mirror of
https://github.com/nmap/nmap.git
synced 2025-12-27 18:09:01 +00:00
Re-indent some scripts. Whitespace-only commit
https://secwiki.org/w/Nmap/Code_Standards
This commit is contained in:
dmiller
@@ -54,86 +54,86 @@ portrule = shortport.port_or_service({389,636}, {"ldap","ldapssl"})
|
||||
|
||||
function action(host,port)
|
||||
|
||||
local username = stdnse.get_script_args("ldap-novell-getpass.username")
|
||||
local password = stdnse.get_script_args("ldap-novell-getpass.password") or ""
|
||||
local account = stdnse.get_script_args("ldap-novell-getpass.account")
|
||||
local username = stdnse.get_script_args("ldap-novell-getpass.username")
|
||||
local password = stdnse.get_script_args("ldap-novell-getpass.password") or ""
|
||||
local account = stdnse.get_script_args("ldap-novell-getpass.account")
|
||||
|
||||
if ( not(username) ) then
|
||||
return "\n ERROR: No username was supplied (ldap-novell-getpass.username)"
|
||||
end
|
||||
if ( not(account) ) then
|
||||
return "\n ERROR: No account was supplied (ldap-novell-getpass.account)"
|
||||
else
|
||||
-- do some basic account validation
|
||||
if ( not(account:match("^[Cc][Nn]=.*,") ) ) then
|
||||
return "\n ERROR: The account argument should be specified as:\n" ..
|
||||
" \"CN=name,OU=orgunit,O=org\""
|
||||
end
|
||||
end
|
||||
if ( not(username) ) then
|
||||
return "\n ERROR: No username was supplied (ldap-novell-getpass.username)"
|
||||
end
|
||||
if ( not(account) ) then
|
||||
return "\n ERROR: No account was supplied (ldap-novell-getpass.account)"
|
||||
else
|
||||
-- do some basic account validation
|
||||
if ( not(account:match("^[Cc][Nn]=.*,") ) ) then
|
||||
return "\n ERROR: The account argument should be specified as:\n" ..
|
||||
" \"CN=name,OU=orgunit,O=org\""
|
||||
end
|
||||
end
|
||||
|
||||
-- In order to discover what protocol to use (SSL/TCP) we need to send a
|
||||
-- few bytes to the server. An anonymous bind should do it
|
||||
local anon_bind = bin.pack("H", "300c020101600702010304008000" )
|
||||
local socket, _, opt = comm.tryssl( host, port, anon_bind, nil )
|
||||
if ( not(socket) ) then
|
||||
return "\n ERROR: Failed to connect to LDAP server"
|
||||
end
|
||||
-- In order to discover what protocol to use (SSL/TCP) we need to send a
|
||||
-- few bytes to the server. An anonymous bind should do it
|
||||
local anon_bind = bin.pack("H", "300c020101600702010304008000" )
|
||||
local socket, _, opt = comm.tryssl( host, port, anon_bind, nil )
|
||||
if ( not(socket) ) then
|
||||
return "\n ERROR: Failed to connect to LDAP server"
|
||||
end
|
||||
|
||||
local status, errmsg = ldap.bindRequest( socket, {
|
||||
version = 3,
|
||||
username = username,
|
||||
password = password
|
||||
}
|
||||
)
|
||||
local status, errmsg = ldap.bindRequest( socket, {
|
||||
version = 3,
|
||||
username = username,
|
||||
password = password
|
||||
}
|
||||
)
|
||||
|
||||
if ( not(status) ) then return errmsg end
|
||||
if ( not(status) ) then return errmsg end
|
||||
|
||||
-- Start encoding the NMAS Get Password Request
|
||||
local NMASLDAP_GET_PASSWORD_REQUEST = "2.16.840.1.113719.1.39.42.100.13"
|
||||
local NMASLDAP_GET_PASSWORD_RESPONSE = "2.16.840.1.113719.1.39.42.100.14"
|
||||
-- Add a trailing zero to the account name
|
||||
local data = ldap.encode( account .. '\0' )
|
||||
-- Start encoding the NMAS Get Password Request
|
||||
local NMASLDAP_GET_PASSWORD_REQUEST = "2.16.840.1.113719.1.39.42.100.13"
|
||||
local NMASLDAP_GET_PASSWORD_RESPONSE = "2.16.840.1.113719.1.39.42.100.14"
|
||||
-- Add a trailing zero to the account name
|
||||
local data = ldap.encode( account .. '\0' )
|
||||
|
||||
