From 2455b4dc89bfa0588c7062ffea6ddbee0b6fca9f Mon Sep 17 00:00:00 2001
From: david <david@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Sat, 30 Jan 2010 04:41:25 +0000
Subject: [PATCH] Use the Quake 2 and Quake 3 server status probes as UDP
 payloads.

---
 CHANGELOG  |  4 ++--
 payload.cc | 17 +++++++++++++++++
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 0ca0f9c0d..bca669d46 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -2,8 +2,8 @@
 
 [NOT YET RELEASED]
 
-o Added service probes for games based on the Quake 2 and Quake 3
-  engine, submitted by Mak Kolybabi.
+o Added service probes and UDP payloads for games based on the Quake 2
+  and Quake 3 engine, submitted by Mak Kolybabi.
 
 o [NSE] Added two new scripts for the MongoDB database from Martin
   Holst Swende. mongodb-info gets information like the version number,
diff --git a/payload.cc b/payload.cc
index 64bb33293..84fe9422f 100644
--- a/payload.cc
+++ b/payload.cc
@@ -241,6 +241,12 @@ static const char payload_citrix[] =
   "\x1e\x00\x01\x30\x02\xfd\xa8\xe3\x00\x00\x00\x00\x00\x00\x00\x00"
   "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
 
+/* Quake 2 and Quake 3 game servers (and servers of derived games like Nexuiz).
+   Gets game information from the server (see probe responses in
+   nmap-service-probes). */
+static const char payload_quake2[] = "\xff\xff\xff\xffstatus";
+static const char payload_quake3[] = "\xff\xff\xff\xffgetstatus";
+
 static const char payload_null[] = "";
 
 
@@ -318,6 +324,17 @@ const char *udp_port2payload(u16 dport, size_t *length){
     case 10080:
       SET_PAYLOAD(payload_amanda);
       break;
+    /* These servers are commonly run on a base port or a few port numbers
+       higher. */
+    case 27910: case 27911: case 27912: case 27913: case 27914:
+      SET_PAYLOAD(payload_quake2);
+      break;
+    case 26000: case 26001: case 26002: case 26003: case 26004: /* Nexuiz */
+    case 27960: case 27961: case 27962: case 27963: case 27964: /* Several */
+    case 30720: case 30721: case 30722: case 30723: case 30724: /* Tremulous */
+    case 44400: /* Warsow */
+      SET_PAYLOAD(payload_quake3);
+      break;
     default:
       SET_PAYLOAD(payload_null);
       break;