From 0e7f11673cfd221977295b34a16e5f2299c37f2d Mon Sep 17 00:00:00 2001 From: dmiller Date: Sat, 25 Mar 2017 13:39:44 +0000 Subject: [PATCH] Change more bin lib to string packing/fromhex. Closes #755. Closes #769 --- scripts/broadcast-eigrp-discovery.nse | 2 +- scripts/broadcast-igmp-discovery.nse | 2 +- scripts/broadcast-pc-duo.nse | 5 ++--- scripts/broadcast-pim-discovery.nse | 2 +- scripts/dns-nsec3-enum.nse | 2 +- scripts/enip-info.nse | 2 +- scripts/firewalk.nse | 8 ++++---- scripts/ipidseq.nse | 2 +- scripts/krb5-enum-users.nse | 4 ++-- scripts/ldap-novell-getpass.nse | 6 +++--- scripts/maxdb-info.nse | 6 +++--- scripts/mikrotik-routeros-brute.nse | 2 +- scripts/mrinfo.nse | 2 +- scripts/mtrace.nse | 2 +- scripts/mysql-enum.nse | 2 +- scripts/omron-info.nse | 4 ++-- scripts/path-mtu.nse | 6 +++--- scripts/pcanywhere-brute.nse | 8 ++++---- scripts/qscan.nse | 2 +- scripts/rdp-vuln-ms12-020.nse | 12 ++++++------ scripts/rmi-vuln-classloader.nse | 3 ++- scripts/s7-info.nse | 12 ++++++------ scripts/smb-vuln-ms10-054.nse | 2 +- scripts/telnet-encryption.nse | 2 +- 24 files changed, 50 insertions(+), 50 deletions(-) diff --git a/scripts/broadcast-eigrp-discovery.nse b/scripts/broadcast-eigrp-discovery.nse index c0df938ea..ca9afa4f1 100644 --- a/scripts/broadcast-eigrp-discovery.nse +++ b/scripts/broadcast-eigrp-discovery.nse @@ -94,7 +94,7 @@ local eigrpSend = function(interface, eigrp_raw) local srcip = interface.address local dstip = "224.0.0.10" - local ip_raw = bin.pack("H", "45c00040ed780000015818bc0a00c8750a00c86b") .. eigrp_raw + local ip_raw = stdnse.fromhex( "45c00040ed780000015818bc0a00c8750a00c86b") .. eigrp_raw local eigrp_packet = packet.Packet:new(ip_raw, ip_raw:len()) eigrp_packet:ip_set_bin_src(ipOps.ip_to_str(srcip)) eigrp_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip)) diff --git a/scripts/broadcast-igmp-discovery.nse b/scripts/broadcast-igmp-discovery.nse index 64b8d7e17..59deb3ad2 100644 --- a/scripts/broadcast-igmp-discovery.nse +++ b/scripts/broadcast-igmp-discovery.nse @@ -256,7 +256,7 @@ igmpQuery = function(interface, version) else local igmp_raw = igmpRaw(interface, version) - local ip_raw = bin.pack("H", "45c00040ed780000010218bc0a00c8750a00c86b") .. igmp_raw + local ip_raw = stdnse.fromhex( "45c00040ed780000010218bc0a00c8750a00c86b") .. igmp_raw local igmp_packet = packet.Packet:new(ip_raw, ip_raw:len()) igmp_packet:ip_set_bin_src(ipOps.ip_to_str(srcip)) igmp_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip)) diff --git a/scripts/broadcast-pc-duo.nse b/scripts/broadcast-pc-duo.nse index a9f4e03e2..f8e901613 100644 --- a/scripts/broadcast-pc-duo.nse +++ b/scripts/broadcast-pc-duo.nse @@ -1,4 +1,3 @@ -local bin = require "bin" local coroutine = require "coroutine" local nmap = require "nmap" local os = require "os" @@ -90,7 +89,7 @@ action = function() { host = { ip = "255.255.255.255" }, port = { number = 1505, protocol = "udp" }, - data = bin.pack("H", "00808008ff00"), + data = stdnse.fromhex("00808008ff00"), match= "^.........(%w*)\0", topic= "PC-Duo Hosts" }, @@ -98,7 +97,7 @@ action = function() { host = { ip = "255.255.255.255" }, port = { number = 2303, protocol = "udp" }, - data = bin.pack("H", "20908008ff00"), + data = stdnse.fromhex("20908008ff00"), match= "^.........