Change more bin lib to string packing/fromhex. Closes #755. Closes #769

2025-12-06 04:31:29 +00:00 · 2017-03-25 13:39:44 +00:00
parent d66dd69df2
commit 0e7f11673c
24 changed files with 50 additions and 50 deletions
--- a/scripts/broadcast-eigrp-discovery.nse
+++ b/scripts/broadcast-eigrp-discovery.nse
@@ -94,7 +94,7 @@ local eigrpSend = function(interface, eigrp_raw)
  local srcip = interface.address
  local dstip = "224.0.0.10"

-  local ip_raw = bin.pack("H", "45c00040ed780000015818bc0a00c8750a00c86b") .. eigrp_raw
+  local ip_raw = stdnse.fromhex( "45c00040ed780000015818bc0a00c8750a00c86b") .. eigrp_raw
  local eigrp_packet = packet.Packet:new(ip_raw, ip_raw:len())
  eigrp_packet:ip_set_bin_src(ipOps.ip_to_str(srcip))
  eigrp_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip))
--- a/scripts/broadcast-igmp-discovery.nse
+++ b/scripts/broadcast-igmp-discovery.nse
@@ -256,7 +256,7 @@ igmpQuery = function(interface, version)
  else
    local igmp_raw = igmpRaw(interface, version)

-    local ip_raw = bin.pack("H", "45c00040ed780000010218bc0a00c8750a00c86b") .. igmp_raw
+    local ip_raw = stdnse.fromhex( "45c00040ed780000010218bc0a00c8750a00c86b") .. igmp_raw
    local igmp_packet = packet.Packet:new(ip_raw, ip_raw:len())
    igmp_packet:ip_set_bin_src(ipOps.ip_to_str(srcip))
    igmp_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip))
--- a/scripts/broadcast-pc-duo.nse
+++ b/scripts/broadcast-pc-duo.nse
@@ -1,4 +1,3 @@
-local bin = require "bin"
 local coroutine = require "coroutine"
 local nmap = require "nmap"
 local os = require "os"
@@ -90,7 +89,7 @@ action = function()
    {
      host = { ip = "255.255.255.255" },
      port = { number = 1505, protocol = "udp" },
-      data =  bin.pack("H", "00808008ff00"),
+      data =  stdnse.fromhex("00808008ff00"),
      match= "^.........(%w*)\0",
      topic= "PC-Duo Hosts"
    },
@@ -98,7 +97,7 @@ action = function()
    {
      host = { ip = "255.255.255.255" },
      port = { number = 2303, protocol = "udp" },
-      data =  bin.pack("H", "20908008ff00"),
+      data =  stdnse.fromhex("20908008ff00"),
      match= "^.........(%w*)\0",
      topic= "PC-Duo Gateway Server"
    },
--- a/scripts/broadcast-pim-discovery.nse
+++ b/scripts/broadcast-pim-discovery.nse
@@ -79,7 +79,7 @@ local helloQuery = function(interface, dstip)
  local srcip = interface.address

