PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Fix NSE hangs when service sends non-matching data to receive_buf

Browse Source
This commit is contained in:
dmiller
2017-03-29 20:41:59 +00:00
parent 85e10c6b2b
commit 3dec043ead
26 changed files with 92 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@@ -1,5 +1,11 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] Fixed several potential hangs in NSE scripts that used
receive_buf(pattern), which will not return if the service continues to send
data that does not match pattern. A new function in match.lua, pattern_limit,
is introduced to limit the number of bytes consumed while searching for the
pattern. [Daniel Miller, Jacek Wielemborek]
o [NSE] The HTTP response object has a new member, fragment, which contains o [NSE] The HTTP response object has a new member, fragment, which contains
a partially received body (if any) when the overall request fails to a partially received body (if any) when the overall request fails to
complete. [nnposter] complete. [nnposter]

3
nselib/imap.lua
View File

@@ -27,6 +27,7 @@
local base64 = require "base64" local base64 = require "base64"
local comm = require "comm" local comm = require "comm"
local match = require "match"
local sasl = require "sasl" local sasl = require "sasl"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local table = require "table" local table = require "table"
@@ -61,7 +62,7 @@ IMAP = {
receive = function(self) receive = function(self)
local data = "" local data = ""
repeat repeat
local status, tmp = self.socket:receive_buf("\r\n", false) local status, tmp = self.socket:receive_buf(match.pattern_limit("\r\n", 1024), false)
if( not(status) ) then return false, tmp end if( not(status) ) then return false, tmp end
data = data .. tmp data = data .. tmp
until( tmp:match(("^A%04d"):format(self.counter - 1)) or tmp:match("^%+")) until( tmp:match(("^A%04d"):format(self.counter - 1)) or tmp:match("^%+"))

20
nselib/match.lua
View File

@@ -6,6 +6,7 @@
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
local stdnse = require "stdnse" local stdnse = require "stdnse"
local find = (require "string").find
_ENV = stdnse.module("match", stdnse.seeall) _ENV = stdnse.module("match", stdnse.seeall)
--various functions for use with NSE's nsock:receive_buf - function --various functions for use with NSE's nsock:receive_buf - function
@@ -38,5 +39,24 @@ numbytes = function(num)
end end
end end
--- Search for a pattern within a set number of bytes
--
-- This function behaves just like passing a pattern to receive_buf, but it
-- will only receive a predefined number of bytes before returning the buffer.
-- @param pattern The pattern to search for
-- @param within The number of bytes to consume
-- @usage sock:receive_buf(match.pattern_limit("\r\n", 80), true)
pattern_limit = function (pattern, within)
local n = within
return function(buf)
local left, right = find(buf, pattern)
if left then
return left, right
elseif #buf >= n then
return n, n
end
return nil
end
end
return _ENV; return _ENV;

6
nselib/nmap.luadoc
View File

@@ -615,6 +615,12 @@ function receive_bytes(n)
-- matching against regular expressions or byte counts. These functions are -- matching against regular expressions or byte counts. These functions are
-- suitable as arguments to <code>receive_buf</code>. -- suitable as arguments to <code>receive_buf</code>.
-- --
-- NOTE: If a pattern is used, receive_buf will continue to receive data until
-- the pattern matches or there is a timeout. If the service never stops
-- sending non-matching data, receive_buf will never return. Using
-- <code>match.pattern_limit</code> can avoid this by imposing a limit on how
-- many bytes to read before returning the entire non-matching buffer.
--
-- The second argument to <code>receive_buf</code> is a Boolean value -- The second argument to <code>receive_buf</code> is a Boolean value
-- controlling whether the delimiting string is returned along with the -- controlling whether the delimiting string is returned along with the
-- received data (true) or discarded (false). -- received data (true) or discarded (false).