(%w*)\0", topic= "PC-Duo Gateway Server" }, diff --git a/scripts/broadcast-pim-discovery.nse b/scripts/broadcast-pim-discovery.nse index ac386835a..08adcf1bf 100644 --- a/scripts/broadcast-pim-discovery.nse +++ b/scripts/broadcast-pim-discovery.nse @@ -79,7 +79,7 @@ local helloQuery = function(interface, dstip) local srcip = interface.address local hello_raw = helloRaw() - local ip_raw = bin.pack("H", "45c00040ed780000016718bc0a00c8750a00c86b") .. hello_raw + local ip_raw = stdnse.fromhex( "45c00040ed780000016718bc0a00c8750a00c86b") .. hello_raw hello_packet = packet.Packet:new(ip_raw, ip_raw:len()) hello_packet:ip_set_bin_src(ipOps.ip_to_str(srcip)) hello_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip)) diff --git a/scripts/dns-nsec3-enum.nse b/scripts/dns-nsec3-enum.nse index c1359020f..a0e4d2b83 100644 --- a/scripts/dns-nsec3-enum.nse +++ b/scripts/dns-nsec3-enum.nse @@ -175,7 +175,7 @@ local function generate_hash(domain, iter, salt) for word in string.gmatch(random_domain, "[^%.]+") do packed_domain[#packed_domain+1] = bin.pack("p", word) end - salt = bin.pack("H", salt) + salt = stdnse.fromhex( salt) local to_hash = bin.pack("AxA", table.concat(packed_domain), salt) iter = iter - 1 local hash = openssl.sha1(to_hash) diff --git a/scripts/enip-info.nse b/scripts/enip-info.nse index d483bb248..7a5c6fc2d 100644 --- a/scripts/enip-info.nse +++ b/scripts/enip-info.nse @@ -1371,7 +1371,7 @@ end -- @param port port that was scanned via nmap action = function(host,port) -- pack the request identity packet (0x63) - local enip_req_ident = bin.pack("H","63000000000000000000000000000000c1debed100000000") + local enip_req_ident = stdnse.fromhex("63000000000000000000000000000000c1debed100000000") -- create table for output local output = stdnse.output_table() -- create local vars for socket handling diff --git a/scripts/firewalk.nse b/scripts/firewalk.nse index 537f98879..098022b9a 100644 --- a/scripts/firewalk.nse +++ b/scripts/firewalk.nse @@ -205,7 +205,7 @@ local tcp_funcs_v4 = { -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) - local pktbin = bin.pack("H", + local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4" ) @@ -269,7 +269,7 @@ local udp_funcs_v4 = { -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) - local pktbin = bin.pack("H", + local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0800 0000" ) @@ -332,7 +332,7 @@ local tcp_funcs_v6 = { -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) - local pktbin = bin.pack("H", + local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4" ) @@ -394,7 +394,7 @@ local udp_funcs_v6 = { -- @param ttl the IP time to live -- @return the newly crafted IP packet getprobe = function(host, dport, ttl) - local pktbin = bin.pack("H", + local pktbin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" .. "0000 0000 0800 0000" ) diff --git a/scripts/ipidseq.nse b/scripts/ipidseq.nse index 8c9720410..d0040985f 100644 --- a/scripts/ipidseq.nse +++ b/scripts/ipidseq.nse @@ -62,7 +62,7 @@ end -- @param port Port number -- @return TCP Packet object local genericpkt = function(host, port) - local pkt = bin.pack("H", + local pkt = stdnse.fromhex( "4500 002c 55d1 0000 8006 0000 0000 0000" .. "0000 0000 0000 0000 0000 0000 0000 0000" .. "6002 0c00 0000 0000 0204 05b4" diff --git a/scripts/krb5-enum-users.nse b/scripts/krb5-enum-users.nse index 2b2bb42e9..e5d38035d 100644 --- a/scripts/krb5-enum-users.nse +++ b/scripts/krb5-enum-users.nse @@ -174,7 +174,7 @@ KRB5 = { princ = encoder:encode( name_type ) .. princ -- not sure about how this works, but apparently it does - princ = bin.pack("H", "A003") .. princ + princ = stdnse.fromhex( "A003") .. princ princ = self:encodeSequence(encoder,0x30, princ) return princ @@ -234,7 +234,7 @@ KRB5 = { data = '\0' .. data -- hmm, wonder what this is - data = bin.pack("H", "A0070305") .. data + data = stdnse.fromhex( "A0070305") .. data data = self:encodeSequence(encoder, 0x30, data) data = self:encodeSequence(encoder, 0xA4, data) data = self:encodeSequence(encoder, 0xA2, encoder:encode(KRB5.MessageType['AS-REQ'])) .. data diff --git a/scripts/ldap-novell-getpass.nse b/scripts/ldap-novell-getpass.nse index