  local hello_raw = helloRaw()
-  local ip_raw = bin.pack("H", "45c00040ed780000016718bc0a00c8750a00c86b") .. hello_raw
+  local ip_raw = stdnse.fromhex( "45c00040ed780000016718bc0a00c8750a00c86b") .. hello_raw
  hello_packet = packet.Packet:new(ip_raw, ip_raw:len())
  hello_packet:ip_set_bin_src(ipOps.ip_to_str(srcip))
  hello_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip))
--- a/scripts/dns-nsec3-enum.nse
+++ b/scripts/dns-nsec3-enum.nse
@@ -175,7 +175,7 @@ local function generate_hash(domain, iter, salt)
  for word in string.gmatch(random_domain, "[^%.]+") do
    packed_domain[#packed_domain+1] = bin.pack("p", word)
  end
-  salt = bin.pack("H", salt)
+  salt = stdnse.fromhex( salt)
  local to_hash = bin.pack("AxA", table.concat(packed_domain), salt)
  iter = iter - 1
  local hash = openssl.sha1(to_hash)
--- a/scripts/enip-info.nse
+++ b/scripts/enip-info.nse
@@ -1371,7 +1371,7 @@ end
 -- @param port port that was scanned via nmap
 action = function(host,port)
  -- pack the request identity packet (0x63)
-  local enip_req_ident = bin.pack("H","63000000000000000000000000000000c1debed100000000")
+  local enip_req_ident = stdnse.fromhex("63000000000000000000000000000000c1debed100000000")
  -- create table for output
  local output = stdnse.output_table()
  -- create local vars for socket handling
--- a/scripts/firewalk.nse
+++ b/scripts/firewalk.nse
@@ -205,7 +205,7 @@ local tcp_funcs_v4 = {
  -- @param ttl the IP time to live
  -- @return the newly crafted IP packet
  getprobe = function(host, dport, ttl)
-    local pktbin = bin.pack("H",
+    local pktbin = stdnse.fromhex(
      "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" ..
      "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4"
    )
@@ -269,7 +269,7 @@ local udp_funcs_v4 = {
  -- @param ttl the IP time to live
  -- @return the newly crafted IP packet
  getprobe = function(host, dport, ttl)
-    local pktbin = bin.pack("H",
+    local pktbin = stdnse.fromhex(
      "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" ..
      "0000 0000 0800 0000"
    )
@@ -332,7 +332,7 @@ local tcp_funcs_v6 = {
  -- @param ttl the IP time to live
  -- @return the newly crafted IP packet
  getprobe = function(host, dport, ttl)
-    local pktbin = bin.pack("H",
+    local pktbin = stdnse.fromhex(
      "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" ..
      "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4"
    )
@@ -394,7 +394,7 @@ local udp_funcs_v6 = {
  -- @param ttl the IP time to live
  -- @return the newly crafted IP packet
  getprobe = function(host, dport, ttl)
-    local pktbin = bin.pack("H",
+    local pktbin = stdnse.fromhex(
      "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" ..
      "0000 0000 0800 0000"
    )
--- a/scripts/ipidseq.nse
+++ b/scripts/ipidseq.nse
@@ -62,7 +62,7 @@ end
 -- @param port Port number
 -- @return TCP Packet object
 local genericpkt = function(host, port)
-  local pkt = bin.pack("H",
+  local pkt = stdnse.fromhex(
  "4500 002c 55d1 0000 8006 0000 0000 0000" ..
  "0000 0000 0000 0000 0000 0000 0000 0000" ..
  "6002 0c00 0000 0000 0204 05b4"
--- a/scripts/krb5-enum-users.nse
+++ b/scripts/krb5-enum-users.nse
@@ -174,7 +174,7 @@ KRB5 = {
    princ = encoder:encode( name_type ) .. princ

    -- not sure about how this works, but apparently it does
-    princ = bin.pack("H", "A003") .. princ
+    princ = stdnse.fromhex( "A003") .. princ
    princ = self:encodeSequence(encoder,0x30, princ)

    return princ
@@ -234,7 +234,7 @@ KRB5 = {
    data = '\0' .. data

    -- hmm, wonder what this is
-    data = bin.pack("H", "A0070305") .. data
+    data = stdnse.fromhex( "A0070305") .. data
    data = self:encodeSequence(encoder, 0x30, data)
    data = self:encodeSequence(encoder, 0xA4, data)
    data = self:encodeSequence(encoder, 0xA2, encoder:encode(KRB5.MessageType['AS-REQ'])) .. data
--- a/scripts/ldap-novell-getpass.nse
+++ b/scripts/ldap-novell-getpass.nse
@@ -74,7 +74,7 @@ function action(host,port)

