mirror of
https://github.com/nmap/nmap.git
synced 2025-12-27 01:49:03 +00:00
more stdnse.print_debug -> stdnse.debug
This is a catchall pattern with a few exclusions. $ sed -i 's/stdnse.print_debug( *\([0-9]*\) *, *\(.*\))/stdnse.debug\1(\2)/' *.nse $ sed -i 's/stdnse.print_debug(\(.*\))/stdnse.debug1(\1)/' *.nse Excluded: $ svn revert db2-das-info.nse $ svn revert flume-master-info.nse $ svn revert http-headers.nse $ svn revert http-methods.nse $ svn revert http-unsafe-output-escaping.nse $ svn revert http-userdir-enum.nse $ svn revert http-vuln-cve2011-3192.nse $ svn revert http-vuln-wnr1000-creds.nse $ svn revert http-wordpress-plugins.nse $ svn revert telnet-brute.nse
This commit is contained in:
batrick
@@ -70,19 +70,19 @@ action = function( host, port )
|
||||
status, response = helper:OpenSession( host, port )
|
||||
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug("OpenSession failed")
|
||||
stdnse.debug1("OpenSession failed")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
stdnse.print_debug("Trying %s/%s ...", username, password)
|
||||
stdnse.debug1("Trying %s/%s ...", username, password)
|
||||
status, response = helper:Login( username, password )
|
||||
|
||||
-- if the response is "Parameter error." we're dealing with Netatalk
|
||||
-- This basically means that the user account does not exist
|
||||
-- In this case, why bother continuing? Simply abort and thank Netatalk for the fish
|
||||
if response:match("Parameter error.") then
|
||||
stdnse.print_debug("Netatalk told us the user does not exist! Thanks.")
|
||||
stdnse.debug1("Netatalk told us the user does not exist! Thanks.")
|
||||
-- mark it as "found" to skip it
|
||||
found_users[username] = true
|
||||
end
|
||||
|
||||
@@ -51,7 +51,7 @@ categories = {"intrusive", "brute"}
|
||||
-- which is specified by the ports script argument
|
||||
portrule = function(host, port)
|
||||
if not stdnse.get_script_args(SCRIPT_NAME .. ".ports") then
|
||||
stdnse.print_debug(3,"Skipping '%s' %s, 'ports' argument is missing.",SCRIPT_NAME, SCRIPT_TYPE)
|
||||
stdnse.debug3("Skipping '%s' %s, 'ports' argument is missing.",SCRIPT_NAME, SCRIPT_TYPE)
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -59,7 +59,7 @@ portrule = function(host, port)
|
||||
|
||||
--print out a debug message if port 31337/udp is open
|
||||
if port.number==31337 and port.protocol == "udp" and not(ports) then
|
||||
stdnse.print_debug("Port 31337/udp is open. Possibility of version detection and password bruteforcing using the backorifice-brute script")
|
||||
stdnse.debug1("Port 31337/udp is open. Possibility of version detection and password bruteforcing using the backorifice-brute script")
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
@@ -894,13 +894,13 @@ function standard_query(socket, type)
|
||||
--try to pull the information
|
||||
local status, result = socket:send(query)
|
||||
if(status == false) then
|
||||
stdnse.print_debug(1, "Socket error sending query: %s", result)
|
||||
stdnse.debug1("Socket error sending query: %s", result)
|
||||
return nil
|
||||
end
|
||||
-- receive packet from response
|
||||
local rcvstatus, response = socket:receive()
|
||||
if(rcvstatus == false) then
|
||||
stdnse.print_debug(1, "Socket error receiving: %s", response)
|
||||
stdnse.debug1("Socket error receiving: %s", response)
|
||||
return nil
|
||||
end
|
||||
-- validate valid BACNet Packet
|
||||
@@ -913,12 +913,12 @@ function standard_query(socket, type)
|
||||
return field_size(response)
|
||||
-- if it was an error packet, set the string to error for later purposes
|
||||
else
|
||||
stdnse.print_debug(1, "Error receiving: BACNet Error")
|
||||
stdnse.debug1("Error receiving: BACNet Error")
|
||||
return nil
|
||||
end
|
||||
-- else ERROR
|
||||
else
|
||||
stdnse.print_debug(1, "Error receiving Vendor ID: Invalid BACNet packet")
|
||||
stdnse.debug1("Error receiving Vendor ID: Invalid BACNet packet")
|
||||
return nil
|
||||
end
|
||||
|
||||
@@ -938,13 +938,13 @@ function vendornum_query(socket)
|
||||
--send the vendor information
|
||||
local status, result = socket:send(vendor_query)
|
||||
if(status == false) then
|
||||
stdnse.print_debug(1, "Socket error sending vendor query: %s", result)
|
||||
stdnse.debug1("Socket error sending vendor query: %s", result)
|
||||
return nil
|
||||
end
|
||||
-- receive vendor information packet
|
||||
local rcvstatus, response = socket:receive()
|
||||
if(rcvstatus == false) then
|
||||
stdnse.print_debug(1, "Socket error receiving vendor query: %s", response)
|
||||
stdnse.debug1("Socket error receiving vendor query: %s", response)
|
||||
return nil
|
||||
end
|
||||
-- validate valid BACNet Packet
|
||||
@@ -956,7 +956,7 @@ function vendornum_query(socket)
|
||||
-- this value determines if vendor number is 1 or 2 bytes
|
||||
pos, value = bin.unpack("C", response, 18)
|
||||
else
|
||||
stdnse.print_debug(1, "Error receiving Vendor ID: BACNet Error")
|
||||
stdnse.debug1("Error receiving Vendor ID: BACNet Error")
|
||||
return nil
|
||||
end
|
||||
-- if value is 21 (byte 18)
|
||||
@@ -974,7 +974,7 @@ function vendornum_query(socket)
|
||||
return vendor_lookup(vendornum)
|
||||
else
|
||||
-- set return value to an Error if byte 18 was not 21/22
|
||||
stdnse.print_debug(1, "Error receiving Vendor ID: Invalid BACNet packet")
|
||||
stdnse.debug1("Error receiving Vendor ID: Invalid BACNet packet")
|
||||
return nil
|
||||
end
|
||||
end
|
||||
@@ -1024,7 +1024,7 @@ action = function(host, port)
|
||||
-- receive response
|
||||
local rcvstatus, response = sock:receive()
|
||||
if(rcvstatus == false) then
|
||||
stdnse.print_debug(1, "Receive error: %s", response)
|
||||
stdnse.debug1("Receive error: %s", response)
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
@@ -76,7 +76,7 @@ action = function()
|
||||
table.insert(output,
|
||||
"After NULL UDP avahi packet DoS (CVE-2011-1002).")
|
||||
|
||||
stdnse.print_debug(3, "sleeping for %d seconds", wtime)
|
||||
stdnse.debug3("sleeping for %d seconds", wtime)
|
||||
stdnse.sleep(wtime)
|
||||
-- try to re-discover hosts
|
||||
status, result = helper:queryServices()
|
||||
|
||||
@@ -50,7 +50,7 @@ action = function()
|
||||
sock:set_timeout(2 * DROPBOX_BROADCAST_PERIOD * 1000)
|
||||
local status, result = sock:bind(nil, DROPBOX_PORT)
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Could not bind on port %d: %s", DROPBOX_PORT, result)
|
||||
stdnse.debug1("Could not bind on port %d: %s", DROPBOX_PORT, result)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
@@ -78,10 +78,10 @@ action = function()
|
||||
-- Get IP address of broadcasting host.
|
||||
local status, _, _, ip, _ = sock:get_info()
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Failed to get socket info.")
|
||||
stdnse.debug1("Failed to get socket info.")
|
||||
break
|
||||
end
|
||||
stdnse.print_debug(1, "Received broadcast from host %s (%s).", info.displayname, ip)
|
||||
stdnse.debug1("Received broadcast from host %s (%s).", info.displayname, ip)
|
||||
|
||||
-- Check if we've already seen this ID.
|
||||
if ids[info.host_int] then
|
||||
@@ -114,7 +114,7 @@ action = function()
|
||||
stdnse.strjoin(", ", info.namespaces)
|
||||
)
|
||||
|
||||
stdnse.print_debug(1, "Added host %s.", info.displayname)
|
||||
stdnse.debug1("Added host %s.", info.displayname)
|
||||
end
|
||||
|
||||
status, result = sock:receive()
|
||||
|
||||
@@ -261,7 +261,7 @@ action = function()
|
||||
until next(lthreads) == nil;
|
||||
|
||||
if #astab > 0 then
|
||||
stdnse.print_debug("Will use %s A.S value.", astab[1])
|
||||
stdnse.debug1("Will use %s A.S value.", astab[1])
|
||||
as = astab[1]
|
||||
else
|
||||
return "\n ERROR: Couldn't get an A.S value."
|
||||
|
||||
@@ -209,7 +209,7 @@ end
|
||||
local igmpRaw = function(interface, version)
|
||||
-- Only 1, 2 and 3 are valid IGMP versions
|
||||
if version ~= 1 and version ~= 2 and version ~= 3 then
|
||||
stdnse.print_debug("IGMP version %s doesn't exist.", version)
|
||||
stdnse.debug1("IGMP version %s doesn't exist.", version)
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -161,7 +161,7 @@ sniffInterface = function(iface, Decoders, decodertab)
|
||||
-- The packet was decoded successfully but we don't have a valid decoder
|
||||
-- Report this
|
||||
elseif ( p and p.udp_dport ) then
|
||||
stdnse.print_debug(2, "No decoder for dst port %d", p.udp_dport)
|
||||
stdnse.debug2("No decoder for dst port %d", p.udp_dport)
|
||||
-- we don't have a packet, so this is most likely something layer2 based
|
||||
-- in that case, check the ether Decoder table for pattern matches
|
||||
else
|
||||
@@ -184,7 +184,7 @@ sniffInterface = function(iface, Decoders, decodertab)
|
||||
end
|
||||
-- no decoder was found for this layer2 packet
|
||||
if ( not(decoded) and #data > 10 ) then
|
||||
stdnse.print_debug(1, "No decoder for packet hex: %s", select(2, bin.unpack("H10", data) ) )
|
||||
stdnse.debug1("No decoder for packet hex: %s", select(2, bin.unpack("H10", data) ) )
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -60,7 +60,7 @@ action = function()
|
||||
if ( srv_name and domain_name ) then
|
||||
tab.addrow(outtab, v.peer, srv_name, domain_name)
|
||||
else
|
||||
stdnse.print_debug(3, "No server name or domain name was found")
|
||||
stdnse.debug3("No server name or domain name was found")
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -197,7 +197,7 @@ local broadcast_if = function(if_table,icmp_responders)
|
||||
icmp_responders[icmpreply.ip_src] = mac_pretty
|
||||
end
|
||||
else
|
||||
stdnse.print_debug("Erroneous ICMP packet received; Cannot parse IP header.")
|
||||
stdnse.debug1("Erroneous ICMP packet received; Cannot parse IP header.")
|
||||
end
|
||||
end
|
||||
|
||||
@@ -221,7 +221,7 @@ action = function()
|
||||
local interface = interface_opt or interface_arg
|
||||
local if_table = nmap.get_interface_info(interface)
|
||||
if not if_table or not if_table.address or not if_table.link=="ethernet" then
|
||||
stdnse.print_debug("Interface not supported or not properly configured.")
|
||||
stdnse.debug1("Interface not supported or not properly configured.")
|
||||
return false
|
||||
end
|
||||
table.insert(interfaces, if_table)
|
||||
@@ -237,7 +237,7 @@ action = function()
|
||||
end
|
||||
|
||||
if #interfaces == 0 then
|
||||
stdnse.print_debug("No interfaces found.")
