PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in

Browse Source 
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present
This commit is contained in:
patrik
2012-08-05 12:05:07 +00:00
parent 7864c3cb08
commit 6f43ac38b2
21 changed files with 216 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
nse_main.lua
View File

@@ -1114,13 +1114,15 @@ if script_database_update then
sort(scripts);
for i, script in ipairs(scripts) do
script = Script.new(script);
sort(script.categories);
db:write('Entry { filename = "', script.basename, '", ');
db:write('categories = {');
for j, category in ipairs(script.categories) do
db:write(' "', lower(category), '",');
if ( script ) then
sort(script.categories);
db:write('Entry { filename = "', script.basename, '", ');
db:write('categories = {');
for j, category in ipairs(script.categories) do
db:write(' "', lower(category), '",');
end
db:write(' } }\n');
end
db:write(' } }\n');
end
db:close();
log_write("stdout", "Script Database updated successfully.");

7
nselib/afp.lua
View File

@@ -114,18 +114,13 @@
local bin = require "bin"
local bit = require "bit"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("afp", stdnse.seeall);
local HAVE_SSL = false
if pcall(require,'openssl') then
HAVE_SSL = true
end
local HAVE_SSL, openssl = pcall(require,'openssl')
-- Table of valid REQUESTs
local REQUEST = {

3
nselib/bitcoin.lua
View File

@@ -35,11 +35,10 @@
local bin = require "bin"
local ipOps = require "ipOps"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local stdnse = require "stdnse"
local table = require "table"
stdnse.silent_require('openssl')
local openssl = stdnse.silent_require('openssl')
_ENV = stdnse.module("bitcoin", stdnse.seeall)
-- A class that supports the BitCoin network address structure

3
nselib/http.lua
View File

@@ -105,7 +105,6 @@ local base64 = require "base64"
local comm = require "comm"
local coroutine = require "coroutine"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local stdnse = require "stdnse"
local string = require "string"
@@ -114,7 +113,7 @@ local url = require "url"
_ENV = stdnse.module("http", stdnse.seeall)
---Use ssl if we have it
local have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))
local have_ssl, openssl = pcall(require,'openssl')
local USER_AGENT = stdnse.get_script_args('http.useragent') or "Mozilla/5.0 (compatible; Nmap Scripting Engine; http://nmap.org/book/nse.html)"
local MAX_REDIRECT_COUNT = 5

2
nselib/iax2.lua
View File

@@ -9,9 +9,9 @@ local bin = require "bin"
local bit = require "bit"
local math = require "math"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
local table = require "table"
_ENV = stdnse.module("iax2", stdnse.seeall)

2
nselib/iscsi.lua
View File

@@ -40,8 +40,8 @@ local bin = require "bin"
local bit = require "bit"
local ipOps = require "ipOps"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("iscsi", stdnse.seeall)

3
nselib/mssql.lua
View File

@@ -107,7 +107,6 @@ local bit = require "bit"
local math = require "math"
local match = require "match"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local shortport = require "shortport"
local smb = require "smb"
@@ -132,7 +131,7 @@ _ENV = stdnse.module("mssql", stdnse.seeall)
--
-- (Patrik Karlsson, Chris Woodbury)
HAVE_SSL = (nmap.have_ssl() and pcall(require, "openssl"))
local openssl, HAVE_SSL = pcall(require, "openssl")
do
namedpipes = smb.namedpipes

7
nselib/mysql.lua
View File

@@ -10,7 +10,6 @@
local bin = require "bin"
local bit = require "bit"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
@@ -26,11 +25,7 @@ _ENV = stdnse.module("mysql", stdnse.seeall)
local tab = require('tab')
local HAVE_SSL = false
if pcall(require,'openssl') then
HAVE_SSL = true
end
local HAVE_SSL, openssl = pcall(require,'openssl')
Capabilities =
{

2
nselib/pgsql.lua
View File

@@ -14,8 +14,8 @@
local bin = require "bin"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("pgsql", stdnse.seeall)

8
nselib/pop3.lua
View File

@@ -6,18 +6,12 @@
local base64 = require "base64"
local comm = require "comm"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("pop3", stdnse.seeall)
local HAVE_SSL = false
if pcall(require,'openssl') then
HAVE_SSL = true
end
local HAVE_SSL, openssl = pcall(require,'openssl')
err = {