  -- In order to discover what protocol to use (SSL/TCP) we need to send a
  -- few bytes to the server. An anonymous bind should do it
-  local anon_bind = bin.pack("H", "300c020101600702010304008000" )
+  local anon_bind = stdnse.fromhex( "300c020101600702010304008000" )
  local socket, _, opt = comm.tryssl( host, port, anon_bind, nil )
  if ( not(socket) ) then
    return fail("Failed to connect to LDAP server")
@@ -98,13 +98,13 @@ function action(host,port)
  -- The following section could do with more documentation
  -- It's based on packet dumps from the getpass utility available from Novell Cool Solutions
  -- encode the account name as a sequence
-  data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020101") .. data } )
+  data = ldap.encode( { _ldaptype = '30', stdnse.fromhex( "020101") .. data } )
  data = ldap.encode( { _ldaptype = '81', data } )
  data = ldap.encode( { _ldaptype = '80', NMASLDAP_GET_PASSWORD_REQUEST } ) .. data
  data = ldap.encode( { _ldaptype = '77', data } )

  -- encode the whole extended request as a sequence
-  data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020102") .. data } )
+  data = ldap.encode( { _ldaptype = '30', stdnse.fromhex( "020102") .. data } )

  status = socket:send(data)
  if ( not(status) ) then return fail("Failed to send request") end
--- a/scripts/maxdb-info.nse
+++ b/scripts/maxdb-info.nse
@@ -139,12 +139,12 @@ action = function(host, port)
  local status, err = socket:connect(host, port)
  local data

-  status, data = exchPacket(socket, bin.pack("H", handshake))
+  status, data = exchPacket(socket, stdnse.fromhex( handshake))
  if ( not(status) ) then
    return fail("Failed to perform handshake with MaxDB server")
  end

-  status, data = exchPacket(socket, bin.pack("H", dbm_version))
+  status, data = exchPacket(socket, stdnse.fromhex( dbm_version))
  if ( not(status) ) then
    return fail("Failed to request version information from server")
  end
@@ -159,7 +159,7 @@ action = function(host, port)
    table.insert(result, ("%s: %s"):format(f, version_info[f:upper()]))
  end

-  status, data = exchCommand(socket, bin.pack("H", db_enum))
+  status, data = exchCommand(socket, stdnse.fromhex( db_enum))
  socket:close()
  if ( not(status) ) then
    return fail("Failed to request version information from server")
--- a/scripts/mikrotik-routeros-brute.nse
+++ b/scripts/mikrotik-routeros-brute.nse
@@ -67,7 +67,7 @@ Driver =
    --If we find the challenge value we continue the connection process
    if ret then
        stdnse.debug1("Challenge value found:%s", ret)
-        local md5str = bin.pack("xAA", password, bin.pack("H", ret)) --appends pwd and challenge
+        local md5str = bin.pack("xAA", password, stdnse.fromhex( ret)) --appends pwd and challenge
        local chksum = stdnse.tohex(openssl.md5(md5str))
        local user_l = username:len()+6 --we add six because of the string "=name="
        local login_pkt = bin.pack("cAcAcAx", 0x6, "/login", user_l, "=name="..username, 0x2c, "=response=00"..chksum)
--- a/scripts/mrinfo.nse
+++ b/scripts/mrinfo.nse
@@ -189,7 +189,7 @@ local mrinfoQuery = function(interface, dstip)
  local srcip = interface.address