|
||||
stdnse.debug1("No interfaces found.")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -209,7 +209,7 @@ action = function()
|
||||
|
||||
local result = {}
|
||||
for ip, resp in pairs(responses) do
|
||||
stdnse.print_debug(ip, resp)
|
||||
stdnse.debug1(ip, resp)
|
||||
table.insert(result, { name = ip, parse_response(resp) } )
|
||||
end
|
||||
return stdnse.format_output(true, result)
|
||||
|
||||
@@ -73,14 +73,14 @@ Ping = {
|
||||
len = bit.band(len, 0x0000FFFF)
|
||||
|
||||
if ( len ~= #self.data ) then
|
||||
stdnse.print_debug(2, "The packet length was reported as %d, expected %d", len, #self.data)
|
||||
stdnse.debug2("The packet length was reported as %d, expected %d", len, #self.data)
|
||||
return
|
||||
end
|
||||
|
||||
local connectionless_tds
|
||||
pos, connectionless_tds = bin.unpack("p", self.data, 9)
|
||||
if ( connectionless_tds ~= "CONNECTIONLESS_TDS" ) then
|
||||
stdnse.print_debug(2, "Did not find the expected CONNECTIONLESS_TDS header")
|
||||
stdnse.debug2("Did not find the expected CONNECTIONLESS_TDS header")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ action = function()
|
||||
|
||||
local status, _, _, ip = socket:get_info()
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(2, "Failed to get socket information")
|
||||
stdnse.debug2("Failed to get socket information")
|
||||
break
|
||||
end
|
||||
|
||||
|
||||
@@ -79,19 +79,19 @@ Driver = {
|
||||
magic = string.sub(response,18,22)
|
||||
|
||||
if (magic == cassandra.LOGINSUCC) then
|
||||
stdnse.print_debug(3, "Account SUCCESS: "..combo)
|
||||
stdnse.debug3("Account SUCCESS: "..combo)
|
||||
return true, brute.Account:new(username, password, creds.State.VALID)
|
||||
elseif (magic == cassandra.LOGINFAIL) then
|
||||
stdnse.print_debug(3,"Account FAIL: "..combo)
|
||||
stdnse.debug3("Account FAIL: "..combo)
|
||||
return false, brute.Error:new( "Incorrect password" )
|
||||
elseif (magic == cassandra.LOGINACC) then
|
||||
stdnse.print_debug(3, "Account VALID, but wrong password: "..combo)
|
||||
stdnse.debug3("Account VALID, but wrong password: "..combo)
|
||||
return false, brute.Error:new( "Good user, bad password" )
|
||||
else
|
||||
stdnse.print_debug(3, "Unrecognized packet for "..combo)
|
||||
stdnse.print_debug(3, "packet hex: %s", stdnse.tohex(response) )
|
||||
stdnse.print_debug(3, "size packet hex: %s", stdnse.tohex(size) )
|
||||
stdnse.print_debug(3, "magic packet hex: %s", stdnse.tohex(magic) )
|
||||
stdnse.debug3("Unrecognized packet for "..combo)
|
||||
stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
|
||||
stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
|
||||
stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
|
||||
local err = brute.Error:new( response )
|
||||
err:setRetry( true )
|
||||
return false, err
|
||||
|
||||
@@ -78,7 +78,7 @@ function verify_password( host, port, username, password, domain )
|
||||
account.valid = false
|
||||
account.message = "Unspecified"
|
||||
else
|
||||
stdnse.print_debug("UNKNOWN response: " .. response)
|
||||
stdnse.debug1("UNKNOWN response: " .. response)
|
||||
account.valid = false
|
||||
account.message = "failed"
|
||||
end
|
||||
@@ -146,12 +146,12 @@ action = function(host, port)
|
||||
table.insert(valid_accounts, account)
|
||||
|
||||
if account.valid then
|
||||
stdnse.print_debug(1, "Trying %s/%s => Login Correct, Info: %s", username, password, account.message)
|
||||
stdnse.debug1("Trying %s/%s => Login Correct, Info: %s", username, password, account.message)
|
||||
else
|
||||
stdnse.print_debug(1, "Trying %s/%s => Login Correct", username, password)
|
||||
stdnse.debug1("Trying %s/%s => Login Correct", username, password)
|
||||
end
|
||||
else
|
||||
stdnse.print_debug(1, "Trying %s/%s => Login Failed, Reason: %s", username, password, account.message)
|
||||
stdnse.debug1("Trying %s/%s => Login Failed, Reason: %s", username, password, account.message)
|
||||
end
|
||||
password = nextPass()
|
||||
end
|
||||
|
||||
@@ -93,7 +93,7 @@ local function getAttributeAsInt( data, name )
|
||||
pos, len = bin.unpack( ">I", data, pos )
|
||||
|
||||
if ( len ~= 4 ) then
|
||||
stdnse.print_debug("Unexpected length returned: %d", len )
|
||||
stdnse.debug1("Unexpected length returned: %d", len )
|
||||
return
|
||||
end
|
||||
|
||||
@@ -199,7 +199,7 @@ parseItem = function( data, len )
|
||||
if itemFetcher[name] then
|
||||
pos, item[name] = itemFetcher[name](data, pos )
|
||||
else
|
||||
stdnse.print_debug("No itemfetcher for: %s", name)
|
||||
stdnse.debug1("No itemfetcher for: %s", name)
|
||||
break
|
||||
end
|
||||
|
||||
|
||||
@@ -115,10 +115,10 @@ local function thread_main(domainname, results, name_iter)
|
||||
for _,addr in ipairs(res) do
|
||||
local hostn = name..'.'..domainname
|
||||
if target.ALLOW_NEW_TARGETS then
|
||||
stdnse.print_debug("Added target: "..hostn)
|
||||
stdnse.debug1("Added target: "..hostn)
|
||||
local status,err = target.add(hostn)
|
||||
end
|
||||
stdnse.print_debug("Hostname: "..hostn.." IP: "..addr)
|
||||
stdnse.debug1("Hostname: "..hostn.." IP: "..addr)
|
||||
local record = { hostname=hostn, address=addr }
|
||||
setmetatable(record, {
|
||||
__tostring = function(t)
|
||||
@@ -146,10 +146,10 @@ local function srv_main(domainname, srvresults, srv_iter)
|
||||
if(srvres) then
|
||||
for srvhost,srvip in ipairs(srvres) do
|
||||
if target.ALLOW_NEW_TARGETS then
|
||||
stdnse.print_debug("Added target: "..srvip)
|
||||
stdnse.debug1("Added target: "..srvip)
|
||||
local status,err = target.add(srvip)
|
||||
end
|
||||
stdnse.print_debug("Hostname: "..hostn.." IP: "..srvip)
|
||||
stdnse.debug1("Hostname: "..hostn.." IP: "..srvip)
|
||||
local record = { hostname=hostn, address=srvip }
|
||||
setmetatable(record, {
|
||||
__tostring = function(t)
|
||||
@@ -180,15 +180,15 @@ action = function(host)
|
||||
end
|
||||
|
||||
if nmap.registry.bruteddomains[domainname] then
|
||||
stdnse.print_debug("Skipping already-bruted domain %s", domainname)
|
||||
stdnse.debug1("Skipping already-bruted domain %s", domainname)
|
||||
return nil
|
||||
end
|
||||
|
||||
nmap.registry.bruteddomains[domainname] = true
|
||||
stdnse.print_debug("Starting dns-brute at: "..domainname)
|
||||
stdnse.debug1("Starting dns-brute at: "..domainname)
|
||||
local max_threads = stdnse.get_script_args('dns-brute.threads') and tonumber( stdnse.get_script_args('dns-brute.threads') ) or 5
|
||||
local dosrv = stdnse.get_script_args("dns-brute.srv") or false
|
||||
stdnse.print_debug("THREADS: "..max_threads)
|
||||
stdnse.debug1("THREADS: "..max_threads)
|
||||
-- First look for dns-brute.hostlist
|
||||
local fileName = stdnse.get_script_args('dns-brute.hostlist')
|
||||
-- Check fetchfile locations, then relative paths
|
||||
@@ -211,7 +211,7 @@ action = function(host)
|
||||
local condvar = nmap.condvar( results )
|
||||
local i = 1
|
||||
local howmany = math.floor(#hostlist/max_threads)+1
|
||||
stdnse.print_debug("Hosts per thread: "..howmany)
|
||||
stdnse.debug1("Hosts per thread: "..howmany)
|
||||
repeat
|
||||
local j = math.min(i+howmany, #hostlist)
|
||||
local name_iter = array_iter(hostlist, i, j)
|
||||
@@ -249,7 +249,7 @@ action = function(host)
|
||||
threads = {}
|
||||
howmany = math.floor(#srvlist/max_threads)+1
|
||||
condvar = nmap.condvar( srvresults )
|
||||
stdnse.print_debug("SRV's per thread: "..howmany)
|
||||
stdnse.debug1("SRV's per thread: "..howmany)
|
||||
repeat
|
||||
local j = math.min(i+howmany, #srvlist)
|
||||
local name_iter = array_iter(srvlist, i, j)
|
||||
|
||||
@@ -307,7 +307,7 @@ local function enum(host, port, domain)
|
||||
while subdomain do
|
||||
local result = {}
|
||||
local status, result, nsec
|
||||
stdnse.print_debug("Trying %q.%q", subdomain, domain)
|
||||
stdnse.debug1("Trying %q.%q", subdomain, domain)
|
||||
status, result = dns.query(join({subdomain, domain}), {host = host.ip, port=port.number, proto=port.protocol, dtype='A', retAll=true, retPkt=true, dnssec=true})
|
||||
nsec = status and get_next_nsec(result, join({subdomain, domain})) or nil
|
||||
if nsec then
|
||||
@@ -316,18 +316,18 @@ local function enum(host, port, domain)
|
||||
|
||||
first, remainder = remove_suffix(nsec.dname, domain)
|
||||
if #remainder > 0 then
|
||||
stdnse.print_debug("Result name %q doesn't end in %q.", nsec.dname, domain)
|
||||
stdnse.debug1("Result name %q doesn't end in %q.", nsec.dname, domain)
|
||||
subdomain = nil
|
||||
break
|
||||
end
|
||||
last, remainder = remove_suffix(nsec.next_dname, domain)
|
||||
if #remainder > 0 then
|
||||
stdnse.print_debug("Result name %q doesn't end in %q.", nsec.next_dname, domain)
|
||||
stdnse.debug1("Result name %q doesn't end in %q.", nsec.next_dname, domain)
|
||||
subdomain = nil
|
||||
break
|
||||
end
|
||||
if #last == 0 then
|
||||
stdnse.print_debug("Wrapped")
|
||||
stdnse.debug1("Wrapped")
|
||||
subdomain = nil
|
||||
break
|
||||
end
|
||||
@@ -345,7 +345,7 @@ local function enum(host, port, domain)
|
||||
all_results[index] = excise(all_results, index, -1)
|
||||
end
|
||||
else
|
||||
stdnse.print_debug("adding %s", last)
|
||||
stdnse.debug1("adding %s", last)
|
||||
subdomain = next_domain(last)
|
||||
table.insert(all_results, join({last, domain}))
|
||||
seen[last] = #all_results
|
||||
|
||||
@@ -220,12 +220,12 @@ local function query_for_hashes(host,subdomain,domain)
|
||||
local h2 = string.lower(nsec3.hash.base32)
|
||||
if not stdnse.contains(all_results,"nexthash " .. h1 .. " " .. h2) then
|
||||
table.insert(all_results, "nexthash " .. h1 .. " " .. h2)
|
||||
stdnse.print_debug("nexthash " .. h1 .. " " .. h2)
|
||||
stdnse.debug1("nexthash " .. h1 .. " " .. h2)
|
||||
end
|
||||
ranges[h1] = h2
|
||||
end
|
||||
else
|
||||
stdnse.print_debug(1, "DNS error: %s", result)
|
||||
stdnse.debug1("DNS error: %s", result)
|
||||
end
|
||||
return ranges
|
||||
end
|
||||
@@ -258,11 +258,11 @@ local function enum(host, port, domain)
|
||||
local h2 = string.lower(nsec3.hash.base32)
|
||||
if table_size(todo) == 0 then
|
||||
table.insert(all_results, "domain " .. domain)
|
||||
stdnse.print_debug("domain " .. domain)
|
||||
stdnse.debug1("domain " .. domain)
|
||||
table.insert(all_results, "salt " .. salt)
|
||||
stdnse.print_debug("salt " .. salt)
|
||||
stdnse.debug1("salt " .. salt)
|
||||
table.insert(all_results, "iterations " .. iter)
|
||||
stdnse.print_debug("iterations " .. iter)
|
||||
stdnse.debug1("iterations " .. iter)
|
||||
if h1 < h2 then
|
||||
todo[h2] = h1
|
||||
else
|
||||
@@ -299,7 +299,7 @@ local function enum(host, port, domain)
|
||||
end -- for
|
||||
end -- else
|
||||
table.insert(all_results, "nexthash " .. h1 .. " " .. h2)
|
||||
stdnse.print_debug("nexthash " .. h1 .. " " .. h2)
|
||||
stdnse.debug1("nexthash " .. h1 .. " " .. h2)
|
||||
end
|
||||
end
|
||||
|
||||
@@ -342,7 +342,7 @@ local function enum(host, port, domain)
|
||||
end
|
||||
end
|
||||
--if changed then
|
||||
-- stdnse.print_debug("break[]")
|
||||
-- stdnse.debug1("break[]")
|
||||
--break
|
||||
-- end
|
||||
end
|
||||
|
||||
@@ -53,26 +53,26 @@ portrule = shortport.port_or_service( 53, "dns", "udp", {"open", "open|filtered"
|
||||
local function test(host, port)
|
||||
|
||||
local status, err = dns.update( "www.cqure.net", { host=host, port=port, dtype="A", data="10.10.10.10" } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "www2", { zone="cqure.net", host=host, port=port, dtype="A", data="10.10.10.10" } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "alias.cqure.net", { host=host, port=port, dtype="CNAME", data="www.cqure.net" } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "cqure.net", { host=host, port=port, dtype="MX", data={ pref=10, mx="mail.cqure.net"} })
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "_ldap._tcp.cqure.net", { host=host, port=port, dtype="SRV", data={ prio=0, weight=100, port=389, target="ldap.cqure.net" } } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
|
||||
status, err = dns.update( "www.cqure.net", { host=host, port=port, dtype="A", data="", ttl=0 } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "www2.cqure.net", { host=host, port=port, dtype="A", data="", ttl=0 } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "alias.cqure.net", { host=host, port=port, dtype="CNAME", data="", ttl=0 } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "cqure.net", { host=host, port=port, dtype="MX", data="", ttl=0 } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
status, err = dns.update( "_ldap._tcp.cqure.net", { host=host, port=port, dtype="SRV", data="", ttl=0 } )
|
||||
if ( status ) then stdnse.print_debug("SUCCESS") else stdnse.print_debug("FAIL: " .. (err or "")) end
|
||||
if ( status ) then stdnse.debug1("SUCCESS") else stdnse.debug1("FAIL: " .. (err or "")) end
|
||||
|
||||
end
|
||||
|
||||
|
||||
@@ -368,7 +368,7 @@ local RD = {
|
||||
local version, siz, hp, vp, lat, lon, alt
|
||||
version = string.byte(data, offset)
|
||||
if version ~= 0 then
|
||||
stdnse.print_debug(2, "Unknown LOC RR version: %d", version)
|
||||
stdnse.debug2("Unknown LOC RR version: %d", version)
|
||||
return offset, ''
|
||||
end
|
||||
siz = string.byte(data, offset+1)
|
||||
@@ -616,7 +616,7 @@ function add_zone_info(response)
|
||||
for rdata in pairs(RR['Node Names']) do
|
||||
status, ret = target.add(rdata)
|
||||
if not status then
|
||||
stdnse.print_debug(3, "Error: failed to add all Node Names.")
