merge soc07 r4921:4925 - Fixed a bug in NSE that caused incorrect state summaries (and an assertion failure); added udp iax2 test script

2026-02-07 14:06:33 +00:00 · 2007-08-11 04:23:17 +00:00
parent 0c123a1056
commit 1e2f0bea4f
2 changed files with 61 additions and 0 deletions
--- a/nse_nmaplib.cc
+++ b/nse_nmaplib.cc
@@ -9,6 +9,7 @@
 #include "nmap_rpc.h"
 #include "Target.h"
 #include "output.h"
+#include "portlist.h"

 #define SCRIPT_ENGINE_GETSTRING(name) \
 	char* name; \
@@ -307,6 +308,7 @@ static int l_get_port_state(lua_State* l, Target* target, Port* port) {
 * */
 static int l_set_port_state(lua_State* l, Target* target, Port* port) {
 	char* state;
+	PortList* plist = &(target->ports);

 	luaL_checktype(l, -1, LUA_TSTRING);
 	state = strdup(lua_tostring(l, -1));
@@ -316,11 +318,13 @@ static int l_set_port_state(lua_State* l, Target* target, Port* port) {
 		case 'o':
 			if (strcmp(state, "open")) 
 				luaL_argerror (l, 4, "Invalid port state.");
+			plist->addPort(port->portno, port->proto, NULL, PORT_OPEN);
 			port->state = PORT_OPEN;
 			break;
 		case 'c':
 			if (strcmp(state, "closed"))
 				luaL_argerror (l, 4, "Invalid port state.");
+			plist->addPort(port->portno, port->proto, NULL, PORT_CLOSED);
 			port->state = PORT_CLOSED;
 			break;
 		default:
--- a/scripts/iax2Detect.nse
+++ b/scripts/iax2Detect.nse
@@ -0,0 +1,57 @@
+id= "IAX2 Service Detection"
+
+description = "Detects an listening UDP IAX2 service by using a \
+				IAX Control Frame POKE request." 
+
+author = "Ferdy Riphagen <f.riphagen@nsec.nl>"
+
+license = "See nmap's COPYING for license"
+
+categories = {"safe", "discovery"}
+
+portrule = function(host, port)
+	if port.number == 4569 and 
+	   port.protocol == "udp" 
+	then
+		return true
+	else
+		return false
+	end
+end
+
+action = function(host, port)
+	local soc = nmap.new_socket()
+	soc:set_timeout(10000)
+	local conn = soc:connect(host.ip, port.number, port.protocol)
+
+	if (conn) then
+	 	-- see http://www.cornfed.com/iax.pdf for all options.
+		local poke = string.char(0x80, 0x00, 0x00, 0x00)
+		poke = poke .. string.char(0x00, 0x00, 0x00, 0x00)  
+		poke = poke .. string.char(0x00, 0x00, 0x06, 0x1e)
+		soc:send(poke)
+
+		local status, recv
+		status, recv = soc:receive_bytes(1)
+        
+		if (string.len(recv)) == 12 then
+			local byte11 = string.format("%02X", string.byte(recv, 11))
+			local byte12 = string.format("%02X", string.byte(recv, 12))
+
+			-- byte11 must be \x06 IAX Control Frame
+			-- and byte12 must be \x03 or \x04
+			if ((byte11 == "06") and
+			   (byte12 == ("03" or "04"))) 
+			then
+				nmap.set_port_state(host, port, "open")
+			    port.version.name = "iax2"
+			    nmap.set_port_version(host, port, "hardmatched")
+			end
+	
+		end
+
+		soc:close()
+
+	end
+
+end