  local mrinfo_raw = mrinfoRaw()
-  local ip_raw = bin.pack("H", "45c00040ed780000400218bc0a00c8750a00c86b") .. mrinfo_raw
+  local ip_raw = stdnse.fromhex( "45c00040ed780000400218bc0a00c8750a00c86b") .. mrinfo_raw
  mrinfo_packet = packet.Packet:new(ip_raw, ip_raw:len())
  mrinfo_packet:ip_set_bin_src(ipOps.ip_to_str(srcip))
  mrinfo_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip))
--- a/scripts/mtrace.nse
+++ b/scripts/mtrace.nse
@@ -141,7 +141,7 @@ end
 --@param destination Target host to which the packet is sent.
 --@param trace_raw Traceroute raw Query.
 local traceSend = function(interface, destination, trace_raw)
-  local ip_raw = bin.pack("H", "45c00040ed780000400218bc0a00c8750a00c86b") .. trace_raw
+  local ip_raw = stdnse.fromhex( "45c00040ed780000400218bc0a00c8750a00c86b") .. trace_raw
  local trace_packet = packet.Packet:new(ip_raw, ip_raw:len())
  trace_packet:ip_set_bin_src(ipOps.ip_to_str(interface.address))
  trace_packet:ip_set_bin_dst(ipOps.ip_to_str(destination))
--- a/scripts/mysql-enum.nse
+++ b/scripts/mysql-enum.nse
@@ -78,7 +78,7 @@ Driver = {
      return false,brute.Error:new(response)
    end
    stdnse.debug1( "Trying %s ...", pass)
-    local auth_string = bin.pack("H","0000018d00000000") .. pass .. bin.pack("H","00504e5f5155454d4500"); -- old authentication method
+    local auth_string = stdnse.fromhex("0000018d00000000") .. pass .. stdnse.fromhex("00504e5f5155454d4500"); -- old authentication method
    local err
    status, err = self.socket:send(bin.pack("c",string.len(auth_string)-3) .. auth_string) --send initial auth
    status, response = self.socket:receive_bytes(0)
--- a/scripts/omron-info.nse
+++ b/scripts/omron-info.nse
@@ -88,7 +88,7 @@ end
 --
 -- @param socket Socket that is passed in from Action
 function send_udp(socket)
-  local controller_data_read = bin.pack("H", "800002000000006300ef050100")
+  local controller_data_read = stdnse.fromhex( "800002000000006300ef050100")
  -- send Request Information Packet
  socket:send(controller_data_read)
  local rcvstatus, response = socket:receive()
@@ -101,7 +101,7 @@ end
 -- @param socket Socket that is passed in from Action
 function send_tcp(socket)
  -- this is the request address command
-  local req_addr = bin.pack("H", "46494e530000000c000000000000000000000000")
+  local req_addr = stdnse.fromhex( "46494e530000000c000000000000000000000000")
  -- TCP requires a network address that is revived from the first request,
  -- The read controller data these two strings will be joined with the address
  local controller_data_read = "46494e5300000015000000020000000080000200"
--- a/scripts/path-mtu.nse
+++ b/scripts/path-mtu.nse
@@ -183,13 +183,13 @@ local setmtu = function(pkt, mtu)
 end

 local basepkt = function(proto)
-  local ibin = bin.pack("H",
+  local ibin = stdnse.fromhex(
    "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000"
  )
-  local tbin = bin.pack("H",
+  local tbin = stdnse.fromhex(
    "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4"
  )
-  local ubin = bin.pack("H",
+  local ubin = stdnse.fromhex(
    "0000 0000 0800 0000"
  )

--- a/scripts/pcanywhere-brute.nse
+++ b/scripts/pcanywhere-brute.nse
@@ -85,7 +85,7 @@ Driver = {
      if(not(status)) then
        return false, brute.Error:new( "Couldn't connect to host: " .. err )
      end
-      status, err = self.socket:send(bin.pack("H","00000000")) --initial hello
+      status, err = self.socket:send(stdnse.fromhex("00000000")) --initial hello
      status, response = self.socket:receive_bytes(0)
      if not status and not retry then
        break
@@ -99,13 +99,13 @@ Driver = {
      return false, brute.Error:new( "Probably not pcAnywhere." )
    end
    retry = false
-    status, err = self.socket:send(bin.pack("H","6f06ff")) -- downgrade into legacy mode
+    status, err = self.socket:send(stdnse.fromhex("6f06ff")) -- downgrade into legacy mode
    status, response = self.socket:receive_bytes(0)

-    status, err = self.socket:send(bin.pack("H","6f61000900fe0000ffff00000000")) -- auth capabilities I
+    status, err = self.socket:send(stdnse.fromhex("6f61000900fe0000ffff00000000")) -- auth capabilities I
    status, response = self.socket:receive_bytes(0)