|
||||
stdnse.debug3("Error: failed to add all Node Names.")
|
||||
break
|
||||
end
|
||||
newhosts_count = newhosts_count + ret
|
||||
|
||||
@@ -74,7 +74,7 @@ doLogin = function( host, port, database, creds, valid_accounts )
|
||||
if ( nmap.registry.db2users == nil or nmap.registry.db2users[username] == nil ) then
|
||||
helper = drda.Helper:new()
|
||||
helper:connect( host, port )
|
||||
stdnse.print_debug( "Trying %s/%s against %s...", username, password, host.ip )
|
||||
stdnse.debug1( "Trying %s/%s against %s...", username, password, host.ip )
|
||||
status, response = helper:login( database, username, password )
|
||||
helper:close()
|
||||
|
||||
@@ -156,7 +156,7 @@ action = function( host, port )
|
||||
|
||||
creds = new_usrpwd_iterator( usernames, passwords )
|
||||
|
||||
stdnse.print_debug("Starting brute force with %d threads", max_threads )
|
||||
stdnse.debug1("Starting brute force with %d threads", max_threads )
|
||||
|
||||
for i=1,max_threads do
|
||||
local co = stdnse.new_thread( doLogin, host, port, database, creds, valid_accounts )
|
||||
|
||||
@@ -73,11 +73,11 @@ action = function()
|
||||
if not iface then
|
||||
return "please specify an interface with -e"
|
||||
end
|
||||
stdnse.print_debug(1, "iface: %s", iface.device)
|
||||
stdnse.debug1("iface: %s", iface.device)
|
||||
|
||||
local timeout = (arg_timeout or 10) * 1000
|
||||
|
||||
stdnse.print_debug(2, "timeout: %s", timeout)
|
||||
stdnse.debug2("timeout: %s", timeout)
|
||||
|
||||
local pcap = nmap.new_socket()
|
||||
pcap:pcap_open(iface.device, 512, true, "ether proto 0x888e")
|
||||
@@ -100,7 +100,7 @@ action = function()
|
||||
for i,v in ipairs(scan) do
|
||||
v = tonumber(v)
|
||||
if v ~= nil and v < 256 and v > 3 then
|
||||
stdnse.print_debug(1, "selected: %s", eap.eap_str[v] or "unassigned" )
|
||||
stdnse.debug1("selected: %s", eap.eap_str[v] or "unassigned" )
|
||||
identity.auth[v] = UNKNOWN
|
||||
valid = true
|
||||
end
|
||||
@@ -118,26 +118,26 @@ action = function()
|
||||
while(nmap.clock_ms() - start_time < timeout) and not tried_all do
|
||||
local status, plen, l2_data, l3_data, time = pcap:pcap_receive()
|
||||
if (status) then
|
||||
stdnse.print_debug(2, "packet size: 0x%x", plen )
|
||||
stdnse.debug2("packet size: 0x%x", plen )
|
||||
local packet = eap.parse(l2_data .. l3_data)
|
||||
|
||||
if packet then
|
||||
stdnse.print_debug(2, "packet valid")
|
||||
stdnse.debug2("packet valid")
|
||||
|
||||
-- respond to identity requests, using the same session id
|
||||
if packet.eap.type == eap.eap_t.IDENTITY and packet.eap.code == eap.code_t.REQUEST then
|
||||
stdnse.print_debug(1, "server identity: %s",packet.eap.body.identity)
|
||||
stdnse.debug1("server identity: %s",packet.eap.body.identity)
|
||||
eap.send_identity_response(iface, packet.eap.id, identity.name)
|
||||
end
|
||||
|
||||
-- respond with NAK to every auth request to enumerate them until we get a failure
|
||||
if packet.eap.type ~= eap.eap_t.IDENTITY and packet.eap.code == eap.code_t.REQUEST then
|
||||
stdnse.print_debug(1, "auth request: %s",eap.eap_str[packet.eap.type])
|
||||
stdnse.debug1("auth request: %s",eap.eap_str[packet.eap.type])
|
||||
identity.auth[packet.eap.type] = true
|
||||
|
||||
identity.probe = -1
|
||||
for i,v in pairs(identity.auth) do
|
||||
stdnse.print_debug(1, "identity.auth: %d %s",i,tostring(v))
|
||||
stdnse.debug1("identity.auth: %d %s",i,tostring(v))
|
||||
if v == UNKNOWN then
|
||||
identity.probe = i
|
||||
eap.send_nak_response(iface, packet.eap.id, i)
|
||||
@@ -149,7 +149,7 @@ action = function()
|
||||
|
||||
-- retry on failure
|
||||
if packet.eap.code == eap.code_t.FAILURE then
|
||||
stdnse.print_debug(1, "auth failure")
|
||||
stdnse.debug1("auth failure")
|
||||
identity.auth[identity.probe] = false
|
||||
|
||||
-- don't give up at the first failure!
|
||||
@@ -171,7 +171,7 @@ action = function()
|
||||
end
|
||||
|
||||
else
|
||||
stdnse.print_debug(1, "packet invalid! wrong filter?")
|
||||
stdnse.debug1("packet invalid! wrong filter?")
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -186,7 +186,7 @@ action = function()
|
||||
end
|
||||
|
||||
for i,v in ipairs(results) do
|
||||
stdnse.print_debug(1, "%s", tostring(v))
|
||||
stdnse.debug1("%s", tostring(v))
|
||||
end
|
||||
|
||||
return stdnse.format_output(true, results)
|
||||
|
||||
@@ -193,7 +193,7 @@ local tcp_funcs_v4 = {
|
||||
|
||||
if port and scanner.ports.tcp[port] then
|
||||
|
||||
stdnse.print_debug("Marking port %d/tcp v4 as forwarded (reply from %s)", ip2.tcp_dport, ip.ip_src)
|
||||
stdnse.debug1("Marking port %d/tcp v4 as forwarded (reply from %s)", ip2.tcp_dport, ip.ip_src)
|
||||
|
||||
-- mark the gateway as forwarding the packet
|
||||
scanner.ports.tcp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src)
|
||||
@@ -207,7 +207,7 @@ local tcp_funcs_v4 = {
|
||||
end
|
||||
|
||||
else
|
||||
stdnse.print_debug("Invalid reply to port %d/tcp", ip2.tcp_dport)
|
||||
stdnse.debug1("Invalid reply to port %d/tcp", ip2.tcp_dport)
|
||||
end
|
||||
end,
|
||||
|
||||
@@ -257,7 +257,7 @@ local udp_funcs_v4 = {
|
||||
|
||||
if port and scanner.ports.udp[port] then
|
||||
|
||||
stdnse.print_debug("Marking port %d/udp v4 as forwarded", ip2.udp_dport)
|
||||
stdnse.debug1("Marking port %d/udp v4 as forwarded", ip2.udp_dport)
|
||||
|
||||
-- mark the gateway as forwarding the packet
|
||||
scanner.ports.udp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src)
|
||||
@@ -270,7 +270,7 @@ local udp_funcs_v4 = {
|
||||
end
|
||||
|
||||
else
|
||||
stdnse.print_debug("Invalid reply to port %d/udp", ip2.udp_dport)
|
||||
stdnse.debug1("Invalid reply to port %d/udp", ip2.udp_dport)
|
||||
end
|
||||
|
||||
end,
|
||||
@@ -320,7 +320,7 @@ local tcp_funcs_v6 = {
|
||||
|
||||
if port and scanner.ports.tcp[port] then
|
||||
|
||||
stdnse.print_debug("Marking port %d/tcp v6 as forwarded (reply from %s)", ip2.tcp_dport, ip.ip_src)
|
||||
stdnse.debug1("Marking port %d/tcp v6 as forwarded (reply from %s)", ip2.tcp_dport, ip.ip_src)
|
||||
|
||||
-- mark the gateway as forwarding the packet
|
||||
scanner.ports.tcp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src)
|
||||
@@ -334,7 +334,7 @@ local tcp_funcs_v6 = {
|
||||
end
|
||||
|
||||
else
|
||||
stdnse.print_debug("Invalid reply to port %d/tcp", ip2.tcp_dport)
|
||||
stdnse.debug1("Invalid reply to port %d/tcp", ip2.tcp_dport)
|
||||
end
|
||||
end,
|
||||
|
||||
@@ -382,7 +382,7 @@ local udp_funcs_v6 = {
|
||||
|
||||
if port and scanner.ports.udp[port] then
|
||||
|
||||
stdnse.print_debug("Marking port %d/udp v6 as forwarded (reply from %s)", ip2.udp_dport, ip2.ip_src)
|
||||
stdnse.debug1("Marking port %d/udp v6 as forwarded (reply from %s)", ip2.udp_dport, ip2.ip_src)
|
||||
|
||||
-- mark the gateway as forwarding the packet
|
||||
scanner.ports.udp[port].final_ttl = gateway_ttl(scanner.target.traceroute, ip.ip_src)
|
||||
@@ -395,7 +395,7 @@ local udp_funcs_v6 = {
|
||||
end
|
||||
|
||||
else
|
||||
stdnse.print_debug("Invalid reply to port %d/udp", ip2.udp_dport)
|
||||
stdnse.debug1("Invalid reply to port %d/udp", ip2.udp_dport)
|
||||
end
|
||||
|
||||
end,
|
||||
@@ -497,7 +497,7 @@ local Firewalk_v4 = {
|
||||
-- mark port as forwarded and discard any related pending probes
|
||||
proto_func.update_scan(scanner, ip, ip2)
|
||||
else
|
||||
stdnse.print_debug("Invalid protocol for reply (%d)", ip2.ip_p)
|
||||
stdnse.debug1("Invalid protocol for reply (%d)", ip2.ip_p)
|
||||
end
|
||||
end
|
||||
end,
|
||||
@@ -563,7 +563,7 @@ local Firewalk_v6 = {
|
||||
-- mark port as forwarded and discard any related pending probes
|
||||
proto_func.update_scan(scanner, ip, ip2)
|
||||
else
|
||||
stdnse.print_debug("Invalid protocol for reply (%d)", ip2.ip_p)
|
||||
stdnse.debug1("Invalid protocol for reply (%d)", ip2.ip_p)
|
||||
end
|
||||
end
|
||||
end,
|
||||
@@ -654,7 +654,7 @@ local function getopts()
|
||||
RecvTimeout = parse_timespec_ms(timespec)
|
||||
|
||||
if not RecvTimeout then
|
||||
stdnse.print_debug("Invalid time specification for option: firewalk.recv-timeout (%s)", timespec)
|
||||
stdnse.debug1("Invalid time specification for option: firewalk.recv-timeout (%s)", timespec)
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -671,7 +671,7 @@ local function getopts()
|
||||
ProbeTimeout = parse_timespec_ms(timespec)
|
||||
|
||||
if not ProbeTimeout then
|
||||
stdnse.print_debug("Invalid time specification for option: firewalk.probe-timeout (%s)", timespec)
|
||||
stdnse.debug1("Invalid time specification for option: firewalk.probe-timeout (%s)", timespec)
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -735,7 +735,7 @@ local function initial_ttl(host)
|
||||
return nil
|
||||
end
|
||||
|
||||
stdnse.print_debug("Using ttl %d", #host.traceroute)
|
||||
stdnse.debug1("Using ttl %d", #host.traceroute)
|
||||
return #host.traceroute
|
||||
end
|
||||
|
||||
@@ -911,7 +911,7 @@ local function send_probe(scanner, probe)
|
||||
|
||||
local try = nmap.new_try(function() scanner.sock:ip_close() end)
|
||||
|
||||
stdnse.print_debug("Sending new probe (%d/%s ttl=%d)", probe.portno, probe.proto, probe.ttl)
|
||||
stdnse.debug1("Sending new probe (%d/%s ttl=%d)", probe.portno, probe.proto, probe.ttl)
|
||||
|
||||
-- craft the raw packet
|
||||
local pkt = proto_vtable[probe.proto].getprobe(scanner.target, probe.portno, probe.ttl)
|
||||
|
||||
@@ -82,7 +82,7 @@ Driver = {
|
||||
|
||||
-- Loop over the lines
|
||||
while(line)do
|
||||
stdnse.print_debug("Received: %s", line)
|
||||
stdnse.debug1("Received: %s", line)
|
||||
if(string.match(line, "^230")) then
|
||||
stdnse.debug1("Successful login: %s/%s", user, pass)