3
nselib/pop3.lua
View File

@@ -5,6 +5,7 @@
local base64 = require "base64" local base64 = require "base64"
local comm = require "comm" local comm = require "comm"
local match = require "match"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string" local string = require "string"
local table = require "table" local table = require "table"
@@ -163,7 +164,7 @@ function capabilities(host, port)
return nil, "Failed to send" return nil, "Failed to send"
end end
status, line = socket:receive_buf("%.", false) status, line = socket:receive_buf(match.pattern_limit("%.", 2048), false)
if( not(status) ) then if( not(status) ) then
return nil, "Failed to receive" return nil, "Failed to receive"
end end

8
nselib/redis.lua
View File

@@ -49,7 +49,7 @@ Response = {
end, end,
receive = function(self) receive = function(self)
local status, data = self.socket:receive_buf("\r\n", false) local status, data = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( not(status) ) then if ( not(status) ) then
return false, "Failed to receive data from server" return false, "Failed to receive data from server"
end end
@@ -83,7 +83,7 @@ Response = {
return false, "Failed to receive data from server" return false, "Failed to receive data from server"
end end
-- move past the terminal CRLF -- move past the terminal CRLF
local status, crlf = self.socket:receive_buf("\r\n", false) local status, crlf = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
return true, { data = data, type = Response.Type.BULK } return true, { data = data, type = Response.Type.BULK }
end end
@@ -95,12 +95,12 @@ Response = {
for i=1, count do for i=1, count do
-- peel of the length -- peel of the length
local status = self.socket:receive_buf("\r\n", false) local status = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if( not(status) ) then if( not(status) ) then
return false, "Failed to receive data from server" return false, "Failed to receive data from server"
end end
status, data = self.socket:receive_buf("\r\n", false) status, data = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if( not(status) ) then if( not(status) ) then
return false, "Failed to receive data from server" return false, "Failed to receive data from server"
end end

4
nselib/rsync.lua
View File

@@ -39,7 +39,7 @@ Helper = {
if ( not(status) ) then if ( not(status) ) then
return false, err return false, err
end end
local status, data = self.socket:receive_buf("\n", false) local status, data = self.socket:receive_buf(match.pattern_limit("\n", 2048), false)
if( not(status) ) then if( not(status) ) then
return false, err return false, err
end end
@@ -119,7 +119,7 @@ Helper = {
local modules = {} local modules = {}
while(true) do while(true) do
status, data = self.socket:receive_buf("\n", false) status, data = self.socket:receive_buf(match.pattern_limit("\n", 2048), false)
if (not(status)) then if (not(status)) then
return false, data return false, data
end end

2
nselib/vnc.lua
View File

@@ -175,7 +175,7 @@ VNC = {
-- @return status, true on success, false on failure -- @return status, true on success, false on failure
-- @return error string containing error message if status is false -- @return error string containing error message if status is false
handshake = function(self) handshake = function(self)
local status, data = self.socket:receive_buf("[\r\n]+", true) local status, data = self.socket:receive_buf(match.pattern_limit("[\r\n]+", 16), true)
if not status or not string.match(data, "^RFB %d%d%d%.%d%d%d[\r\n]") then if not status or not string.match(data, "^RFB %d%d%d%.%d%d%d[\r\n]") then
stdnse.debug1("ERROR: Not a VNC port. Banner: %s", data) stdnse.debug1("ERROR: Not a VNC port. Banner: %s", data)
return false, "Not a VNC port." return false, "Not a VNC port."