-    status, err = self.socket:send(bin.pack("H","6f620102000000")) -- auth capabilities II
+    status, err = self.socket:send(stdnse.fromhex("6f620102000000")) -- auth capabilities II
    status, response = self.socket:receive_bytes(0)
    if not status or (string.find(response,"Enter user name") == nil and string.find(response,"Enter login name") == nil) then
      stdnse.debug1("handshake failed")
--- a/scripts/qscan.nse
+++ b/scripts/qscan.nse
@@ -196,7 +196,7 @@ end
 -- @param host Host object
 -- @return TCP Packet object
 local genericpkt = function(host)
-  local pkt = bin.pack("H",
+  local pkt = stdnse.fromhex(
  "4500 002c 55d1 0000 8006 0000 0000 0000" ..
  "0000 0000 0000 0000 0000 0000 0000 0000" ..
  "6002 0c00 0000 0000 0204 05b4"
--- a/scripts/rdp-vuln-ms12-020.nse
+++ b/scripts/rdp-vuln-ms12-020.nse
@@ -83,7 +83,7 @@ action = function(host, port)
  .. "0000" -- dst reference
  .. "0000" -- src reference
  .. "00" -- class and options
-  local connectionRequest = bin.pack("H",connectionRequestStr)
+  local connectionRequest = stdnse.fromhex(connectionRequestStr)

  -- see http://msdn.microsoft.com/en-us/library/cc240836%28v=prot.10%29.aspx
  local connectInitialStr = "03000065" -- TPKT Header
@@ -120,14 +120,14 @@ action = function(host, port)
  .. "0202ffff" -- maxMCSPDUSize
  .. "020102" -- protocolVersion
  .. "0400" -- userData
-  local connectInitial = bin.pack("H",connectInitialStr)
+  local connectInitial = stdnse.fromhex(connectInitialStr)

  -- see http://msdn.microsoft.com/en-us/library/cc240835%28v=prot.10%29.aspx
  local userRequestStr = "0300" -- header
  .. "0008" -- length
  .. "02f080" -- X.224 Data TPDU (2 bytes: 0xf0 = Data TPDU, 0x80 = EOT, end of transmission)
  .. "28" -- PER encoded PDU contents
-  local userRequest = bin.pack("H",userRequestStr)
+  local userRequest = stdnse.fromhex(userRequestStr)

  local user1,user2
  local pos
@@ -184,7 +184,7 @@ action = function(host, port)
  status, err = socket:send(connectionRequest)

  status, response = socket:receive_bytes(0)
-  if response ~= bin.pack("H","0300000b06d00000123400") then
+  if response ~= stdnse.fromhex("0300000b06d00000123400") then
    --probably not rdp at all
    stdnse.debug1("not RDP")
    return nil
@@ -199,11 +199,11 @@ action = function(host, port)
  pos,user2 = bin.unpack(">S",response:sub(10,11)) -- second user's channel - 1001
  user2 = user2+1001 -- second user's channel
  local data4 = bin.pack(">SS",user1,user2)
-  local data5 = bin.pack("H","0300000c02f08038") -- channel join request TPDU
+  local data5 = stdnse.fromhex("0300000c02f08038") -- channel join request TPDU
  local channelJoinRequest = data5 .. data4
  status, err = socket:send(channelJoinRequest) -- bogus channel join request user1 requests channel of user2
  status, response = socket:receive_bytes(0)
-  if response:sub(8,9) == bin.pack("H","3e00") then
+  if response:sub(8,9) == stdnse.fromhex("3e00") then
    -- 3e00 indicates a successful join
    -- see http://msdn.microsoft.com/en-us/library/cc240911%28v=prot.10%29.aspx
    -- service is vulnerable
--- a/scripts/rmi-vuln-classloader.nse
+++ b/scripts/rmi-vuln-classloader.nse
@@ -2,6 +2,7 @@ local bin = require "bin"
 local rmi = require "rmi"
 local shortport = require "shortport"
 local string = require "string"
+local stdnse = require "stdnse"
 local vulns = require "vulns"

 description = [[
@@ -90,7 +91,7 @@ Default configuration of RMI registry allows loading classes from remote URLs wh
  local report = vulns.Report:new(SCRIPT_NAME, host, port);
  rmi_vuln.state = vulns.STATE.NOT_VULN;