|
||||
return true, brute.Account:new( user, pass, creds.State.VALID)
|
||||
|
||||
@@ -62,7 +62,7 @@ action = function(host, port)
|
||||
sock:set_timeout(5000)
|
||||
status, err = sock:connect(host, port, "tcp")
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Can't connect: %s", err)
|
||||
stdnse.debug1("Can't connect: %s", err)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
@@ -71,21 +71,21 @@ action = function(host, port)
|
||||
local buffer = stdnse.make_buffer(sock, "\r?\n")
|
||||
local code, message = ftp.read_reply(buffer)
|
||||
if not code then
|
||||
stdnse.print_debug(1, "Can't read banner: %s", message)
|
||||
stdnse.debug1("Can't read banner: %s", message)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
|
||||
-- Check version.
|
||||
if not message:match("ProFTPD 1.3.3c") then
|
||||
stdnse.print_debug(1, "This version is not known to be backdoored.")
|
||||
stdnse.debug1("This version is not known to be backdoored.")
|
||||
return
|
||||
end
|
||||
|
||||
-- Send command to escalate privilege.
|
||||
status, err = sock:send(CMD_FTP .. "\r\n")
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Failed to send privilege escalation command: %s", err)
|
||||
stdnse.debug1("Failed to send privilege escalation command: %s", err)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
@@ -93,7 +93,7 @@ action = function(host, port)
|
||||
-- Check if escalation worked.
|
||||
code, message = ftp.read_reply(buffer)
|
||||
if code and code == 502 then
|
||||
stdnse.print_debug(1, "Privilege escalation failed: %s", message)
|
||||
stdnse.debug1("Privilege escalation failed: %s", message)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
@@ -101,7 +101,7 @@ action = function(host, port)
|
||||
-- Send command(s) to shell.
|
||||
status, err = sock:send(cmd .. ";\r\n")
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Failed to send shell command(s): %s", err)
|
||||
stdnse.debug1("Failed to send shell command(s): %s", err)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
@@ -109,7 +109,7 @@ action = function(host, port)
|
||||
-- Check for an error from command.
|
||||
status, resp = sock:receive()
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Can't read command response: %s", resp)
|
||||
stdnse.debug1("Can't read command response: %s", resp)
|
||||
sock:close()
|
||||
return
|
||||
end
|
||||
|
||||
@@ -182,7 +182,7 @@ action = function(host, port)
|
||||
break
|
||||
end
|
||||
if ( not(tag:match("^<.*>$")) ) then
|
||||
stdnse.print_debug(2, "Expected tag, got: %s", tag)
|
||||
stdnse.debug2("Expected tag, got: %s", tag)
|
||||
break
|
||||
else
|
||||
tag = tag:match("^<(.*)>$")
|
||||
|
||||
@@ -79,7 +79,7 @@ action = function(host)
|
||||
local output_tab = stdnse.output_table()
|
||||
response = http.get(HOSTMAP_SERVER, 80, query)
|
||||
if not response.status then
|
||||
stdnse.print_debug(1, "Error: could not GET http://%s%s", HOSTMAP_SERVER, query)
|
||||
stdnse.debug1("Error: could not GET http://%s%s", HOSTMAP_SERVER, query)
|
||||
return nil
|
||||
end
|
||||
local hostnames = {}
|
||||
@@ -96,7 +96,7 @@ action = function(host)
|
||||
|
||||
if #hosts_log == 0 then
|
||||
if not string.find(response.body, "<p>The server returned no hits.</p>") then
|
||||
stdnse.print_debug(1,"Error: found no hostnames but not the marker for \"no hostnames found\" (pattern error?)")
|
||||
stdnse.debug1("Error: found no hostnames but not the marker for \"no hostnames found\" (pattern error?)")
|
||||
end
|
||||
return nil
|
||||
end
|
||||
@@ -110,7 +110,7 @@ action = function(host)
|
||||
if status then
|
||||
output_tab.filename = filename
|
||||
else
|
||||
stdnse.print_debug(1,"Error saving to %s: %s\n", filename, err)
|
||||
stdnse.debug1("Error saving to %s: %s\n", filename, err)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -94,7 +94,7 @@ action = function(host)
|
||||
local hostnames = {}
|
||||
local hostnames_str, output_str
|
||||
local output_tab = stdnse.output_table()
|
||||
stdnse.print_debug(1, "Using database: %s", HOSTMAP_BING_SERVER)
|
||||
stdnse.debug1("Using database: %s", HOSTMAP_BING_SERVER)
|
||||
hostnames = query_bing(host.ip)
|
||||
|
||||
output_tab.hosts = hostnames
|
||||
@@ -106,7 +106,7 @@ action = function(host)
|
||||
if status then
|
||||
output_tab.filename = filename
|
||||
else
|
||||
stdnse.print_debug(1, "There was an error saving the file %s:%s", filename, err)
|
||||
stdnse.debug1("There was an error saving the file %s:%s", filename, err)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -95,9 +95,9 @@ portaction = function(host, port)
|
||||
|
||||
for shortener, pattern in pairs(URL_SHORTENERS) do
|
||||
for i, shortened in ipairs(pattern:match(body)) do
|
||||
stdnse.print_debug("Found shortened Url: " .. shortened)
|
||||
stdnse.debug1("Found shortened Url: " .. shortened)
|
||||
local response = http.get(shortener, 80, shortened)
|
||||
stdnse.print_debug("status code: %d", response.status)
|
||||
stdnse.debug1("status code: %d", response.status)
|
||||
if (response.status == 301 or response.status == 302) and response.header['location'] then
|
||||
followed[#followed + 1] = response.header['location']
|
||||
end
|
||||
@@ -111,7 +111,7 @@ portaction = function(host, port)
|
||||
for i, id in ipairs(pattern:match(body..followed)) do
|
||||
if not ids[id] then
|
||||
result[#result + 1] = name .. ": " .. id
|
||||
stdnse.print_debug("found id:" .. result[#result])
|
||||
stdnse.debug1("found id:" .. result[#result])
|
||||
add_key_to_registry(host, port, url_path, result[#result])
|
||||
ids[id] = true
|
||||
end
|
||||
|
||||
@@ -215,9 +215,9 @@ action = function (host, port)
|
||||
if save then
|
||||
local status, err = write_file(save .. filename, response.body);
|
||||
if status then
|
||||
stdnse.print_debug(1, "%s saved", filename);
|
||||
stdnse.debug1("%s saved", filename);
|
||||
else
|
||||
stdnse.print_debug(1, "error saving %s", err);
|
||||
stdnse.debug1("error saving %s", err);
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -290,7 +290,7 @@ action = function(host, port)
|
||||
end
|
||||
|
||||
for _, link in ipairs(links) do
|
||||
stdnse.print_debug(2, "Fetching link: %s", link)
|
||||
stdnse.debug2("Fetching link: %s", link)
|
||||
http_response = http.get( vhost or host, port, link, { auth = { username = user, password = pass }, no_cache = true })
|
||||
local u_details = getUserDetails( http_response.body )
|
||||
|
||||
@@ -299,7 +299,7 @@ action = function(host, port)
|
||||
end
|
||||
|
||||
if ( u_details.fullname and u_details.passwd and #u_details.passwd > 0 ) then
|
||||
stdnse.print_debug(2, "Found Internet hash for: %s:%s", u_details.fullname, u_details.passwd)
|
||||
stdnse.debug2("Found Internet hash for: %s:%s", u_details.fullname, u_details.passwd)
|
||||
-- Old type are 32 bytes, new are 20
|
||||
if #u_details.passwd == 32 then
|
||||
table.insert( legacyHashes, ("%s:%s"):format(u_details.fullname, u_details.passwd))
|
||||
@@ -309,9 +309,9 @@ action = function(host, port)
|
||||
end
|
||||
|
||||
if ( u_details.idfile ) then
|
||||
stdnse.print_debug(2, "Found ID file for user: %s", u_details.fullname)
|
||||
stdnse.debug2("Found ID file for user: %s", u_details.fullname)
|
||||
if ( download_path ) then
|
||||
stdnse.print_debug(2, "Downloading ID file for user: %s", u_details.full_name)
|
||||
stdnse.debug2("Downloading ID file for user: %s", u_details.full_name)
|
||||
http_response = http.get( vhost or host, port, u_details.idfile, { auth = { username = user, password = pass }, no_cache = true })
|
||||
|
||||
if ( http_response.status == 200 ) then
|
||||
|
||||
@@ -120,7 +120,7 @@ action = function(host, port)
|
||||
-- send requests
|
||||
local pipeline_responses = http.pipeline_go(host, port, all)
|
||||
if not pipeline_responses then
|
||||
stdnse.print_debug(1, "No answers from pipelined requests", SCRIPT_NAME)
|
||||
stdnse.debug1("No answers from pipelined requests", SCRIPT_NAME)
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
@@ -475,7 +475,7 @@ action = function(host, port)
|
||||
output = output .. " (" .. http.get_status_string(result) .. ")"
|
||||
end
|
||||
|
||||
stdnse.print_debug(1, "Found a valid page! %s", output)
|
||||
stdnse.debug1("Found a valid page! %s", output)
|
||||
|
||||
table.insert(response, output)
|
||||
end
|
||||
|
||||
@@ -521,10 +521,10 @@ function action(host, port)
|
||||
-- Check if we got a response, and the response is a .jpg file
|
||||
if r.response and r.response.body and r.response.status==200 and (string.match(r.url.path, ".jpg") or string.match(r.url.path, ".jpeg")) then
|
||||
local status, result
|
||||
stdnse.print_debug(1, "Attempting to read exif data from %s", r.url.raw)
|
||||
stdnse.debug1("Attempting to read exif data from %s", r.url.raw)
|
||||
status, result = parse_jpeg(r.response.body)
|
||||
if(not(status)) then
|
||||
stdnse.print_debug(1, "Couldn't read exif from %s: %s", r.url.raw, result)
|
||||
stdnse.debug1("Couldn't read exif from %s: %s", r.url.raw, result)
|
||||
else
|
||||
-- If there are any exif results, add them to the result
|
||||
if(result and #result > 0) then
|
||||
|
||||
@@ -56,7 +56,7 @@ action = function(host, port)
|
||||
|
||||
status, favicondb = datafiles.parse_file( favicondbfile, {["^%s*([^%s#:]+)[%s:]+"] = "^%s*[^%s#:]+[%s:]+(.*)"})
|
||||
if not status then
|
||||
stdnse.print_debug( 1, "Could not open file: %s", favicondbfile )
|
||||
stdnse.debug1("Could not open file: %s", favicondbfile )
|
||||
return
|
||||
end
|
||||
|
||||
@@ -67,7 +67,7 @@ action = function(host, port)
|
||||
if(favicon_uri) then
|
||||
-- If we got a script arg URI, always use that.
