BBB xxxxxxxx I4I4I4", result, 2)
  end

  mutex("done")
--- a/scripts/mysql-enum.nse
+++ b/scripts/mysql-enum.nse
@@ -1,4 +1,3 @@
-local bin = require "bin"
 local brute = require "brute"
 local creds = require "creds"
 local mysql = require "mysql"
@@ -80,7 +79,7 @@ Driver = {
    stdnse.debug1( "Trying %s ...", pass)
    local auth_string = stdnse.fromhex("0000018d00000000") .. pass .. stdnse.fromhex("00504e5f5155454d4500"); -- old authentication method
    local err
-    status, err = self.socket:send(bin.pack("c",string.len(auth_string)-3) .. auth_string) --send initial auth
+    status, err = self.socket:send(string.pack("b",#auth_string-3) .. auth_string) --send initial auth
    status, response = self.socket:receive_bytes(0)
    if not status then
      return false,brute.Error:new( "Incorrect username" )
--- a/scripts/smb-vuln-ms10-054.nse
+++ b/scripts/smb-vuln-ms10-054.nse
@@ -1,7 +1,7 @@
-local bin = require "bin"
 local smb = require "smb"
 local vulns = require "vulns"
 local stdnse = require "stdnse"
+local string = require "string"

 description = [[
 Tests whether target machines are vulnerable to the ms10-054 SMB remote memory
@@ -66,7 +66,7 @@ local function send_transaction2(smbstate, sub_command, function_parameters)
  end

  -- Parameters are 0x20 bytes long.
-  parameters = bin.pack("<SSSSCCSISSSSSCCS",
+  parameters = string.pack("<I2I2I2I2 BB I2 I4 I2I2I2I2I2 BB I2",
  parameter_size,                  -- Total parameter count.
  data_size,                       -- Total data count.
  0x000a,                          -- Max parameter count.
--- a/scripts/snmp-win32-software.nse
+++ b/scripts/snmp-win32-software.nse
@@ -1,9 +1,9 @@
 local datetime = require "datetime"
-local bin = require "bin"
 local nmap = require "nmap"
 local shortport = require "shortport"
 local snmp = require "snmp"
 local stdnse = require "stdnse"
+local string = require "string"
 local table = require "table"

 description = [[
@@ -83,12 +83,12 @@ local function get_value_from_table( tbl, oid )
 end

 local date_xlate = {
-  year = 2,
-  month = 3,
-  day = 4,
-  hour = 5,
-  min = 6,
-  sec = 7
+  year = 1,
+  month = 2,
+  day = 3,
+  hour = 4,
+  min = 5,
+  sec = 6
 }

 -- translate date parts to positional indices for datetime.format_timestamp
@@ -119,7 +119,7 @@ local function process_answer( tbl )
    if ( v.oid:match(sw_name) ) then
      local objid = v.oid:gsub(sw_name, sw_date)
      local install_date = get_value_from_table( tbl, objid )
-      local install_date_tab = { bin.unpack( ">SCCCCC", install_date ) }
+      local install_date_tab = { string.unpack( ">I2 BBBBB", install_date ) }
      setmetatable(install_date_tab, date_metatab)

      local sw_item = {
--- a/scripts/teamspeak2-version.nse
+++ b/scripts/teamspeak2-version.nse
@@ -1,7 +1,6 @@
 local comm = require "comm"
 local shortport = require "shortport"
 local nmap = require "nmap"
-local bin = require "bin"
 local string = require "string"

 description = [[
@@ -56,7 +55,7 @@ action = function(host, port)
  if name == "" then
    port.version.version = "2"
  else
-    local _, v_a, v_b, v_c, v_d = bin.unpack("<SSSS", version)
+    local v_a, v_b, v_c, v_d = string.unpack("<I2 I2 I2 I2", version)
    port.version.version = v_a .. "." .. v_b .. "." .. v_c .. "." .. v_d
    port.version.extrainfo = "name: " .. name .. "; no password"
    if platform == "Win32" then
--- a/scripts/telnet-ntlm-info.nse
+++ b/scripts/telnet-ntlm-info.nse
@@ -1,6 +1,5 @@
 local datetime = require "datetime"
 local os = require "os"
-local bin = require "bin"
 local comm = require "comm"
 local shortport = require "shortport"
 local stdnse = require "stdnse"
@@ -63,7 +62,7 @@ local _, ntlm_auth_blob = smbauth.get_security_blob(
 --
 -- Create MS-TNAP Login Packet (Option Command IS)
 -- Ref: http://msdn.microsoft.com/en-us/library/cc247789.aspx
-local tnap_login_packet = bin.pack("<CCCCCCCIIACC",
+local tnap_login_packet = string.pack("<BBBBBBB I4I4",
  0xff, -- IAC
  0xfa, -- Sub-option (250)
  0x25, -- Subcommand: auth option
@@ -72,10 +71,9 @@ local tnap_login_packet = bin.pack("<CCCCCCCIIACC",
  0x00, -- Who: Mask client to server (0)
  0x00, -- Command: NTLM_NEGOTIATE (0)
  #ntlm_auth_blob, -- NTLM_DataSize (4 bytes, little-endian)
-  0x00000002, -- NTLM_BufferType (4 bytes, little-endian)
-  ntlm_auth_blob,
-  0xff, 0xf0 -- Sub-option End
-  )
+  0x00000002) -- NTLM_BufferType (4 bytes, little-endian)
+  .. ntlm_auth_blob .. string.pack("<BB",
+  0xff, 0xf0) -- Sub-option End

 portrule = shortport.port_or_service(23, "telnet")