379
nselib/sasl.lua
View File

@@ -43,206 +43,201 @@
local bin = require "bin"
local bit = require "bit"
local openssl = require "openssl"
local smbauth = require "smbauth"
local stdnse = require "stdnse"
local string = require "string"
_ENV = stdnse.module("sasl", stdnse.seeall)
local HAVE_SSL = false
local HAVE_SSL, openssl = pcall(require, 'openssl')
if ( not(HAVE_SSL) ) then
stdnse.print_debug(1,
"sasl.lua: OpenSSL not present, SASL support limited.")
end
local MECHANISMS = { }
-- Calculates a DIGEST MD5 response
DigestMD5 = {
--- Instantiates DigestMD5
--
-- @param chall string containing the base64 decoded challenge
-- @return a new instance of DigestMD5
new = function(self, chall, username, password, method, uri, service, realm)
local o = { nc = 0,
chall = chall,
challnvs = {},
username = username,
password = password,
method = method,
uri = uri,
service = service,
realm = realm }
setmetatable(o, self)
self.__index = self
o:parseChallenge()
return o
end,
-- parses a challenge received from the server
-- takes care of both quoted and unqoted identifiers
-- regardless of what RFC says
parseChallenge = function(self)
local results = {}
local start, stop = 0,0
while(true) do
local name, value
start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
if ( not(start) ) then break end
if ( self.chall:sub(stop + 1, stop + 1) == "\"" ) then
start, stop, value = self.chall:find("(.-)\"", stop + 2)
else
start, stop, value = self.chall:find("([^,]*)", stop + 1)
end
self.challnvs[name:lower()] = value
start, stop = self.chall:find("%s*,%s*", stop + 1)
if ( not(start) ) then break end
end
end,
--- Calculates the digest
calcDigest = function( self )
local uri = self.uri or ("%s/%s"):format(self.service, "localhost")
local realm = self.realm or self.challnvs.realm or ""
local cnonce = stdnse.tohex(openssl.rand_bytes( 8 ))
local qop = "auth"
self.nc = self.nc + 1
local A1_part1 = openssl.md5(self.username .. ":" .. (self.challnvs.realm or "") .. ":" .. self.password)
local A1 = stdnse.tohex(openssl.md5(A1_part1 .. ":" .. self.challnvs.nonce .. ':' .. cnonce))
local A2 = stdnse.tohex(openssl.md5(("%s:%s"):format(self.method, uri)))
local digest = stdnse.tohex(openssl.md5(A1 .. ":" .. self.challnvs.nonce .. ":" ..
("%08d"):format(self.nc) .. ":" .. cnonce .. ":" ..
qop .. ":" .. A2))
local response = "username=\"" .. self.username .. "\""
response = response .. (",%s=\"%s\""):format("realm", realm)
response = response .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
response = response .. (",%s=\"%s\""):format("cnonce", cnonce)
response = response .. (",%s=%08d"):format("nc", self.nc)
response = response .. (",%s=%s"):format("qop", "auth")
response = response .. (",%s=\"%s\""):format("digest-uri", uri)
response = response .. (",%s=%s"):format("response", digest)
response = response .. (",%s=%s"):format("charset", "utf-8")
return response
end,
}
-- The NTLM class handling NTLM challenge response authentication
NTLM = {
--- Creates a new instance of the NTLM class
--
-- @param chall string containing the challenge received from the server
-- @param username string containing the username
-- @param password string containing the password
-- @return new instance of NTML
new = function(self, chall, username, password)
local o = { nc = 0,
chall = chall,
username = username,
password = password}
setmetatable(o, self)
self.__index = self
o:parseChallenge()
return o
end,
--- Converst str to "unicode" (adds null bytes for every other byte)
-- @param str containing string to convert
-- @return unicode string containing the unicoded str
to_unicode = function(str)
local unicode = ""
for i = 1, #str, 1 do
unicode = unicode .. bin.pack("<S", string.byte(str, i))
end
return unicode
end,
--- Parses the NTLM challenge as received from the server
parseChallenge = function(self)
local NTLM_NegotiateUnicode = 0x00000001
local NTLM_NegotiateExtendedSecurity = 0x00080000
local pos, _, message_type
pos, _, message_type, _, _,
_, self.flags, self.chall, _,
_, _, _ = bin.unpack("<A8ISSIIA8LSSI", self.chall)
if ( message_type ~= 0x02 ) then
error("NTLM parseChallenge expected message type: 0x02")