|
||||
answer = http.get( host, port, root .. "/" .. favicon_uri)
|
||||
stdnse.print_debug( 4, "Using URI %s", favicon_uri)
|
||||
stdnse.debug4("Using URI %s", favicon_uri)
|
||||
else
|
||||
-- Otherwise, first try parsing the home page.
|
||||
index = http.get( host, port, root .. "/" )
|
||||
@@ -77,7 +77,7 @@ action = function(host, port)
|
||||
-- if we find a pattern
|
||||
if icon then
|
||||
local hostname = host.targetname or (host.name ~= "" and host.name) or host.ip
|
||||
stdnse.print_debug(1, "Got icon URL %s.", icon)
|
||||
stdnse.debug1("Got icon URL %s.", icon)
|
||||
local icon_host, icon_port, icon_path = parse_url_relative(icon, hostname, port.number, root)
|
||||
if (icon_host == host.ip or
|
||||
icon_host == host.targetname or
|
||||
@@ -96,7 +96,7 @@ action = function(host, port)
|
||||
-- If that didn't work, try /favicon.ico.
|
||||
if not answer or answer.status ~= 200 then
|
||||
answer = http.get( host, port, root .. "/favicon.ico" )
|
||||
stdnse.print_debug( 4, "Using default URI.")
|
||||
stdnse.debug4("Using default URI.")
|
||||
end
|
||||
end
|
||||
|
||||
@@ -112,7 +112,7 @@ action = function(host, port)
|
||||
end
|
||||
end
|
||||
else
|
||||
stdnse.print_debug( 1, "No favicon found.")
|
||||
stdnse.debug1("No favicon found.")
|
||||
return
|
||||
end --- status == 200
|
||||
return result
|
||||
|
||||
@@ -111,7 +111,7 @@ local function UploadRequest(host, port, submission, partofrequest, name, filena
|
||||
options['header']['Content-Type'] = "multipart/form-data; boundary=AaB03x"
|
||||
options['content'] = self.partofrequest .. '--AaB03x\nContent-Disposition: form-data; name="' .. self.name .. '"; filename="' .. self.filename .. '"\nContent-Type: ' .. self.mime .. '\n\n' .. self.payload .. '\n--AaB03x--'
|
||||
|
||||
stdnse.print_debug(2, "Making a request: Header: " .. options['header']['Content-Type'] .. "\nContent: " .. escape(options['content']))
|
||||
stdnse.debug2("Making a request: Header: " .. options['header']['Content-Type'] .. "\nContent: " .. escape(options['content']))
|
||||
|
||||
local response = http.post(self.host, self.port, self.submission, options, { no_cache = true })
|
||||
|
||||
|
||||
@@ -70,19 +70,19 @@ Default installations of older versions of frontpage extensions allow anonymous
|
||||
data = http.post(host,port,path .. "/_vti_bin/_vti_aut/author.dll",nil,nil,postdata)
|
||||
if data and data.status then
|
||||
if data.status == 200 then
|
||||
stdnse.print_debug("Frontpage returned 200 OK, server vulnerable.")
|
||||
stdnse.debug1("Frontpage returned 200 OK, server vulnerable.")
|
||||
frontpage_vuln.state = vulns.STATE.VULN;
|
||||
return report:make_output(frontpage_vuln);
|
||||
elseif data.status == 401 then
|
||||
stdnse.print_debug("Frontpage returned 401, password protected.")
|
||||
stdnse.debug1("Frontpage returned 401, password protected.")
|
||||
return false
|
||||
else
|
||||
stdnse.print_debug("Frontpage returned unknown response.")
|
||||
stdnse.debug1("Frontpage returned unknown response.")
|
||||
return false
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
stdnse.print_debug("Frontpage probably not installed.")
|
||||
stdnse.debug1("Frontpage probably not installed.")
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -75,7 +75,7 @@ action = function(host, port)
|
||||
stdnse.debug1("Checking host %s", target_url)
|
||||
local qry = build_qry(apikey, target_url)
|
||||
local req = http.get_url(qry)
|
||||
stdnse.print_debug(2, "%s", qry)
|
||||
stdnse.debug2("%s", qry)
|
||||
|
||||
if ( req.status > 400 ) then
|
||||
return "[ERROR] Request failed (invalid API key?)"
|
||||
|
||||
@@ -95,7 +95,7 @@ local function findExtension(host, port, path, ext)
|
||||
if charInExtension(host, port, path, ext) then
|
||||
-- currently only support for ext of length 3
|
||||
if ext:len() == 3 then
|
||||
stdnse.print_debug(1, "Added file: %s", path .. ext)
|
||||
stdnse.debug1("Added file: %s", path .. ext)
|
||||
table.insert(files, path .. ext)
|
||||
else
|
||||
for c in chars:gmatch(".") do
|
||||
@@ -117,7 +117,7 @@ local function findName(host, port, path, number)
|
||||
stdnse.debug1("False positive detected. Exiting.")
|
||||
errors_max=true
|
||||
else
|
||||
stdnse.print_debug(1, "Added folder: %s", path .. "~" .. number)
|
||||
stdnse.debug1("Added folder: %s", path .. "~" .. number)
|
||||
table.insert(folders, path .. "~" .. number)
|
||||
|
||||
-- increase the number ('~1' to '~2')
|
||||
@@ -139,7 +139,7 @@ local function findName(host, port, path, number)
|
||||
|
||||
-- recurse if the path is valid and the length of path is not 6
|
||||
if not (path:len() == 6) and cont and not(errors_max) then
|
||||
stdnse.print_debug(1, "Testing: %s", path .. "~" .. number)
|
||||
stdnse.debug1("Testing: %s", path .. "~" .. number)
|
||||
for c in chars:gmatch(".") do findName(host, port, path .. c, number) end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -88,13 +88,13 @@ Driver = {
|
||||
end,
|
||||
|
||||
login = function( self, username, password )
|
||||
stdnse.print_debug(2, "HTTP POST %s%s with security token %s\n", self.host, self.uri, security_token)
|
||||
stdnse.debug2("HTTP POST %s%s with security token %s\n", self.host, self.uri, security_token)
|
||||
local response = http.post( self.host, self.port, self.uri, { cookies = session_cookie_str, no_cache = true, no_cache_body = true }, nil,
|
||||
{ [self.options.uservar] = username, [self.options.passvar] = password,
|
||||
[security_token] = 1, lang = "", option = "com_login", task = "login" } )
|
||||
|
||||
if response.body and not( response.body:match('name=[\'"]*'..self.options.passvar ) ) then
|
||||
stdnse.print_debug(2, "Response:\n%s", response.body)
|
||||
stdnse.debug2("Response:\n%s", response.body)
|
||||
local c = creds.Credentials:new(SCRIPT_NAME, self.host, self.port )
|
||||
c:add(username, password, creds.State.VALID )
|
||||
return true, brute.Account:new( username, password, "OPEN")
|
||||
@@ -108,25 +108,25 @@ Driver = {
|
||||
|
||||
check = function( self )
|
||||
local response = http.get( self.host, self.port, self.uri )
|
||||
stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(self.host),self.uri)
|
||||
stdnse.debug1("HTTP GET %s%s", stdnse.get_hostname(self.host),self.uri)
|
||||
-- Check if password field is there
|
||||
if ( response.status == 200 and response.body:match('type=[\'"]password[\'"]')) then
|
||||
stdnse.print_debug(1, "Initial check passed. Launching brute force attack")
|
||||
stdnse.debug1("Initial check passed. Launching brute force attack")
|
||||
session_cookie_str = response.cookies[1]["name"].."="..response.cookies[1]["value"];
|
||||
if response.body then
|
||||
local _
|
||||
_, _, security_token = string.find(response.body, '<input type="hidden" name="(%w+)" value="1" />')
|
||||
end
|
||||
if security_token then
|
||||
stdnse.print_debug(2, "Security Token found:%s", security_token)
|
||||
stdnse.debug2("Security Token found:%s", security_token)
|
||||
else
|
||||
stdnse.print_debug(2, "The security token was not found.")
|
||||
stdnse.debug2("The security token was not found.")
|
||||
return false
|
||||
end
|
||||
|
||||
return true
|
||||
else
|
||||
stdnse.print_debug(1, "Initial check failed. Password field wasn't found")
|
||||
stdnse.debug1("Initial check failed. Password field wasn't found")
|
||||
end
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -72,7 +72,7 @@ action = function(host, port)
|
||||
rfile = stdnse.get_script_args("http-majordomo2-dir-traversal.rfile") or DEFAULT_REMOTE_FILE
|
||||
evil_uri = uri..MAJORDOMO2_EXPLOIT_QRY..rfile
|
||||
|
||||
stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(host), evil_uri)
|
||||
stdnse.debug1("HTTP GET %s%s", stdnse.get_hostname(host), evil_uri)
|
||||
response = http.get(host, port, evil_uri)
|
||||
if response.body and response.status==200 then
|
||||
if response.body:match("unknowntopic") then
|
||||
|
||||
@@ -60,7 +60,7 @@ function custom_test(host, port, test_url, pattern)
|
||||
-- strip hostname
|
||||
if not string.match(test_url, "^http://.*") then
|
||||
test_url = "http://" .. test_url
|
||||
stdnse.print_debug("URL missing scheme. URL concatenated to http://")
|
||||
stdnse.debug1("URL missing scheme. URL concatenated to http://")
|
||||
end
|
||||
local url_table = url.parse(test_url)
|
||||
local hostname = url_table.host
|
||||
@@ -136,7 +136,7 @@ function default_test(host, port)
|
||||
-- if we do not receive any valid status code,
|
||||
-- there is no reason to keep testing... the proxy is probably not open
|
||||
if not (get_cstatus or head_cstatus or conn_status) then return false, nil end
|
||||
stdnse.print_debug("Test 1 - Google Web Server\nReceived valid status codes, but pattern does not match")
|
||||
stdnse.debug1("Test 1 - Google Web Server\nReceived valid status codes, but pattern does not match")
|
||||
|
||||
test_url = "http://www.wikipedia.org"
|
||||
hostname = "www.wikipedia.org"
|
||||
@@ -156,7 +156,7 @@ function default_test(host, port)
|
||||
|
||||
-- same valid code checking as above
|
||||
if not (get_cstatus or head_cstatus or conn_status) then return false, nil end
|
||||
stdnse.print_debug("Test 2 - Wikipedia.org\nReceived valid status codes, but pattern does not match")
|
||||
stdnse.debug1("Test 2 - Wikipedia.org\nReceived valid status codes, but pattern does not match")
|
||||
|
||||
test_url = "http://www.computerhistory.org"
|
||||
hostname = "www.computerhistory.org"
|
||||
@@ -172,7 +172,7 @@ function default_test(host, port)
|
||||
|
||||
if fstatus then return fstatus, "Methods supported:" .. response end
|
||||
if not get_cstatus then
|
||||
stdnse.print_debug("Test 3 - Computer History\nReceived valid status codes, but pattern does not match")
|
||||
stdnse.debug1("Test 3 - Computer History\nReceived valid status codes, but pattern does not match")
|
||||
end
|
||||
|
||||
-- Check if GET is being redirected
|
||||
|
||||
@@ -62,7 +62,7 @@ local probes = {}
|
||||
--@param response Response table
|
||||
--@return True if attack vector is found in response's body
|
||||
local function check_probe_response(response)
|
||||
stdnse.print_debug(3, "Probe response:\n%s", response.body)
|
||||
stdnse.debug3("Probe response:\n%s", response.body)
|
||||
if string.find(response.body, "'\"/><script>alert(1)</script>", 1, true) ~= nil then
|
||||
return true
|
||||
end
|
||||
|
||||
@@ -93,7 +93,7 @@ local function slowThread2(host,port)
|
||||
local catch = function()
|
||||
-- note the time the socket timedout
|
||||
TimeWith = nmap.clock()
|
||||
stdnse.print_debug("2 try")
|
||||
stdnse.debug1("2 try")
|
||||
end
|
||||
local try = nmap.new_try(catch)
|
||||
socket = nmap.new_socket()
|
||||
@@ -147,12 +147,12 @@ so, it starves the http server's resources causing Denial Of Service.