7
nselib/xmpp.lua
View File

@@ -32,6 +32,7 @@
-- CRAM-MD5 and LOGIN <patrik@cqure.net> -- CRAM-MD5 and LOGIN <patrik@cqure.net>
local base64 = require "base64" local base64 = require "base64"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local sasl = require "sasl" local sasl = require "sasl"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -94,7 +95,7 @@ TagProcessor = {
if ( tag.finish ) then return true end if ( tag.finish ) then return true end
local newtag local newtag
repeat repeat
local status, data = socket:receive_buf(">", true) local status, data = socket:receive_buf(match.pattern_limit(">", 2048), true)
if ( not(status) ) then if ( not(status) ) then
return false, ("ERROR: Failed to process %s tag"):format(tag.name) return false, ("ERROR: Failed to process %s tag"):format(tag.name)
end end
@@ -105,7 +106,7 @@ TagProcessor = {
end, end,
["challenge"] = function(socket, tag) ["challenge"] = function(socket, tag)
local status, data = socket:receive_buf(">", true) local status, data = socket:receive_buf(match.pattern_limit(">", 2048), true)
if ( not(status) ) then return false, "ERROR: Failed to read challenge tag" end if ( not(status) ) then return false, "ERROR: Failed to read challenge tag" end
local tag = XML.parse_tag(data) local tag = XML.parse_tag(data)
@@ -174,7 +175,7 @@ XMPP = {
receive_tag = function(self, tag, close) receive_tag = function(self, tag, close)
local result local result
repeat repeat
local status, data = self.socket:receive_buf(">", true) local status, data = self.socket:receive_buf(match.pattern_limit(">", 2048), true)
if ( not(status) ) then return false, data end if ( not(status) ) then return false, data end
result = XML.parse_tag(data) result = XML.parse_tag(data)
until( ( not(tag) and (close == nil or result.finish == close ) ) or until( ( not(tag) and (close == nil or result.finish == close ) ) or

3
scripts/dict-info.nse
View File

@@ -1,4 +1,5 @@
local nmap = require "nmap" local nmap = require "nmap"
local match = require "match"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local table = require "table" local table = require "table"
@@ -58,7 +59,7 @@ action = function(host, port)
local srvinfo local srvinfo
repeat repeat
local status, data = socket:receive_buf("\r\n", false) local status, data = socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( not(status) ) then if ( not(status) ) then
return fail("Failed to read response from server") return fail("Failed to read response from server")
elseif ( data:match("^5") ) then elseif ( data:match("^5") ) then

4
scripts/distcc-cve2004-2687.nse
View File

@@ -1,4 +1,5 @@
local nmap = require "nmap" local nmap = require "nmap"
local match = require "match"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local vulns = require "vulns" local vulns = require "vulns"
@@ -95,7 +96,8 @@ earlier. The vulnerability is the consequence of weak service configuration.
end end
end end
local status, data = socket:receive_buf("DOTO00000000", false) -- Command could have lots of output, need to cut it off somewhere. 4096 should be enough.
local status, data = socket:receive_buf(match.pattern_limit("DOTO00000000", 4096), false)
if ( status ) then if ( status ) then
local output = data:match("SOUT%w%w%w%w%w%w%w%w(.*)") local output = data:match("SOUT%w%w%w%w%w%w%w%w(.*)")

3
scripts/ftp-anon.nse
View File

@@ -1,4 +1,5 @@
local ftp = require "ftp" local ftp = require "ftp"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -84,7 +85,7 @@ local function list(socket, target, max_lines)
local listing = {} local listing = {}
while not max_lines or #listing < max_lines do while not max_lines or #listing < max_lines do
local status, data = list_socket:receive_buf("\r?\n", false) local status, data = list_socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if (not status and data == "EOF") or data == "" then if (not status and data == "EOF") or data == "" then
break break
end end