end
self.is_extended = ( bit.band(self.flags, NTLM_NegotiateExtendedSecurity) == NTLM_NegotiateExtendedSecurity )
local is_unicode = ( bit.band(self.flags, NTLM_NegotiateUnicode) == NTLM_NegotiateUnicode )
self.workstation = "NMAP-HOST"
self.domain = self.username:match("^(.-)\\(.*)$") or "DOMAIN"
if ( is_unicode ) then
self.workstation = self.to_unicode(self.workstation)
self.username = self.to_unicode(self.username)
self.domain = self.to_unicode(self.domain)
end
end,
--- Calculates the response
calcResponse = function(self)
local ntlm, lm = smbauth.get_password_response(nil, self.username, self.domain, self.password, nil, "v1", self.chall, self.is_extended)
local msg_type = 3
local response
local BASE_OFFSET = 72
local offset
local encrypted_random_sesskey = ""
local flags = 0xa2888205 -- (NTLM_NegotiateUnicode | \
-- NTLM_RequestTarget | \
-- NTLM_NegotiateNTLM | \
-- NTLM_NegotiateAlwaysSign | \
-- NTLM_NegotiateExtendedSecurity | \
-- NTLM_NegotiateTargetInfo | \
-- NTLM_NegotiateVersion | \
-- NTLM_Negotiate128 | \
-- NTLM_Negotiate56)
response = bin.pack("<AI", "NTLMSSP\0", msg_type)
offset = BASE_OFFSET + #self.workstation + #self.username + #self.domain
response = response .. bin.pack("<SSI", #lm, #lm, offset)
offset = offset + #lm
response = response .. bin.pack("<SSI", #ntlm, #ntlm, offset)
offset = BASE_OFFSET
response = response .. bin.pack("<SSI", #self.domain, #self.domain, offset)
offset = BASE_OFFSET + #self.domain
response = response .. bin.pack("<SSI", #self.username, #self.username, offset)
offset = BASE_OFFSET + #self.domain + #self.username
response = response .. bin.pack("<SSI", #self.workstation, #self.workstation, offset)
offset = offset + #self.workstation + #lm + #ntlm
response = response .. bin.pack("<SSI", #encrypted_random_sesskey, #encrypted_random_sesskey, offset)
response = response .. bin.pack("<I", flags)
-- add version info (major 5, minor 1, build 2600, reserved(1-3) 0,
-- NTLM Revision 15)
response = response .. bin.pack("<CCSCCCC", 5, 1, 2600, 0, 0, 0, 15)
response = response .. self.domain .. self.username .. self.workstation .. ntlm .. lm .. encrypted_random_sesskey
return response
end
}
if pcall(require, 'openssl') then
HAVE_SSL = true
else
stdnse.print_debug(1,
"sasl.lua: OpenSSL not present, SASL support limited.")
end
if HAVE_SSL then
-- Calculates a DIGEST MD5 response
DigestMD5 = {
--- Instantiates DigestMD5
--
-- @param chall string containing the base64 decoded challenge
-- @return a new instance of DigestMD5
new = function(self, chall, username, password, method, uri, service, realm)
local o = { nc = 0,
chall = chall,
challnvs = {},
username = username,
password = password,
method = method,
uri = uri,
service = service,
realm = realm }
setmetatable(o, self)
self.__index = self
o:parseChallenge()
return o
end,
-- parses a challenge received from the server
-- takes care of both quoted and unqoted identifiers
-- regardless of what RFC says
parseChallenge = function(self)
local results = {}
local start, stop = 0,0
while(true) do
local name, value
start, stop, name = self.chall:find("([^=]*)=%s*", stop + 1)
if ( not(start) ) then break end
if ( self.chall:sub(stop + 1, stop + 1) == "\"" ) then
start, stop, value = self.chall:find("(.-)\"", stop + 2)
else
start, stop, value = self.chall:find("([^,]*)", stop + 1)
end
self.challnvs[name:lower()] = value
start, stop = self.chall:find("%s*,%s*", stop + 1)
if ( not(start) ) then break end
end
end,
--- Calculates the digest
calcDigest = function( self )
local uri = self.uri or ("%s/%s"):format(self.service, "localhost")
local realm = self.realm or self.challnvs.realm or ""
local cnonce = stdnse.tohex(openssl.rand_bytes( 8 ))
local qop = "auth"
self.nc = self.nc + 1
local A1_part1 = openssl.md5(self.username .. ":" .. (self.challnvs.realm or "") .. ":" .. self.password)
local A1 = stdnse.tohex(openssl.md5(A1_part1 .. ":" .. self.challnvs.nonce .. ':' .. cnonce))
local A2 = stdnse.tohex(openssl.md5(("%s:%s"):format(self.method, uri)))
local digest = stdnse.tohex(openssl.md5(A1 .. ":" .. self.challnvs.nonce .. ":" ..
("%08d"):format(self.nc) .. ":" .. cnonce .. ":" ..