|
||||
return
|
||||
end
|
||||
local diff = TimeWith - TimeWithout
|
||||
stdnse.print_debug("Time difference is: %d",diff)
|
||||
stdnse.debug1("Time difference is: %d",diff)
|
||||
-- if second connection died 10 or more seconds after the first
|
||||
-- it means that sending additional data prolonged the connection's time
|
||||
-- and the server is vulnerable to slowloris attack
|
||||
if diff >= 10 then
|
||||
stdnse.print_debug("Difference is greater or equal to 10 seconds.")
|
||||
stdnse.debug1("Difference is greater or equal to 10 seconds.")
|
||||
slowloris.state = vulns.STATE.VULN
|
||||
end
|
||||
return report:make_output(slowloris)
|
||||
|
||||
@@ -101,9 +101,9 @@ local makeRequests = function(host, port, submission, fields, fieldvalues)
|
||||
end
|
||||
end
|
||||
|
||||
stdnse.print_debug(2, "Making a POST request to " .. submission .. ": ")
|
||||
stdnse.debug2("Making a POST request to " .. submission .. ": ")
|
||||
for i, content in pairs(postdata) do
|
||||
stdnse.print_debug(2, i .. ": " .. content)
|
||||
stdnse.debug2(i .. ": " .. content)
|
||||
end
|
||||
local response = http.post(host, port, submission, { no_cache = true }, nil, postdata)
|
||||
end
|
||||
|
||||
@@ -132,7 +132,7 @@ Possibly vulnerable (Based on the same firmware): WR743ND,WR842ND,WA-901ND,WR941
|
||||
vuln.state = vulns.STATE.EXPLOIT
|
||||
response = http.get(host, port, TRAVERSAL_QRY..rfile)
|
||||
if response.body and response.status==200 then
|
||||
stdnse.print_debug(2, "%s", response.body)
|
||||
stdnse.debug2("%s", response.body)
|
||||
if response.body:match("Error") then
|
||||
stdnse.debug1("[Error] File not found:%s", rfile)
|
||||
vuln.extra_info = string.format("%s not found.\n", rfile)
|
||||
|
||||
@@ -69,7 +69,7 @@ getLastLoc = function(host, port, useragent)
|
||||
|
||||
options['header']['User-Agent'] = useragent
|
||||
|
||||
stdnse.print_debug(2, "Making a request with User-Agent: " .. useragent)
|
||||
stdnse.debug2("Making a request with User-Agent: " .. useragent)
|
||||
|
||||
local response = http.get(host, port, '/', options)
|
||||
|
||||
|
||||
@@ -162,7 +162,7 @@ action = function(host, port)
|
||||
else
|
||||
status, hostnames = datafiles.parse_file("nselib/data/vhosts-default.lst" , {})
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Can not open file with vhosts file names list")
|
||||
stdnse.debug1("Can not open file with vhosts file names list")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
@@ -67,14 +67,14 @@ to bypass the removal of "../" directory traversal sequences.
|
||||
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
|
||||
local url = "/unauthenticated/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01/..%01" .. file_var
|
||||
|
||||
stdnse.print_debug(1, "Getting " .. file_var)
|
||||
stdnse.debug1("Getting " .. file_var)
|
||||
|
||||
local detection_session = http.get(host, port, url)
|
||||
|
||||
stdnse.print_debug(1, "Status code:"..detection_session.status)
|
||||
stdnse.debug1("Status code:"..detection_session.status)
|
||||
if detection_session and detection_session.status == 200 then
|
||||
vuln.state = vulns.STATE.EXPLOIT
|
||||
stdnse.print_debug(1, detection_session.body)
|
||||
stdnse.debug1(detection_session.body)
|
||||
return vuln_report:make_output(detection_session.body)
|
||||
end
|
||||
end
|
||||
@@ -82,20 +82,20 @@ code execution.]],
|
||||
}
|
||||
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
|
||||
|
||||
stdnse.print_debug(2, "Trying detection using echo command")
|
||||
stdnse.debug2("Trying detection using echo command")
|
||||
local detection_session = http.post(host, port, uri.."?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input", { no_cache = true }, nil, "<?php system('echo NmapCVEIdentification');die(); ?>")
|
||||
if detection_session and detection_session.status == 200 then
|
||||
if string.match(detection_session.body, "NmapCVEIdentification") then
|
||||
stdnse.print_debug(1, "The website seems vulnerable to CVE-2012-1823.")
|
||||
stdnse.debug1("The website seems vulnerable to CVE-2012-1823.")
|
||||
else
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
stdnse.print_debug(2, "Trying Command... " .. cmd)
|
||||
stdnse.debug2("Trying Command... " .. cmd)
|
||||
local exploitation_session = http.post(host, port, uri.."?-d+allow_url_include%3d1+-d+auto_prepend_file%3dphp://input", { no_cache = true }, nil, "<?php system('"..cmd.."');die(); ?>")
|
||||
if exploitation_session and exploitation_session.status == 200 then
|
||||
stdnse.print_debug(1, "Ouput of the command " .. cmd .. " : \n"..exploitation_session.body)
|
||||
stdnse.debug1("Ouput of the command " .. cmd .. " : \n"..exploitation_session.body)
|
||||
vuln.state = vulns.STATE.EXPLOIT
|
||||
return vuln_report:make_output(exploitation_session.body)
|
||||
end
|
||||
|
||||
@@ -91,9 +91,9 @@ This issue was patched in Zimbra 7.2.6.
|
||||
local url_short = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_short .. "%00"
|
||||
local url_long = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=" .. file_long .. "%00"
|
||||
|
||||
stdnse.print_debug(1, "Trying to detect if the server is vulnerable")
|
||||
stdnse.print_debug(1, "GET " .. uri .. escape(url_short))
|
||||
stdnse.print_debug(1, "GET " .. uri .. escape(url_long))
|
||||
stdnse.debug1("Trying to detect if the server is vulnerable")
|
||||
stdnse.debug1("GET " .. uri .. escape(url_short))
|
||||
stdnse.debug1("GET " .. uri .. escape(url_long))
|
||||
|
||||
local session_short = http.get(host, port, uri..url_short)
|
||||
local session_long = http.get(host, port, uri..url_long)
|
||||
@@ -102,20 +102,20 @@ This issue was patched in Zimbra 7.2.6.
|
||||
if session_short.header['content-type'] == "application/x-javascript" then
|
||||
-- Because .gz format is somewhat odd, giving a bit of a margin of error here
|
||||
if (string.len(session_long.body) - string.len(session_short.body)) > 100 then
|
||||
stdnse.print_debug(1, "The website appears to be vulnerable a local file inclusion vulnerability in Zimbra")
|
||||
stdnse.debug1("The website appears to be vulnerable a local file inclusion vulnerability in Zimbra")
|
||||
vuln.state = vulns.STATE.EXPLOIT
|
||||
return vuln_report:make_output(vuln)
|
||||
else
|
||||
stdnse.print_debug(1, "The host does not appear to be vulnerable")
|
||||
stdnse.debug1("The host does not appear to be vulnerable")
|
||||
vuln.state = vulns.STATE.NOT_VULN
|
||||
return vuln_report:make_output(vuln)
|
||||
end
|
||||
else
|
||||
stdnse.print_debug(1, "Bad content-type for the resource : " .. session_short.header['content-type'])
|
||||
stdnse.debug1("Bad content-type for the resource : " .. session_short.header['content-type'])
|
||||
return
|
||||
end
|
||||
else
|
||||
stdnse.print_debug(1, "The website seems to be not vulnerable to this attack.")
|
||||
stdnse.debug1("The website seems to be not vulnerable to this attack.")
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
@@ -74,7 +74,7 @@ action = function(host, port)
|
||||
orig_req = http.get(host, port, path)
|
||||
orig_req.body = http.clean_404(orig_req.body)
|
||||
if orig_req.status and orig_req.body then
|
||||
stdnse.print_debug(3, "Normal HTTP response -> Status:%d Body:\n%s", orig_req.status, orig_req.body)
|
||||
stdnse.debug3("Normal HTTP response -> Status:%d Body:\n%s", orig_req.status, orig_req.body)
|
||||
else
|
||||
return "[ERROR] Initial HTTP request failed"
|
||||
end
|
||||
@@ -88,7 +88,7 @@ action = function(host, port)
|
||||
--perform the "3v1l" requests to try to trigger the IDS/IPS/WAF
|
||||
tests = nil
|
||||
for _, vector in pairs(attack_vectors_n1) do
|
||||
stdnse.print_debug(2, "Probing with payload:%s",vector)
|
||||
stdnse.debug2("Probing with payload:%s",vector)
|
||||
tests = http.pipeline_add(path..vector, nil, tests)
|
||||
end
|
||||
local test_results = http.pipeline_go(host, port, tests)
|
||||
@@ -110,9 +110,9 @@ action = function(host, port)
|
||||
if payload_example and ( string.len(payload_example) > string.len(attack_vectors_n1[i]) ) then
|
||||
payload_example = attack_vectors_n1[i]
|
||||
end
|
||||
stdnse.print_debug(2, "Payload:%s triggered the IDS/IPS/WAF", attack_vectors_n1[i])
|
||||
stdnse.debug2("Payload:%s triggered the IDS/IPS/WAF", attack_vectors_n1[i])
|
||||
if res.status and res.body then
|
||||
stdnse.print_debug(3, "Status:%s Body:%s\n", res.status, res.body)
|
||||
stdnse.debug3("Status:%s Body:%s\n", res.status, res.body)
|
||||
end
|
||||
waf_bool = true
|
||||
end
|
||||
|
||||
@@ -87,7 +87,7 @@ Driver = {
|
||||
|
||||
login = function( self, username, password )
|
||||
-- Note the no_cache directive
|
||||
stdnse.print_debug(2, "HTTP POST %s%s\n", self.host, self.uri)
|
||||
stdnse.debug2("HTTP POST %s%s\n", self.host, self.uri)
|
||||
local response = http.post( self.host, self.port, self.uri, { no_cache = true }, nil, { [self.options.uservar] = username, [self.options.passvar] = password } )
|
||||
-- This redirect is taking us to /wp-admin
|
||||
if response.status == 302 then
|
||||
@@ -105,13 +105,13 @@ Driver = {
|
||||
|
||||
check = function( self )
|
||||
local response = http.get( self.host, self.port, self.uri )
|
||||
stdnse.print_debug(1, "HTTP GET %s%s", stdnse.get_hostname(self.host),self.uri)
|
||||
stdnse.debug1("HTTP GET %s%s", stdnse.get_hostname(self.host),self.uri)
|
||||
-- Check if password field is there
|
||||
if ( response.status == 200 and response.body:match('type=[\'"]password[\'"]')) then
|
||||
stdnse.print_debug(1, "Initial check passed. Launching brute force attack")
|
||||
stdnse.debug1("Initial check passed. Launching brute force attack")
|
||||
return true
|
||||
else
|
||||
stdnse.print_debug(1, "Initial check failed. Password field wasn't found")
|
||||
stdnse.debug1("Initial check failed. Password field wasn't found")
|
||||
end
|
||||
|
||||
return false
|
||||
|
||||
@@ -51,7 +51,7 @@ local function parseResponse(resp)
|
||||
local resp_tbl = stdnse.strsplit("\r?\n", resp)
|
||||
|
||||
if ( not(resp_tbl) or #resp_tbl == 0 ) then
|
||||
stdnse.print_debug(2, "Received an invalid response from server")
|
||||
stdnse.debug2("Received an invalid response from server")
|
||||
return
|
||||
end
|
||||
|
||||
@@ -61,7 +61,7 @@ local function parseResponse(resp)
|
||||
for i=2, #resp_tbl do
|
||||
local key, val = resp_tbl[i]:match("^([^:]*):%s*(.*)$")
|
||||
if ( not(key) or not(val) ) then
|
||||
stdnse.print_debug(2, "Failed to parse header: %s", resp_tbl[i])
|
||||
stdnse.debug2("Failed to parse header: %s", resp_tbl[i])
|
||||
else
|
||||
resp_p.header[key:lower()] = val
|
||||
end
|
||||
|
||||
@@ -56,45 +56,45 @@ local function get_version(host, port)
|
||||
|
||||
-- try aggressive mode (diffie hellman group 2)
|
||||
local diffie = 2
|
||||
stdnse.print_debug(1, "Sending Aggressive mode packet ...")