9
scripts/gkrellm-info.nse
View File

@@ -1,4 +1,5 @@
local math = require "math" local math = require "math"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -140,11 +141,11 @@ action = function(host, port)
end end
-- If there's an error we get a response back, and only then -- If there's an error we get a response back, and only then
local status, data = socket:receive_buf("\n", false) local status, data = socket:receive_buf(match.pattern_limit("\n", 2048), false)
if( status and data ~= "<error>" ) then if( status and data ~= "<error>" ) then
return fail("An unknown error occurred, aborting ...") return fail("An unknown error occurred, aborting ...")
elseif ( status ) then elseif ( status ) then
status, data = socket:receive_buf("\n", false) status, data = socket:receive_buf(match.pattern_limit("\n", 2048), false)
if ( status ) then if ( status ) then
return fail(data) return fail(data)
else else
@@ -157,7 +158,7 @@ action = function(host, port)
end end
local tags = {} local tags = {}
local status, tag = socket:receive_buf("\n", false) local status, tag = socket:receive_buf(match.pattern_limit("\n", 2048), false)
while(true) do while(true) do
if ( not(status) ) then if ( not(status) ) then
break break
@@ -175,7 +176,7 @@ action = function(host, port)
while(true) do while(true) do
local data local data
status, data = socket:receive_buf("\n", false) status, data = socket:receive_buf(match.pattern_limit("\n", 2048), false)
if ( not(status) ) then if ( not(status) ) then
break break
end end

3
scripts/gpsd-info.nse
View File

@@ -1,4 +1,5 @@
local gps = require "gps" local gps = require "gps"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local os = require "os" local os = require "os"
local shortport = require "shortport" local shortport = require "shortport"
@@ -79,7 +80,7 @@ action = function(host, port)
repeat repeat
local entry local entry
status, line = socket:receive_buf("\r\n", false) status, line = socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( status ) then if ( status ) then
status, entry = gps.NMEA.parse(line) status, entry = gps.NMEA.parse(line)
if ( status ) then if ( status ) then

3
scripts/icap-info.nse
View File

@@ -1,4 +1,5 @@
local nmap = require "nmap" local nmap = require "nmap"
local match = require "match"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local table = require "table" local table = require "table"
@@ -97,7 +98,7 @@ action = function(host, port)
return fail("Failed to send request to server") return fail("Failed to send request to server")
end end
local status, resp = socket:receive_buf("\r\n\r\n", false) local status, resp = socket:receive_buf(match.pattern_limit("\r\n\r\n", 2048), false)
if ( not(status) ) then if ( not(status) ) then
return fail("Failed to receive response from server") return fail("Failed to receive response from server")
end end

5
scripts/irc-brute.nse
View File

@@ -1,6 +1,7 @@
local brute = require "brute" local brute = require "brute"
local comm = require "comm" local comm = require "comm"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -69,7 +70,7 @@ Driver = {
end end
repeat repeat
local status, response = self.socket:receive_buf("\r?\n", false) local status, response = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
-- we check for the RPL_WELCOME message, if we don't see it, -- we check for the RPL_WELCOME message, if we don't see it,
-- we failed to authenticate -- we failed to authenticate
if ( status and response:match("^:.-%s(%d*)%s") == "001" ) then if ( status and response:match("^:.-%s(%d*)%s") == "001" ) then
@@ -96,7 +97,7 @@ local function needsPassword(host, port)
local err, code local err, code
repeat repeat
local status, response = s:receive_buf("\r?\n", false) local status, response = s:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if ( status ) then if ( status ) then
code = tonumber(response:match("^:.-%s(%d*)%s")) code = tonumber(response:match("^:.-%s(%d*)%s"))
-- break after first code -- break after first code

3
scripts/memcached-info.nse
View File

@@ -1,4 +1,5 @@
local nmap = require "nmap" local nmap = require "nmap"
local match = require "match"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local tab = require "tab" local tab = require "tab"
@@ -72,7 +73,7 @@ end
local function recvResponse(socket) local function recvResponse(socket)
local kvs = {} local kvs = {}
repeat repeat
local status, response = socket:receive_buf("\r\n", false) local status, response = socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( not(status) ) then if ( not(status) ) then
return false, "Failed to receive response from server" return false, "Failed to receive response from server"
end end