qop .. ":" .. A2))
local response = "username=\"" .. self.username .. "\""
response = response .. (",%s=\"%s\""):format("realm", realm)
response = response .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
response = response .. (",%s=\"%s\""):format("cnonce", cnonce)
response = response .. (",%s=%08d"):format("nc", self.nc)
response = response .. (",%s=%s"):format("qop", "auth")
response = response .. (",%s=\"%s\""):format("digest-uri", uri)
response = response .. (",%s=%s"):format("response", digest)
response = response .. (",%s=%s"):format("charset", "utf-8")
return response
end,
}
-- The NTLM class handling NTLM challenge response authentication
NTLM = {
--- Creates a new instance of the NTLM class
--
-- @param chall string containing the challenge received from the server
-- @param username string containing the username
-- @param password string containing the password
-- @return new instance of NTML
new = function(self, chall, username, password)
local o = { nc = 0,
chall = chall,
username = username,
password = password}
setmetatable(o, self)
self.__index = self
o:parseChallenge()
return o
end,
--- Converst str to "unicode" (adds null bytes for every other byte)
-- @param str containing string to convert
-- @return unicode string containing the unicoded str
to_unicode = function(str)
local unicode = ""
for i = 1, #str, 1 do
unicode = unicode .. bin.pack("<S", string.byte(str, i))
end
return unicode
end,
--- Parses the NTLM challenge as received from the server
parseChallenge = function(self)
local NTLM_NegotiateUnicode = 0x00000001
local NTLM_NegotiateExtendedSecurity = 0x00080000
local pos, _, message_type
pos, _, message_type, _, _,
_, self.flags, self.chall, _,
_, _, _ = bin.unpack("<A8ISSIIA8LSSI", self.chall)
if ( message_type ~= 0x02 ) then
error("NTLM parseChallenge expected message type: 0x02")
end
self.is_extended = ( bit.band(self.flags, NTLM_NegotiateExtendedSecurity) == NTLM_NegotiateExtendedSecurity )
local is_unicode = ( bit.band(self.flags, NTLM_NegotiateUnicode) == NTLM_NegotiateUnicode )
self.workstation = "NMAP-HOST"
self.domain = self.username:match("^(.-)\\(.*)$") or "DOMAIN"
if ( is_unicode ) then
self.workstation = self.to_unicode(self.workstation)
self.username = self.to_unicode(self.username)
self.domain = self.to_unicode(self.domain)
end
end,
--- Calculates the response
calcResponse = function(self)
local ntlm, lm = smbauth.get_password_response(nil, self.username, self.domain, self.password, nil, "v1", self.chall, self.is_extended)
local msg_type = 3
local response
local BASE_OFFSET = 72
local offset
local encrypted_random_sesskey = ""
local flags = 0xa2888205 -- (NTLM_NegotiateUnicode | \
-- NTLM_RequestTarget | \
-- NTLM_NegotiateNTLM | \
-- NTLM_NegotiateAlwaysSign | \
-- NTLM_NegotiateExtendedSecurity | \
-- NTLM_NegotiateTargetInfo | \
-- NTLM_NegotiateVersion | \
-- NTLM_Negotiate128 | \
-- NTLM_Negotiate56)
response = bin.pack("<AI", "NTLMSSP\0", msg_type)
offset = BASE_OFFSET + #self.workstation + #self.username + #self.domain
response = response .. bin.pack("<SSI", #lm, #lm, offset)
offset = offset + #lm
response = response .. bin.pack("<SSI", #ntlm, #ntlm, offset)
offset = BASE_OFFSET
response = response .. bin.pack("<SSI", #self.domain, #self.domain, offset)
offset = BASE_OFFSET + #self.domain
response = response .. bin.pack("<SSI", #self.username, #self.username, offset)
offset = BASE_OFFSET + #self.domain + #self.username
response = response .. bin.pack("<SSI", #self.workstation, #self.workstation, offset)
offset = offset + #self.workstation + #lm + #ntlm
response = response .. bin.pack("<SSI", #encrypted_random_sesskey, #encrypted_random_sesskey, offset)
response = response .. bin.pack("<I", flags)
-- add version info (major 5, minor 1, build 2600, reserved(1-3) 0,
-- NTLM Revision 15)
response = response .. bin.pack("<CCSCCCC", 5, 1, 2600, 0, 0, 0, 15)
response = response .. self.domain .. self.username .. self.workstation .. ntlm .. lm .. encrypted_random_sesskey
return response
end
}
--- Encodes the parameters using the <code>CRAM-MD5</code> mechanism.
--
-- @param username string.