|
||||
stdnse.debug1("Sending Aggressive mode packet ...")
|
||||
packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, 'vpngroup')
|
||||
version = ike.send_request(host, port, packet)
|
||||
if version.success then
|
||||
return version
|
||||
end
|
||||
stdnse.print_debug(1, "Aggressive mode (dh 2) failed")
|
||||
stdnse.debug1("Aggressive mode (dh 2) failed")
|
||||
|
||||
-- try aggressive mode (diffie hellman group 1)
|
||||
diffie = 1
|
||||
stdnse.print_debug(1, "Sending Aggressive mode packet ...")
|
||||
stdnse.debug1("Sending Aggressive mode packet ...")
|
||||
packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, 'vpngroup')
|
||||
version = ike.send_request(host, port, packet)
|
||||
if version.success then
|
||||
return version
|
||||
end
|
||||
stdnse.print_debug(1, "Aggressive mode (dh 1) failed")
|
||||
stdnse.debug1("Aggressive mode (dh 1) failed")
|
||||
|
||||
-- try aggressive mode (diffie hellman group 2, no id)
|
||||
-- some checkpoint devices respond to this
|
||||
local diffie = 2
|
||||
stdnse.print_debug(1, "Sending Aggressive mode packet ...")
|
||||
stdnse.debug1("Sending Aggressive mode packet ...")
|
||||
packet = ike.request(port.number, port.protocol, 'Aggressive', t, diffie, '')
|
||||
version = ike.send_request(host, port, packet)
|
||||
if version.success then
|
||||
return version
|
||||
end
|
||||
stdnse.print_debug(1, "Aggressive mode (dh 2, no id) failed")
|
||||
stdnse.debug1("Aggressive mode (dh 2, no id) failed")
|
||||
|
||||
-- try main mode
|
||||
stdnse.print_debug(1, "Sending Main mode packet ...")
|
||||
stdnse.debug1("Sending Main mode packet ...")
|
||||
packet = ike.request(port.number, port.protocol, 'Main', t, '')
|
||||
version = ike.send_request(host, port, packet)
|
||||
if version.success then
|
||||
return version
|
||||
end
|
||||
stdnse.print_debug(1, "Main mode failed")
|
||||
stdnse.debug1("Main mode failed")
|
||||
|
||||
stdnse.print_debug(1, "Version detection not possible")
|
||||
stdnse.debug1("Version detection not possible")
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -120,7 +120,7 @@ action = function( host, port )
|
||||
nmap.set_port_state(host, port, "open")
|
||||
end
|
||||
end
|
||||
stdnse.print_debug(1, "Version: %s", port.version.product )
|
||||
stdnse.debug1("Version: %s", port.version.product )
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -58,11 +58,11 @@ local ipinfodb = function(ip)
|
||||
local response = http.get("api.ipinfodb.com", 80, "/v3/ip-city/?key="..api_key.."&format=json".."&ip="..ip, nil)
|
||||
local stat, loc = json.parse(response.body)
|
||||
if not stat then
|
||||
stdnse.print_debug("No response, possibly a network problem.")
|
||||
stdnse.debug1("No response, possibly a network problem.")
|
||||
return nil
|
||||
end
|
||||
if loc.statusMessage and loc.statusMessage == "Invalid API key." then
|
||||
stdnse.print_debug(loc.statusMessage)
|
||||
stdnse.debug1(loc.statusMessage)
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
@@ -579,7 +579,7 @@ local GeoIP = {
|
||||
offset = x[0]
|
||||
end
|
||||
end
|
||||
stdnse.print_debug('Error traversing database - perhaps it is corrupt?')
|
||||
stdnse.debug1('Error traversing database - perhaps it is corrupt?')
|
||||
return nil
|
||||
end,
|
||||
}
|
||||
|
||||
@@ -253,7 +253,7 @@ local function handle_received_packet(buf)
|
||||
|
||||
if not STRINGIFY[qtype] then
|
||||
-- This is a not a qtype we sent or know about.
|
||||
stdnse.print_debug(1, "Got NI reply with unknown qtype %d from %s", qtype, p.ip6_src)
|
||||
stdnse.debug1("Got NI reply with unknown qtype %d from %s", qtype, p.ip6_src)
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -49,12 +49,12 @@ prerule = function()
|
||||
end
|
||||
|
||||
if not nmap.is_privileged() then
|
||||
stdnse.print_debug("Running %s needs root privileges.", SCRIPT_NAME)
|
||||
stdnse.debug1("Running %s needs root privileges.", SCRIPT_NAME)
|
||||
return false
|
||||
end
|
||||
|
||||
if not stdnse.get_script_args(SCRIPT_NAME .. ".interface") and not nmap.get_interface() then
|
||||
stdnse.print_debug("No interface was selected, aborting...", SCRIPT_NAME)
|
||||
stdnse.debug1("No interface was selected, aborting...", SCRIPT_NAME)
|
||||
return false
|
||||
end
|
||||
|
||||
@@ -69,7 +69,7 @@ local function get_interface()
|
||||
if if_table and packet.ip6tobin(if_table.address) and if_table.link == "ethernet" then
|
||||
return if_table.device
|
||||
else
|
||||
stdnse.print_debug("Interface %s not supported or not properly configured, exiting...", arg_interface)
|
||||
stdnse.debug1("Interface %s not supported or not properly configured, exiting...", arg_interface)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -305,7 +305,7 @@ function action(host, port)
|
||||
if #params >= 2 then
|
||||
channels[#channels + 1] = params[2]
|
||||
else
|
||||
stdnse.print_debug("Got short " .. RPL_LIST .. "response.")
|
||||
stdnse.debug1("Got short " .. RPL_LIST .. "response.")
|
||||
end
|
||||
elseif code == RPL_LISTEND then
|
||||
break
|
||||
|
||||
@@ -72,7 +72,7 @@ function action (host, port)
|
||||
local buf = stdnse.make_buffer(sd, "\r?\n")
|
||||
|
||||
while line do
|
||||
stdnse.print_debug(2, "%s", line)
|
||||
stdnse.debug2("%s", line)
|
||||
|
||||
-- This one lets us know we've connected, pre-PONGed, and got a NICK
|
||||
-- Start of MOTD, we'll take the server name from here
|
||||
|
||||
@@ -194,7 +194,7 @@ action = function(host, port)
|
||||
local kill_command = string.format("%s||%s||%s", trigger, linux_kill, windows_kill)
|
||||
|
||||
-- Kill the process
|
||||
stdnse.print_debug(1, "Running kill command: %s", kill_command)
|
||||
stdnse.debug1("Running kill command: %s", kill_command)
|
||||
socket:send(kill_command .. "\n")
|
||||
end
|
||||
|
||||
|
||||
@@ -48,7 +48,7 @@ action = function(host, port)
|
||||
stdnse.sleep(5) -- let the remote socket recover from connect() scan
|
||||
local status,socket = jdwp.connect(host,port) -- initialize the connection
|
||||
if not status then
|
||||
stdnse.print_debug("error, %s",socket)
|
||||
stdnse.debug1("error, %s",socket)
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
@@ -55,7 +55,7 @@ action = function(host, port)
|
||||
stdnse.sleep(5) -- let the remote socket recover from connect() scan
|
||||
local status,socket = jdwp.connect(host,port) -- initialize the connection
|
||||
if not status then
|
||||
stdnse.print_debug("error, %s",socket)
|
||||
stdnse.debug1("error, %s",socket)
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
@@ -42,7 +42,7 @@ action = function(host, port)
|
||||
stdnse.sleep(5) -- let the remote socket recover from connect() scan
|
||||
local status,socket = jdwp.connect(host,port) -- initialize the connection
|
||||
if not status then
|
||||
stdnse.print_debug("error, %s",socket)
|
||||
stdnse.debug1("error, %s",socket)
|
||||
return nil
|
||||
end
|
||||
|
||||
|
||||
@@ -172,7 +172,7 @@ action = function( host, port )
|
||||
context = get_naming_context(socket)
|
||||
|
||||
if not context then
|
||||
stdnse.print_debug("Failed to retrieve namingContext")
|
||||
stdnse.debug1("Failed to retrieve namingContext")
|
||||
socket:close()
|
||||
return
|
||||
end
|
||||
@@ -207,12 +207,12 @@ action = function( host, port )
|
||||
password = username
|
||||
end
|
||||
|
||||
stdnse.print_debug( "Trying %s/%s ...", fq_username, password )
|
||||
stdnse.debug1( "Trying %s/%s ...", fq_username, password )
|
||||
status, response = ldap.bindRequest( socket, { version=3, ['username']=fq_username, ['password']=password} )
|
||||
|
||||
-- if the DN (username) does not exist, break loop
|
||||
if not status and response:match("invalid DN") then
|
||||
stdnse.print_debug( "%s returned: \"Invalid DN\"", fq_username )
|
||||
stdnse.debug1( "%s returned: \"Invalid DN\"", fq_username )
|
||||
invalid_account_cnt = invalid_account_cnt + 1
|
||||
break
|
||||
end
|
||||
@@ -291,7 +291,7 @@ action = function( host, port )
|
||||
passwords("reset")
|
||||
end
|
||||
|
||||
stdnse.print_debug( "Finished brute against LDAP, total tries: %d, tps: %d", tot_tries, ( tot_tries / ( ( nmap.clock_ms() - clock_start ) / 1000 ) ) )
|
||||
stdnse.debug1( "Finished brute against LDAP, total tries: %d, tps: %d", tot_tries, ( tot_tries / ( ( nmap.clock_ms() - clock_start ) / 1000 ) ) )
|
||||
|
||||
if ( invalid_account_cnt == user_cnt and base_dn ~= nil ) then
|
||||
return "WARNING: All usernames were invalid. Invalid LDAP base?"
|
||||
|
||||
@@ -164,7 +164,7 @@ function action(host,port)
|
||||
end
|
||||
|
||||
if ( not(contexts) or #contexts == 0 ) then
|
||||
stdnse.print_debug( "Failed to retrieve namingContexts" )
|
||||
stdnse.debug1( "Failed to retrieve namingContexts" )
|
||||
contexts = {""}
|
||||
end
|
||||
|
||||
@@ -174,7 +174,7 @@ function action(host,port)
|
||||
local status, errmsg = ldap.bindRequest( socket, bindParam )
|
||||
|
||||
if not status then
|
||||
stdnse.print_debug("ldap-search failed to bind: %s", errmsg)
|
||||
stdnse.debug1("ldap-search failed to bind: %s", errmsg)
|
||||
return " \n ERROR: Authentication failed"
|
||||
end
|
||||
-- or if ldap-brute found us something
|
||||
@@ -240,7 +240,7 @@ function action(host,port)
|
||||
if ( searchResEntries:match("DSID[-]0C090627") and not(username) ) then
|
||||
return "ERROR: Failed to bind as the anonymous user"
|
||||
else
|
||||
stdnse.print_debug("ldap.searchRequest returned: %s", searchResEntries)
|
||||
stdnse.debug1("ldap.searchRequest returned: %s", searchResEntries)
|
||||
return
|
||||
end
|
||||
end
|
||||
|
||||
@@ -269,7 +269,7 @@ action = function()
|
||||
local interface = interface_opt or interface_arg
|
||||
local if_table = nmap.get_interface_info(interface)
|
||||
if not if_table or not if_table.address or not if_table.link=="ethernet" then
|
||||
stdnse.print_debug("Interface not supported or not properly configured.")