-  rmiArgs:addRaw(bin.pack("H", argsRaw));
+  rmiArgs:addRaw(stdnse.fromhex( argsRaw));

  -- reference: java/rmi/dgc/DGCImpl_Stub.java and java/rmi/dgc/DGCImpl_Skel.java
  -- we are calling DGC's (its objectId is 2) method with opnum 0
--- a/scripts/s7-info.nse
+++ b/scripts/s7-info.nse
@@ -184,17 +184,17 @@ end
 -- @param port port that was scanned via nmap
 action = function(host, port)
  -- COTP packet with a dst of 102
-local COTP = bin.pack("H", "0300001611e00000001400c1020100c2020" .. "102" .. "c0010a")
+local COTP = stdnse.fromhex( "0300001611e00000001400c1020100c2020" .. "102" .. "c0010a")
  -- COTP packet with a dst of 200
-  local alt_COTP = bin.pack("H", "0300001611e00000000500c1020100c2020" .. "200" .. "c0010a")
+  local alt_COTP = stdnse.fromhex( "0300001611e00000000500c1020100c2020" .. "200" .. "c0010a")
  -- setup the ROSCTR Packet
-  local ROSCTR_Setup = bin.pack("H", "0300001902f08032010000000000080000f0000001000101e0")
+  local ROSCTR_Setup = stdnse.fromhex( "0300001902f08032010000000000080000f0000001000101e0")
  -- setup the Read SZL information packet
-  local Read_SZL = bin.pack("H", "0300002102f080320700000000000800080001120411440100ff09000400110001")
+  local Read_SZL = stdnse.fromhex( "0300002102f080320700000000000800080001120411440100ff09000400110001")
  -- setup the first SZL request (gather the basic hardware and version number)
-  local first_SZL_Request = bin.pack("H", "0300002102f080320700000000000800080001120411440100ff09000400110001")
+  local first_SZL_Request = stdnse.fromhex( "0300002102f080320700000000000800080001120411440100ff09000400110001")
  -- setup the second SZL request
-  local second_SZL_Request = bin.pack("H", "0300002102f080320700000000000800080001120411440100ff090004001c0001")
+  local second_SZL_Request = stdnse.fromhex( "0300002102f080320700000000000800080001120411440100ff090004001c0001")
  -- response is used to collect the packet responses
  local response
  -- output table for Nmap
--- a/scripts/smb-vuln-ms10-054.nse
+++ b/scripts/smb-vuln-ms10-054.nse
@@ -133,7 +133,7 @@ to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulne
  local status, smbstate = smb.start_ex(host, true, true, share, nil, nil, nil)

  local param = "0501" -- Query FS Attribute Info
-  local status, result = send_transaction2(smbstate,0x03,bin.pack("H",param))
+  local status, result = send_transaction2(smbstate,0x03,stdnse.fromhex(param))
  status, result = smb.smb_read(smbstate,true) -- see if we can still talk to the victim
  if not status then -- if not , it has crashed
    ms10_054.state = vulns.STATE.VULN
--- a/scripts/telnet-encryption.nse
+++ b/scripts/telnet-encryption.nse
@@ -77,7 +77,7 @@ action = function(host, port)

  local socket = nmap.new_socket()
  local status = socket:connect(host, port)
-  local data = bin.pack("H", "FFFD26FFFB26")
+  local data = stdnse.fromhex( "FFFD26FFFB26")
  local result

  socket:set_timeout(7500)