ff8024301..a8dfd7efc 100644 --- a/scripts/ldap-novell-getpass.nse +++ b/scripts/ldap-novell-getpass.nse @@ -74,7 +74,7 @@ function action(host,port) -- In order to discover what protocol to use (SSL/TCP) we need to send a -- few bytes to the server. An anonymous bind should do it - local anon_bind = bin.pack("H", "300c020101600702010304008000" ) + local anon_bind = stdnse.fromhex( "300c020101600702010304008000" ) local socket, _, opt = comm.tryssl( host, port, anon_bind, nil ) if ( not(socket) ) then return fail("Failed to connect to LDAP server") @@ -98,13 +98,13 @@ function action(host,port) -- The following section could do with more documentation -- It's based on packet dumps from the getpass utility available from Novell Cool Solutions -- encode the account name as a sequence - data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020101") .. data } ) + data = ldap.encode( { _ldaptype = '30', stdnse.fromhex( "020101") .. data } ) data = ldap.encode( { _ldaptype = '81', data } ) data = ldap.encode( { _ldaptype = '80', NMASLDAP_GET_PASSWORD_REQUEST } ) .. data data = ldap.encode( { _ldaptype = '77', data } ) -- encode the whole extended request as a sequence - data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020102") .. data } ) + data = ldap.encode( { _ldaptype = '30', stdnse.fromhex( "020102") .. data } ) status = socket:send(data) if ( not(status) ) then return fail("Failed to send request") end diff --git a/scripts/maxdb-info.nse b/scripts/maxdb-info.nse index 72f5d6c86..fb758a472 100644 --- a/scripts/maxdb-info.nse +++ b/scripts/maxdb-info.nse @@ -139,12 +139,12 @@ action = function(host, port) local status, err = socket:connect(host, port) local data - status, data = exchPacket(socket, bin.pack("H", handshake)) + status, data = exchPacket(socket, stdnse.fromhex( handshake)) if ( not(status) ) then return fail("Failed to perform handshake with MaxDB server") end - status, data = exchPacket(socket, bin.pack("H", dbm_version)) + status, data = exchPacket(socket, stdnse.fromhex( dbm_version)) if ( not(status) ) then return fail("Failed to request version information from server") end @@ -159,7 +159,7 @@ action = function(host, port) table.insert(result, ("%s: %s"):format(f, version_info[f:upper()])) end - status, data = exchCommand(socket, bin.pack("H", db_enum)) + status, data = exchCommand(socket, stdnse.fromhex( db_enum)) socket:close() if ( not(status) ) then return fail("Failed to request version information from server") diff --git a/scripts/mikrotik-routeros-brute.nse b/scripts/mikrotik-routeros-brute.nse index 656ef2373..6bda8050b 100644 --- a/scripts/mikrotik-routeros-brute.nse +++ b/scripts/mikrotik-routeros-brute.nse @@ -67,7 +67,7 @@ Driver = --If we find the challenge value we continue the connection process if ret then stdnse.debug1("Challenge value found:%s", ret) - local md5str = bin.pack("xAA", password, bin.pack("H", ret)) --appends pwd and challenge + local md5str = bin.pack("xAA", password, stdnse.fromhex( ret)) --appends pwd and challenge local chksum = stdnse.tohex(openssl.md5(md5str)) local user_l = username:len()+6 --we add six because of the string "=name=" local login_pkt = bin.pack("cAcAcAx", 0x6, "/login", user_l, "=name="..username, 0x2c, "=response=00"..chksum) diff --git a/scripts/mrinfo.nse b/scripts/mrinfo.nse index 0c64a6716..6a9cd94a7 100644 --- a/scripts/mrinfo.nse +++ b/scripts/mrinfo.nse @@ -189,7 +189,7 @@ local mrinfoQuery = function(interface, dstip) local srcip = interface.address local mrinfo_raw = mrinfoRaw() - local ip_raw = bin.pack("H", "45c00040ed780000400218bc0a00c8750a00c86b") .. mrinfo_raw + local ip_raw = stdnse.fromhex( "45c00040ed780000400218bc0a00c8750a00c86b") .. mrinfo_raw mrinfo_packet = packet.Packet:new(ip_raw, ip_raw:len()) mrinfo_packet:ip_set_bin_src(ipOps.ip_to_str(srcip)) mrinfo_packet:ip_set_bin_dst(ipOps.ip_to_str(dstip)) diff --git a/scripts/mtrace.nse b/scripts/mtrace.nse index 9cafbe1a5..496ff1706 100644 --- a/scripts/mtrace.nse +++ b/scripts/mtrace.nse @@ -141,7 +141,7 @@ end --@param destination Target host to which the packet is sent. --@param trace_raw Traceroute raw Query. local traceSend = function(interface, destination, trace_raw) - local ip_raw = bin.pack("H", "45c00040ed780000400218bc0a00c8750a00c86b") .. trace_raw + local ip_raw = stdnse.fromhex( "45c00040ed780000400218bc0a00c8750a00c86b") .. trace_raw local trace_packet = packet.Packet:new(ip_raw, ip_raw:len()) trace_packet:ip_set_bin_src(ipOps.ip_to_str(interface.address)) trace_packet:ip_set_bin_dst(ipOps.ip_to_str(destination)) diff --git a/scripts/mysql-enum.nse b/scripts/mysql-enum.nse index d8cd6a02f..7e73b1913 100644 --- a/scripts/mysql-enum.nse +++ b/scripts/mysql-enum.nse @@ -78,7 +78,7 @@ Driver = { return false,brute.Error:new(response) end stdnse.debug1( "Trying %s ...", pass) - local auth_string = bin.pack("H","0000018d00000000") .. pass .. bin.pack("H","00504e5f5155454d4500"); -- old authentication method + local auth_string = stdnse.fromhex("0000018d00000000") .. pass .. stdnse.fromhex("00504e5f5155454d4500"); -- old authentication method local err status, err = self.socket:send(bin.pack("c",string.len(auth_string)-3) .. auth_string) --send initial auth status, response = self.socket:receive_bytes(0) diff --git a/scripts/omron-info.nse b/scripts/omron-info.nse index 33ba241e2..8b94278e6 100644 --- a/scripts/omron-info.nse +++ b/scripts/omron-info.nse @@ -88,7 +88,7 @@ end -- -- @param socket Socket that is passed in from Action function send_udp(socket) - local controller_data_read = bin.pack("H", "800002000000006300ef050100") + local controller_data_read = stdnse.fromhex( "800002000000006300ef050100") -- send Request Information Packet socket:send(controller_data_read) local rcvstatus, response = socket:receive() @@ -101,7 +101,7 @@ end -- @param socket Socket that is passed in from Action function send_tcp(socket) -- this is the request address command - local req_addr = bin.pack("H", "46494e530000000c000000000000000000000000") + local req_addr = stdnse.fromhex( "46494e530000000c000000000000000000000000") -- TCP requires a network address that is revived from the first request, -- The read controller data these two strings will be joined with the address local controller_data_read = "46494e5300000015000000020000000080000200" diff --git a/scripts/path-mtu.nse b/scripts/path-mtu.nse index f64c9aff9..28d322d02 100644 --- a/scripts/path-mtu.nse +++ b/scripts/path-mtu.nse @@ -183,13 +183,13 @@ local setmtu = function(pkt, mtu) end local basepkt = function(proto) - local ibin = bin.pack("H", + local ibin = stdnse.fromhex( "4500 0014 0000 4000 8000 0000 0000 0000 0000 0000" ) - local tbin = bin.pack("H", + local tbin = stdnse.fromhex( "0000 0000 0000 0000 0000 0000 6002 0c00 0000 0000 0204 05b4" ) - local ubin = bin.pack("H", + local ubin = stdnse.fromhex( "0000 0000 0800 0000" ) diff --git a/scripts/pcanywhere-brute.nse b/scripts/pcanywhere-brute.nse index 11688936f..3c737287f 100644 --- a/scripts/pcanywhere-brute.nse +++ b/scripts/pcanywhere-brute.nse @@ -85,7 +85,7 @@ Driver = { if(not(status)) then return false, brute.Error:new( "Couldn't connect to host: " .. err ) end - status, err = self.socket:send(bin.pack("H","00000000")) --initial hello + status, err = self.socket:send(stdnse.fromhex("00000000")) --initial hello status, response = self.socket:receive_bytes(0) if not status and not retry then break @@ -99,13 +99,13 @@ Driver = { return false, brute.Error:new( "Probably