2
nselib/sip.lua
View File

@@ -44,9 +44,9 @@
local bin = require "bin"
local math = require "math"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("sip", stdnse.seeall)

3
nselib/smbauth.lua
View File

@@ -82,13 +82,12 @@
local bin = require "bin"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("smbauth", stdnse.seeall)
have_ssl = (nmap.have_ssl() and pcall(require, "openssl"))
local openssl, have_ssl = pcall(require, "openssl")
-- Constants
local NTLMSSP_NEGOTIATE = 0x00000001

2
nselib/ssh1.lua
View File

@@ -10,8 +10,8 @@ local bin = require "bin"
local bit = require "bit"
local math = require "math"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
_ENV = stdnse.module("ssh1", stdnse.seeall)
--- Retrieve the size of the packet that is being received

7
nselib/vnc.lua
View File

@@ -31,17 +31,12 @@
local bin = require "bin"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("vnc", stdnse.seeall)
local HAVE_SSL = false
if pcall(require,'openssl') then
HAVE_SSL = true
end
local HAVE_SSL, openssl = pcall(require,'openssl')
VNC = {

7
nselib/wsdd.lua
View File

@@ -34,17 +34,12 @@
local bin = require "bin"
local nmap = require "nmap"
local openssl = require "openssl"
local stdnse = require "stdnse"
local table = require "table"
local target = require "target"
_ENV = stdnse.module("wsdd", stdnse.seeall)
local HAVE_SSL = false
if pcall(require,'openssl') then
HAVE_SSL = true
end
local HAVE_SSL, openssl = pcall(require,'openssl')
-- The different probes
local probes = {

3
scripts/dns-nsec3-enum.nse
View File

@@ -2,7 +2,6 @@ local stdnse = require "stdnse"
local shortport = require "shortport"
local dns = require "dns"
local base32 = require "base32"
local openssl = require "openssl"
local msrpc = require "msrpc" -- just for random string generation
local math = require "math"
local bin = require "bin"
@@ -10,6 +9,8 @@ local nmap = require "nmap"
local string = require "string"
local table = require "table"
local openssl = stdnse.silent_require "openssl"
description = [[
Tries to enumerate domain names from the DNS server that supports DNSSEC
NSEC3 records.

4
scripts/http-userdir-enum.nse
View File

@@ -3,7 +3,6 @@ local bin = require "bin"
local datafiles = require "datafiles"
local http = require "http"
local nmap = require "nmap"
local openssl = require "openssl"
local os = require "os"
local shortport = require "shortport"
local stdnse = require "stdnse"
@@ -158,7 +157,8 @@ end
function randomstring()
local rnd, s, l, _
if pcall(require, "openssl") then
local status, openssl = pcall(require, "openssl")
if status then
rnd = openssl.rand_pseudo_bytes
end
s = rnd and rnd(8) or tostring( os.time() )

2
scripts/http-virustotal.nse
View File

@@ -1,8 +1,8 @@
local http = require "http"
local io = require "io"
local json = require "json"
local openssl = require "openssl"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
local tab = require "tab"
local table = require "table"

2
scripts/smb-ls.nse
View File

@@ -3,7 +3,7 @@ local smb = require 'smb'
local stdnse = require 'stdnse'
local tab = require 'tab'
local table = require "table"
local openssl= require 'openssl'
local openssl= stdnse.silent_require 'openssl'
description = [[
Attempts to retrieve useful information about files shared on SMB volumes.

2
scripts/svn-brute.nse
View File

@@ -1,9 +1,9 @@
local brute = require "brute"
local creds = require "creds"
local nmap = require "nmap"
local openssl = require "openssl"
local shortport = require "shortport"
local stdnse = require "stdnse"
local openssl = stdnse.silent_require "openssl"
description = [[
Performs brute force password auditing against Subversion source code control servers.