-- The following section could do with more documentation
|
||||
-- It's based on packet dumps from the getpass utility available from Novell Cool Solutions
|
||||
-- encode the account name as a sequence
|
||||
data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020101") .. data } )
|
||||
data = ldap.encode( { _ldaptype = '81', data } )
|
||||
data = ldap.encode( { _ldaptype = '80', NMASLDAP_GET_PASSWORD_REQUEST } ) .. data
|
||||
data = ldap.encode( { _ldaptype = '77', data } )
|
||||
-- The following section could do with more documentation
|
||||
-- It's based on packet dumps from the getpass utility available from Novell Cool Solutions
|
||||
-- encode the account name as a sequence
|
||||
data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020101") .. data } )
|
||||
data = ldap.encode( { _ldaptype = '81', data } )
|
||||
data = ldap.encode( { _ldaptype = '80', NMASLDAP_GET_PASSWORD_REQUEST } ) .. data
|
||||
data = ldap.encode( { _ldaptype = '77', data } )
|
||||
|
||||
-- encode the whole extended request as a sequence
|
||||
data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020102") .. data } )
|
||||
-- encode the whole extended request as a sequence
|
||||
data = ldap.encode( { _ldaptype = '30', bin.pack("H", "020102") .. data } )
|
||||
|
||||
status = socket:send(data)
|
||||
if ( not(status) ) then return "ERROR: Failed to send request" end
|
||||
status = socket:send(data)
|
||||
if ( not(status) ) then return "ERROR: Failed to send request" end
|
||||
|
||||
status, data = socket:receive()
|
||||
if ( not(status) ) then return data end
|
||||
socket:close()
|
||||
status, data = socket:receive()
|
||||
if ( not(status) ) then return data end
|
||||
socket:close()
|
||||
|
||||
local _, response = ldap.decode(data)
|
||||
local _, response = ldap.decode(data)
|
||||
|
||||
-- make sure the result code was a success
|
||||
local rescode = ( #response >= 2 ) and response[2]
|
||||
local respname = ( #response >= 5 ) and response[5]
|
||||
-- make sure the result code was a success
|
||||
local rescode = ( #response >= 2 ) and response[2]
|
||||
local respname = ( #response >= 5 ) and response[5]
|
||||
|
||||
if ( rescode ~= 0 ) then
|
||||
local errmsg = ( #response >= 4 ) and response[4] or "An unknown error occured"
|
||||
return "\n ERROR: " .. errmsg
|
||||
end
|
||||
if ( rescode ~= 0 ) then
|
||||
local errmsg = ( #response >= 4 ) and response[4] or "An unknown error occured"
|
||||
return "\n ERROR: " .. errmsg
|
||||
end
|
||||
|
||||
-- make sure we get a NMAS Get Password Response back from the server
|
||||
if ( respname ~= NMASLDAP_GET_PASSWORD_RESPONSE ) then return end
|
||||
-- make sure we get a NMAS Get Password Response back from the server
|
||||
if ( respname ~= NMASLDAP_GET_PASSWORD_RESPONSE ) then return end
|
||||
|
||||
local universal_pw = ( #response >= 6 and #response[6] >= 3 ) and response[6][3]
|
||||
local universal_pw = ( #response >= 6 and #response[6] >= 3 ) and response[6][3]
|
||||
|
||||
if ( universal_pw ) then
|
||||
local output = {}
|
||||
table.insert(output, ("Account: %s"):format(account))
|
||||
table.insert(output, ("Password: %s"):format(universal_pw))
|
||||
return stdnse.format_output(true, output)
|
||||
else
|
||||
return "\n ERROR: No password was found"
|
||||
end
|
||||
if ( universal_pw ) then
|
||||
local output = {}
|
||||
table.insert(output, ("Account: %s"):format(account))
|
||||
table.insert(output, ("Password: %s"):format(universal_pw))
|
||||
return stdnse.format_output(true, output)
|
||||
else
|
||||
return "\n ERROR: No password was found"
|
||||
end
|
||||
end
|
||||
|
||||
Reference in New Issue
Block a user