not pcAnywhere." ) end retry = false - status, err = self.socket:send(bin.pack("H","6f06ff")) -- downgrade into legacy mode + status, err = self.socket:send(stdnse.fromhex("6f06ff")) -- downgrade into legacy mode status, response = self.socket:receive_bytes(0) - status, err = self.socket:send(bin.pack("H","6f61000900fe0000ffff00000000")) -- auth capabilities I + status, err = self.socket:send(stdnse.fromhex("6f61000900fe0000ffff00000000")) -- auth capabilities I status, response = self.socket:receive_bytes(0) - status, err = self.socket:send(bin.pack("H","6f620102000000")) -- auth capabilities II + status, err = self.socket:send(stdnse.fromhex("6f620102000000")) -- auth capabilities II status, response = self.socket:receive_bytes(0) if not status or (string.find(response,"Enter user name") == nil and string.find(response,"Enter login name") == nil) then stdnse.debug1("handshake failed") diff --git a/scripts/qscan.nse b/scripts/qscan.nse index fe278e9e0..5f857a6ef 100644 --- a/scripts/qscan.nse +++ b/scripts/qscan.nse @@ -196,7 +196,7 @@ end -- @param host Host object -- @return TCP Packet object local genericpkt = function(host) - local pkt = bin.pack("H", + local pkt = stdnse.fromhex( "4500 002c 55d1 0000 8006 0000 0000 0000" .. "0000 0000 0000 0000 0000 0000 0000 0000" .. "6002 0c00 0000 0000 0204 05b4" diff --git a/scripts/rdp-vuln-ms12-020.nse b/scripts/rdp-vuln-ms12-020.nse index 464011cac..c154a79f5 100644 --- a/scripts/rdp-vuln-ms12-020.nse +++ b/scripts/rdp-vuln-ms12-020.nse @@ -83,7 +83,7 @@ action = function(host, port) .. "0000" -- dst reference .. "0000" -- src reference .. "00" -- class and options - local connectionRequest = bin.pack("H",connectionRequestStr) + local connectionRequest = stdnse.fromhex(connectionRequestStr) -- see http://msdn.microsoft.com/en-us/library/cc240836%28v=prot.10%29.aspx local connectInitialStr = "03000065" -- TPKT Header @@ -120,14 +120,14 @@ action = function(host, port) .. "0202ffff" -- maxMCSPDUSize .. "020102" -- protocolVersion .. "0400" -- userData - local connectInitial = bin.pack("H",connectInitialStr) + local connectInitial = stdnse.fromhex(connectInitialStr) -- see http://msdn.microsoft.com/en-us/library/cc240835%28v=prot.10%29.aspx local userRequestStr = "0300" -- header .. "0008" -- length .. "02f080" -- X.224 Data TPDU (2 bytes: 0xf0 = Data TPDU, 0x80 = EOT, end of transmission) .. "28" -- PER encoded PDU contents - local userRequest = bin.pack("H",userRequestStr) + local userRequest = stdnse.fromhex(userRequestStr) local user1,user2 local pos @@ -184,7 +184,7 @@ action = function(host, port) status, err = socket:send(connectionRequest) status, response = socket:receive_bytes(0) - if response ~= bin.pack("H","0300000b06d00000123400") then + if response ~= stdnse.fromhex("0300000b06d00000123400") then --probably not rdp at all stdnse.debug1("not RDP") return nil @@ -199,11 +199,11 @@ action = function(host, port) pos,user2 = bin.unpack(">S",response:sub(10,11)) -- second user's channel - 1001 user2 = user2+1001 -- second user's channel local data4 = bin.pack(">SS",user1,user2) - local data5 = bin.pack("H","0300000c02f08038") -- channel join request TPDU + local data5 = stdnse.fromhex("0300000c02f08038") -- channel join request TPDU local channelJoinRequest = data5 .. data4 status, err = socket:send(channelJoinRequest) -- bogus channel join request user1 requests channel of user2 status, response = socket:receive_bytes(0) - if response:sub(8,9) == bin.pack("H","3e00") then + if response:sub(8,9) == stdnse.fromhex("3e00") then -- 3e00 indicates a successful join -- see http://msdn.microsoft.com/en-us/library/cc240911%28v=prot.10%29.aspx -- service is vulnerable diff --git a/scripts/rmi-vuln-classloader.nse