3
scripts/metasploit-xmlrpc-brute.nse
View File

@@ -1,6 +1,7 @@
local brute = require "brute" local brute = require "brute"
local comm = require "comm" local comm = require "comm"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -62,7 +63,7 @@ Driver =
-- Create a buffer and receive the first line -- Create a buffer and receive the first line
local response local response
status, response = self.socket:receive_buf("\r?\n", false) status, response = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if (response == nil or string.match(response,"<name>faultString</name><value><string>authentication error</string>")) then if (response == nil or string.match(response,"<name>faultString</name><value><string>authentication error</string>")) then
stdnse.debug2("Bad login: %s/%s", username, password) stdnse.debug2("Bad login: %s/%s", username, password)

3
scripts/mmouse-brute.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute" local brute = require "brute"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -66,7 +67,7 @@ Driver = {
return false, err return false, err
end end
local status, data = self.socket:receive_buf("\04", true) local status, data = self.socket:receive_buf(match.pattern_limit("\04", 2048), true)
if (data:match("^CONNECTED\30([^\30]*)") == "NO" ) then if (data:match("^CONNECTED\30([^\30]*)") == "NO" ) then
return false, brute.Error:new( "Incorrect password" ) return false, brute.Error:new( "Incorrect password" )

3
scripts/mmouse-exec.nse
View File

@@ -1,4 +1,5 @@
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -52,7 +53,7 @@ portrule = shortport.port_or_service(51010, "mmouse", "tcp")
local function receiveData(socket, cmd) local function receiveData(socket, cmd)
local status, data = "" local status, data = ""
repeat repeat
status, data = socket:receive_buf("\04", true) status, data = socket:receive_buf(match.pattern_limit("\04", 2048), true)
if ( not(status) ) then if ( not(status) ) then
return false, "Failed to receive data from server" return false, "Failed to receive data from server"
end end

3
scripts/nessus-brute.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute" local brute = require "brute"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
@@ -65,7 +66,7 @@ Driver =
end end
local line local line
status, line = self.socket:receive_buf("\r?\n", false) status, line = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if ( not(status) or line ~= "< NTP/1.2 >" ) then if ( not(status) or line ~= "< NTP/1.2 >" ) then
local err = brute.Error:new( "The server failed to respond to handshake" ) local err = brute.Error:new( "The server failed to respond to handshake" )
err:setAbort( true ) err:setAbort( true )

5
scripts/openvas-otp-brute.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute" local brute = require "brute"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -59,7 +60,7 @@ Driver =
end end
local response local response
status, response = self.socket:receive_buf("\r?\n", false) status, response = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if ( not(status) or response ~= "< OTP/1.0 >" ) then if ( not(status) or response ~= "< OTP/1.0 >" ) then
local err = brute.Error:new( "Bad handshake from server: "..response ) local err = brute.Error:new( "Bad handshake from server: "..response )
err:setAbort(true) err:setAbort(true)
@@ -82,7 +83,7 @@ Driver =
-- Create a buffer and receive the first line -- Create a buffer and receive the first line
local line local line
status, line = self.socket:receive_buf("\r?\n", false) status, line = self.socket:receive_buf(match.pattern_limit("\r?\n", 2048), false)
if (line == nil or string.match(line,"Bad login")) then if (line == nil or string.match(line,"Bad login")) then
stdnse.debug2("Bad login: %s/%s", username, password) stdnse.debug2("Bad login: %s/%s", username, password)

