PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Refactor IP ID capture loop. Fixes #2464

Browse Source 
Rectify use of inaccessible library function packet.u16, incidentally
introduced in r38135 (041838d986)
This commit is contained in:
nnposter
2022-04-10 20:13:06 +00:00
parent 705ac8d978
commit 639efbd214
2 changed files with 17 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
#Nmap Changelog ($Id$); -*-text-*- #Nmap Changelog ($Id$); -*-text-*-
o [GH#2464] Script ipidseq was broken due to calling an unreachable library
function. [nnposter]
o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap o [GH#2420][GH#2436] Support for EC crypto was not properly enabled if Nmap
was compiled with OpenSSL in a custom location. [nnposter] was compiled with OpenSSL in a custom location. [nnposter]

43
scripts/ipidseq.nse
View File

@@ -3,7 +3,6 @@ local math = require "math"
local nmap = require "nmap" local nmap = require "nmap"
local packet = require "packet" local packet = require "packet"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string"
local table = require "table" local table = require "table"
description = [[ description = [[
@@ -41,13 +40,6 @@ local NUMPROBES = 6
local ipidseqport local ipidseqport
--- Pcap check function
-- @return Destination and source IP addresses and TCP ports
local check = function(layer3)
local ip = packet.Packet:new(layer3, layer3:len())
return string.pack('>c4c4I2I2', ip.ip_bin_dst, ip.ip_bin_src, ip.tcp_dport, ip.tcp_sport)
end
--- Updates a TCP Packet object --- Updates a TCP Packet object
-- @param tcp The TCP object -- @param tcp The TCP object
local updatepkt = function(tcp) local updatepkt = function(tcp)
@@ -73,9 +65,6 @@ local genericpkt = function(host, port)
tcp:ip_set_bin_src(host.bin_ip_src) tcp:ip_set_bin_src(host.bin_ip_src)
tcp:ip_set_bin_dst(host.bin_ip) tcp:ip_set_bin_dst(host.bin_ip)
tcp:tcp_set_dport(port) tcp:tcp_set_dport(port)
updatepkt(tcp)
return tcp return tcp
end end
@@ -203,7 +192,6 @@ hostrule = function(host)
end end
action = function(host) action = function(host)
local i = 1
local ipids = {} local ipids = {}
local sock = nmap.new_dnet() local sock = nmap.new_dnet()
local pcap = nmap.new_socket() local pcap = nmap.new_socket()
@@ -219,24 +207,21 @@ action = function(host)
pcap:set_timeout(host.times.timeout * 1000) pcap:set_timeout(host.times.timeout * 1000)
local tcp = genericpkt(host, ipidseqport) local sndpkt = genericpkt(host, ipidseqport)
while i <= NUMPROBES do for _ = 1, NUMPROBES do
try(sock:ip_send(tcp.buf, host)) updatepkt(sndpkt)
try(sock:ip_send(sndpkt.buf, host))
local status, len, _, layer3 = pcap:pcap_receive() local recvpkt
local test = string.pack('>c4c4I2I2', tcp.ip_bin_src, tcp.ip_bin_dst, tcp.tcp_sport, tcp.tcp_dport) repeat
while status and test ~= check(layer3) do recvpkt = nil
status, len, _, layer3 = pcap:pcap_receive() local status, _, _, recvdata = pcap:pcap_receive()
end if not status then break end
recvpkt = packet.Packet:new(recvdata, #recvdata)
if status then until recvpkt and recvpkt.tcp_dport == sndpkt.tcp_sport
table.insert(ipids, packet.u16(layer3, 4)) if not recvpkt then break end
end stdnse.debug2("Received IP ID %d (0x%x)", recvpkt.ip_id, recvpkt.ip_id)
table.insert(ipids, recvpkt.ip_id)
updatepkt(tcp)
i = i + 1
end end
pcap:close() pcap:close()