b/scripts/rmi-vuln-classloader.nse index 17aa667a7..3a737cde9 100644 --- a/scripts/rmi-vuln-classloader.nse +++ b/scripts/rmi-vuln-classloader.nse @@ -2,6 +2,7 @@ local bin = require "bin" local rmi = require "rmi" local shortport = require "shortport" local string = require "string" +local stdnse = require "stdnse" local vulns = require "vulns" description = [[ @@ -90,7 +91,7 @@ Default configuration of RMI registry allows loading classes from remote URLs wh local report = vulns.Report:new(SCRIPT_NAME, host, port); rmi_vuln.state = vulns.STATE.NOT_VULN; - rmiArgs:addRaw(bin.pack("H", argsRaw)); + rmiArgs:addRaw(stdnse.fromhex( argsRaw)); -- reference: java/rmi/dgc/DGCImpl_Stub.java and java/rmi/dgc/DGCImpl_Skel.java -- we are calling DGC's (its objectId is 2) method with opnum 0 diff --git a/scripts/s7-info.nse b/scripts/s7-info.nse index b563ff440..10eec00a1 100644 --- a/scripts/s7-info.nse +++ b/scripts/s7-info.nse @@ -184,17 +184,17 @@ end -- @param port port that was scanned via nmap action = function(host, port) -- COTP packet with a dst of 102 -local COTP = bin.pack("H", "0300001611e00000001400c1020100c2020" .. "102" .. "c0010a") +local COTP = stdnse.fromhex( "0300001611e00000001400c1020100c2020" .. "102" .. "c0010a") -- COTP packet with a dst of 200 - local alt_COTP = bin.pack("H", "0300001611e00000000500c1020100c2020" .. "200" .. "c0010a") + local alt_COTP = stdnse.fromhex( "0300001611e00000000500c1020100c2020" .. "200" .. "c0010a") -- setup the ROSCTR Packet - local ROSCTR_Setup = bin.pack("H", "0300001902f08032010000000000080000f0000001000101e0") + local ROSCTR_Setup = stdnse.fromhex( "0300001902f08032010000000000080000f0000001000101e0") -- setup the Read SZL information packet - local Read_SZL = bin.pack("H", "0300002102f080320700000000000800080001120411440100ff09000400110001") + local Read_SZL = stdnse.fromhex( "0300002102f080320700000000000800080001120411440100ff09000400110001") -- setup the first SZL request (gather the basic hardware and version number) - local first_SZL_Request = bin.pack("H", "0300002102f080320700000000000800080001120411440100ff09000400110001") + local first_SZL_Request = stdnse.fromhex( "0300002102f080320700000000000800080001120411440100ff09000400110001") -- setup the second SZL request - local second_SZL_Request = bin.pack("H", "0300002102f080320700000000000800080001120411440100ff090004001c0001") + local second_SZL_Request = stdnse.fromhex( "0300002102f080320700000000000800080001120411440100ff090004001c0001") -- response is used to collect the packet responses local response -- output table for Nmap diff --git a/scripts/smb-vuln-ms10-054.nse b/scripts/smb-vuln-ms10-054.nse index 9c6b7efed..dbbfb2686 100644 --- a/scripts/smb-vuln-ms10-054.nse +++ b/scripts/smb-vuln-ms10-054.nse @@ -133,7 +133,7 @@ to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulne local status, smbstate = smb.start_ex(host, true, true, share, nil, nil, nil) local param = "0501" -- Query FS Attribute Info - local status, result = send_transaction2(smbstate,0x03,bin.pack("H",param)) + local status, result = send_transaction2(smbstate,0x03,stdnse.fromhex(param)) status, result = smb.smb_read(smbstate,true) -- see if we can still talk to the victim if not status then -- if not , it has crashed ms10_054.state = vulns.STATE.VULN diff --git a/scripts/telnet-encryption.nse b/scripts/telnet-encryption.nse index 8173a0feb..d89a7f279 100644 --- a/scripts/telnet-encryption.nse +++ b/scripts/telnet-encryption.nse @@ -77,7 +77,7 @@ action = function(host, port) local socket = nmap.new_socket() local status = socket:connect(host, port) - local data = bin.pack("H", "FFFD26FFFB26") + local data = stdnse.fromhex( "FFFD26FFFB26") local result socket:set_timeout(7500)