7
scripts/servicetags.nse
View File

@@ -1,4 +1,5 @@
local nmap = require "nmap" local nmap = require "nmap"
local match = require "match"
local os = require "os" local os = require "os"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -210,7 +211,7 @@ function get_agent(host, port, output)
socket:close() socket:close()
return nil, err return nil, err
end end
status, response = socket:receive_buf("</st1:response>", true) status, response = socket:receive_buf(match.pattern_limit("</st1:response>", 2048), true)
if not status then if not status then
socket:close() socket:close()
return nil, response return nil, response
@@ -242,7 +243,7 @@ function get_svctag_list(host, port)
socket:close() socket:close()
return nil, err return nil, err
end end
status, response = socket:receive_buf("</service_tags>", true) status, response = socket:receive_buf(match.pattern_limit("</service_tags>", 2048), true)
if not status then if not status then
socket:close() socket:close()
return nil, response return nil, response
@@ -272,7 +273,7 @@ function get_svctag(host, port, svctag)
socket:close() socket:close()
return nil, err return nil, err
end end
status, response = socket:receive_buf("</st1:response>", true) status, response = socket:receive_buf(match.pattern_limit("</st1:response>", 2048), true)
if not status then if not status then
socket:close() socket:close()
return nil, response return nil, response

3
scripts/telnet-brute.nse
View File

@@ -1,6 +1,7 @@
local comm = require "comm" local comm = require "comm"
local coroutine = require "coroutine" local coroutine = require "coroutine"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -258,7 +259,7 @@ end
Connection.methods.get_line = function (self) Connection.methods.get_line = function (self)
if self.buffer:len() == 0 then if self.buffer:len() == 0 then
-- refill the buffer -- refill the buffer
local status, data = self.socket:receive_buf("[\r\n:>%%%$#\255].*", true) local status, data = self.socket:receive_buf(match.pattern_limit("[\r\n:>%%%$#\255].*", 2048), true)
if not status then if not status then
-- connection error -- connection error
self.error = data self.error = data

9
scripts/vmauthd-brute.nse
View File

@@ -1,5 +1,6 @@
local brute = require "brute" local brute = require "brute"
local creds = require "creds" local creds = require "creds"
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -45,7 +46,7 @@ Driver = {
end, end,
login = function(self, username, password) login = function(self, username, password)
local status, line = self.socket:receive_buf("\r\n", false) local status, line = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( line:match("^220 VMware Authentication Daemon.*SSL Required") ) then if ( line:match("^220 VMware Authentication Daemon.*SSL Required") ) then
self.socket:reconnect_ssl() self.socket:reconnect_ssl()
end end
@@ -57,7 +58,7 @@ Driver = {
return false, err return false, err
end end
local status, response = self.socket:receive_buf("\r\n", false) local status, response = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( not(status) or not(response:match("^331") ) ) then if ( not(status) or not(response:match("^331") ) ) then
local err = brute.Error:new( "Received unexpected response from server" ) local err = brute.Error:new( "Received unexpected response from server" )
err:setRetry( true ) err:setRetry( true )
@@ -70,7 +71,7 @@ Driver = {
err:setRetry( true ) err:setRetry( true )
return false, err return false, err
end end
status, response = self.socket:receive_buf("\r\n", false) status, response = self.socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
if ( response:match("^230") ) then if ( response:match("^230") ) then
return true, creds.Account:new(username, password, creds.State.VALID) return true, creds.Account:new(username, password, creds.State.VALID)
@@ -93,7 +94,7 @@ local function checkAuthd(host, port)
return false, "Failed to connect to server" return false, "Failed to connect to server"
end end
local status, line = socket:receive_buf("\r\n", false) local status, line = socket:receive_buf(match.pattern_limit("\r\n", 2048), false)
socket:close() socket:close()
if ( not(status) ) then if ( not(status) ) then
return false, "Failed to receive response from server" return false, "Failed to receive response from server"

3
scripts/xmpp-info.nse
View File

@@ -1,3 +1,4 @@
local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -201,7 +202,7 @@ local id_database = {
} }
local receive_tag = function(conn) local receive_tag = function(conn)
local status, data = conn:receive_buf(">", true) local status, data = conn:receive_buf(match.pattern_limit(">", 256), true)
if data then stdnse.debug2("%s", data) end if data then stdnse.debug2("%s", data) end
return status and xmpp.XML.parse_tag(data) return status and xmpp.XML.parse_tag(data)
end end