diff --git a/CHANGELOG b/CHANGELOG index 5ca0e0b72..bbdc5ff6d 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,7 @@ # Nmap Changelog ($Id$); -*-text-*- +o [NSE] Added teamspeak2-version.nse by Marin Maržić. + o Nmap's routing table is now sorted first by netmask, then by metric. Previously it was the other way around, which could cause a very general route with a low metric to be preferred over a specific diff --git a/scripts/script.db b/scripts/script.db index 9f14a0480..6f95bba52 100644 --- a/scripts/script.db +++ b/scripts/script.db @@ -419,6 +419,7 @@ Entry { filename = "targets-ipv6-multicast-mld.nse", categories = { "broadcast", Entry { filename = "targets-ipv6-multicast-slaac.nse", categories = { "broadcast", "discovery", } } Entry { filename = "targets-sniffer.nse", categories = { "broadcast", "discovery", "safe", } } Entry { filename = "targets-traceroute.nse", categories = { "discovery", "safe", } } +Entry { filename = "teamspeak2-version.nse", categories = { "version", } } Entry { filename = "telnet-brute.nse", categories = { "brute", "intrusive", } } Entry { filename = "telnet-encryption.nse", categories = { "discovery", "safe", } } Entry { filename = "tftp-enum.nse", categories = { "discovery", "intrusive", } } diff --git a/scripts/teamspeak2-version.nse b/scripts/teamspeak2-version.nse new file mode 100644 index 000000000..799e62bee --- /dev/null +++ b/scripts/teamspeak2-version.nse @@ -0,0 +1,60 @@ +local comm = require "comm" +local shortport = require "shortport" +local nmap = require "nmap" +local bin = require "bin" +local stdnse = require "stdnse" + +description = [[ +Detects the TeamSpeak 2 server UDP voice communication service. + +A single UDP packet (a login request) is sent. If the server does not have a +password set, the exact version, name, and OS type will also be reported on. +]] + +-- @output +-- PORT STATE SERVICE REASON VERSION +-- 8767/udp open teamspeak2 script-set TeamSpeak 2.0.23.19 (name: COWCLANS; no password) +-- Service Info: OS: Win32 + +author = "Marin Maržić" +license = "Same as Nmap--See http://nmap.org/book/man-legal.html" +categories = { "version" } + +local payload = "\xf4\xbe\x03\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x002x\xba\x85\tTeamSpeak\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\nWindows XP\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\x00 \x00<\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x08nickname\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" + +portrule = shortport.version_port_or_service({8767}, "teamspeak2", "udp") + +action = function(host, port) + local status, result = comm.exchange( + host, port.number, payload, { proto = "udp", timeout = 3000 }) + if not status then + return + end + nmap.set_port_state(host, port, "open") + + local name, platform, version = string.match(result, + "^\xf4\xbe\x04\0\0\0\0\0.............([^\0]*)%G+([^\0]*)\0*(........)") + if not name then + return + end + + port.version.name = "teamspeak2" + port.version.name_confidence = 10 + port.version.product = "TeamSpeak" + if name == "" then + port.version.version = "2" + else + _, v_a, v_b, v_c, v_d = bin.unpack("