|
||||
stdnse.debug1("Interface not supported or not properly configured.")
|
||||
return false
|
||||
end
|
||||
table.insert(interfaces, if_table)
|
||||
@@ -286,7 +286,7 @@ action = function()
|
||||
end
|
||||
|
||||
if #interfaces == 0 then
|
||||
stdnse.print_debug("No interfaces found.")
|
||||
stdnse.debug1("No interfaces found.")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -45,14 +45,14 @@ portrule = shortport.version_port_or_service(7210, "maxdb", "tcp")
|
||||
local function exchPacket(socket, packet)
|
||||
local status, err = socket:send(packet)
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(2, "Failed to send packet to server")
|
||||
stdnse.debug2("Failed to send packet to server")
|
||||
return false, "Failed to send packet to server"
|
||||
end
|
||||
|
||||
local data
|
||||
status, data= socket:receive()
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(2, "Failed to read packet from server")
|
||||
stdnse.debug2("Failed to read packet from server")
|
||||
return false, "Failed to read packet from server"
|
||||
end
|
||||
local pos, len = bin.unpack("<S", data)
|
||||
@@ -62,7 +62,7 @@ local function exchPacket(socket, packet)
|
||||
local tmp
|
||||
status, tmp = socket:receive_bytes(len - #data)
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(2, "Failed to read packet from server")
|
||||
stdnse.debug2("Failed to read packet from server")
|
||||
return false, "Failed to read packet from server"
|
||||
end
|
||||
data = data .. tmp
|
||||
|
||||
@@ -113,7 +113,7 @@ local login = function(username, password,host,port)
|
||||
return false, nil
|
||||
end
|
||||
end
|
||||
stdnse.print_debug("something is wrong:" .. data )
|
||||
stdnse.debug1("something is wrong:" .. data )
|
||||
return false, nil
|
||||
end
|
||||
|
||||
@@ -235,7 +235,7 @@ end
|
||||
|
||||
action = function( host, port )
|
||||
if not arg_username or not arg_password then
|
||||
stdnse.print_debug("This script requires username and password supplied as arguments")
|
||||
stdnse.debug1("This script requires username and password supplied as arguments")
|
||||
return false
|
||||
end
|
||||
|
||||
|
||||
@@ -84,7 +84,7 @@ Driver = {
|
||||
["Content-Type"] = "binary/message-pack"
|
||||
}
|
||||
}
|
||||
stdnse.print_debug( "Trying %s/%s ...", user, pass )
|
||||
stdnse.debug1( "Trying %s/%s ...", user, pass )
|
||||
data = http.post(self.host,self.port, "/api/",options, nil , encode(user,pass))
|
||||
if data and data.status and tostring( data.status ):match( "200" ) then
|
||||
if string.find(data.body,"success") then
|
||||
|
||||
@@ -96,7 +96,7 @@ end
|
||||
local function processSwitchMode(socket, swmode)
|
||||
local m, o, a1, a2, p = swmode:match("^(.-)\30(.-)\30(.-)\30(.-)\30(.-)\04$")
|
||||
if ( m ~= "SWITCHMODE") then
|
||||
stdnse.print_debug("Unknown SWITCHMODE: %s %s", m, o)
|
||||
stdnse.debug1("Unknown SWITCHMODE: %s %s", m, o)
|
||||
return false, "Failed to parse SWITCHMODE"
|
||||
end
|
||||
|
||||
|
||||
@@ -63,7 +63,7 @@ discover_device_id_recursive = function(host, port, sid, start_id)
|
||||
local more_follows = string.byte(result, 12)
|
||||
local next_object_id = string.byte(result, 13)
|
||||
local number_of_objects = string.byte(result, 14)
|
||||
stdnse.print_debug(1, "more = 0x%x, next_id = 0x%x, obj_number = 0x%x", more_follows, next_object_id, number_of_objects)
|
||||
stdnse.debug1("more = 0x%x, next_id = 0x%x, obj_number = 0x%x", more_follows, next_object_id, number_of_objects)
|
||||
local offset = 15
|
||||
for i = start_id, (number_of_objects - 1) do
|
||||
local object_id = string.byte(result, offset)
|
||||
@@ -71,12 +71,12 @@ discover_device_id_recursive = function(host, port, sid, start_id)
|
||||
-- error data format --
|
||||
if object_len == nil then break end
|
||||
local object_value = string.sub(result, offset + 2, offset + 1 + object_len)
|
||||
stdnse.print_debug(1, "Object id = 0x%x, value = %s", object_id, object_value)
|
||||
stdnse.debug1("Object id = 0x%x, value = %s", object_id, object_value)
|
||||
table.insert(objects_table, object_id + 1, object_value)
|
||||
offset = offset + 2 + object_len
|
||||
end
|
||||
if ( more_follows == 0xFF and next_object_id ~= 0x00 ) then
|
||||
stdnse.print_debug(1, "Has more objects")
|
||||
stdnse.debug1("Has more objects")
|
||||
local recursive_table = discover_device_id_recursive(host, port, sid, next_object_id)
|
||||
for k,v in pairs(recursive_table) do
|
||||
table.insert(objects_table, k, v)
|
||||
@@ -129,7 +129,7 @@ action = function(host, port)
|
||||
local results = {}
|
||||
|
||||
for sid = 1, 246 do
|
||||
stdnse.print_debug(3, "Sending command with sid = %d", sid)
|
||||
stdnse.debug3("Sending command with sid = %d", sid)
|
||||
local rsid = form_rsid(sid, 0x11, "")
|
||||
|
||||
local status, result = comm.exchange(host, port, rsid, opts)
|
||||
|
||||
@@ -167,11 +167,11 @@ local function test_credentials( instance, helper, username, password )
|
||||
end
|
||||
end
|
||||
if ( mssql.LoginErrorMessage[ loginErrorCode ] == nil ) then
|
||||
stdnse.print_debug( 2, "%s: Attemping login to %s as (%s/%s): Unknown login error number: %s",
|
||||
stdnse.debug2("%s: Attemping login to %s as (%s/%s): Unknown login error number: %s",
|
||||
SCRIPT_NAME, instance:GetName(), username, password, loginErrorCode )
|
||||
table.insert( instance.ms_sql_brute.warnings, string.format( "Unknown login error number: %s", loginErrorCode ) )
|
||||
end
|
||||
stdnse.print_debug( 3, "%s: Attempt to login to %s as (%s/%s): %d (%s)",
|
||||
stdnse.debug3("%s: Attempt to login to %s as (%s/%s): %d (%s)",
|
||||
SCRIPT_NAME, instance:GetName(), username, password, loginErrorCode, tostring( mssql.LoginErrorMessage[ loginErrorCode ] ) )
|
||||
else
|
||||
table.insert( instance.ms_sql_brute.errors, string.format("Network error. Skipping instance. Error: %s", result ) )
|
||||
|
||||
@@ -57,7 +57,7 @@ end
|
||||
|
||||
local function discoverDAC(host, name, result)
|
||||
local condvar = nmap.condvar(result)
|
||||
stdnse.print_debug(2, "Discovering DAC port on instance: %s", name)
|
||||
stdnse.debug2("Discovering DAC port on instance: %s", name)
|
||||
local port = mssql.Helper.DiscoverDACPort( host, name )
|
||||
if ( port ) then
|
||||
if ( checkPort(host, port) ) then
|
||||
|
||||
@@ -79,20 +79,20 @@ action = function(host,port)
|
||||
local status, smbstate
|
||||
status, smbstate = msrpc.start_smb(host,msrpc.EPMAPPER_PATH,true)
|
||||
if(status == false) then
|
||||
stdnse.print_debug("SMB: " .. smbstate)
|
||||
stdnse.debug1("SMB: " .. smbstate)
|
||||
return false, smbstate
|
||||
end
|
||||
local bind_result,epresult -- bind to endpoint mapper service
|
||||
status, bind_result = msrpc.bind(smbstate,msrpc.EPMAPPER_UUID, msrpc.EPMAPPER_VERSION, nil)
|
||||
if(status == false) then
|
||||
msrpc.stop_smb(smbstate)
|
||||
stdnse.print_debug("SMB: " .. bind_result)
|
||||
stdnse.debug1("SMB: " .. bind_result)
|
||||
return false, bind_result
|
||||
end
|
||||
local results = {}
|
||||
status, epresult = msrpc.epmapper_lookup(smbstate,nil) -- get the initial handle
|
||||
if not status then
|
||||
stdnse.print_debug("SMB: " .. epresult)
|
||||
stdnse.debug1("SMB: " .. epresult)
|
||||
return false, epresult
|
||||
|
||||
end
|
||||
|
||||
@@ -65,7 +65,7 @@ Driver = {
|
||||
if(not(status)) then
|
||||
return false,brute.Error:new(response)
|
||||
end
|
||||
stdnse.print_debug( "Trying %s/%s ...", user, pass )
|
||||
stdnse.debug1( "Trying %s/%s ...", user, pass )
|
||||
status, response = mysql.loginRequest( self.socket, { authversion = "post41", charset = response.charset }, user, pass, response.salt )
|
||||
if status then
|
||||
-- Add credentials for other mysql scripts to use
|
||||
|
||||
@@ -66,7 +66,7 @@ action = function( host, port )
|
||||
end
|
||||
-- last, no dice, we don't have any credentials at all
|
||||
else
|
||||
stdnse.print_debug("No credentials supplied, aborting ...")
|
||||
stdnse.debug1("No credentials supplied, aborting ...")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -71,7 +71,7 @@ end
|
||||
action = function(host, port)
|
||||
local creds = getCredentials()
|
||||
if ( not(creds) ) then
|
||||
stdnse.print_debug(2, "No credentials were supplied, aborting ...")
|
||||
stdnse.debug2("No credentials were supplied, aborting ...")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -77,7 +77,7 @@ Driver = {
|
||||
end
|
||||
return false,brute.Error:new(response)
|
||||
end
|
||||
stdnse.print_debug( "Trying %s ...", pass)
|
||||
stdnse.debug1( "Trying %s ...", pass)
|
||||
local auth_string = bin.pack("H","0000018d00000000") .. pass .. bin.pack("H","00504e5f5155454d4500"); -- old authentication method
|
||||
local err
|
||||
status, err = self.socket:send(bin.pack("c",string.len(auth_string)-3) .. auth_string) --send initial auth
|
||||
|
||||
@@ -74,13 +74,13 @@ end
|
||||
|
||||
action = function(host, port)
|
||||
if ( not(arg_query) ) then
|
||||
stdnse.print_debug(2, "No query was given, aborting ...")
|
||||
stdnse.debug2("No query was given, aborting ...")
|
||||
return
|
||||
end
|
||||
|
||||
local creds = getCredentials()
|
||||
if ( not(creds) ) then
|
||||
stdnse.print_debug(2, "No credentials were supplied, aborting ...")
|
||||
stdnse.debug2("No credentials were supplied, aborting ...")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -69,7 +69,7 @@ action = function( host, port )
|
||||
end
|
||||
-- last, no dice, we don't have any credentials at all
|
||||
else
|
||||
stdnse.print_debug("No credentials supplied, aborting ...")
|
||||
stdnse.debug1("No credentials supplied, aborting ...")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -78,7 +78,7 @@ action = function( host, port )
|
||||
end
|
||||
-- last, no dice, we don't have any credentials at all
|
||||
else
|
||||
stdnse.print_debug("No credentials supplied, aborting ...")
|
||||
stdnse.debug1("No credentials supplied, aborting ...")
|
||||
return
|
||||
end
|
||||
|
||||
|
||||
@@ -191,7 +191,7 @@ local function table_dirlist(nfs, mount, dirlist)
|
||||
attrs[files[idx]] = table_attributes(nfs, v.name, v.attributes)
|
||||
idx = idx + 1
|
||||
else
|
||||
stdnse.print_debug(1, "ERROR attributes: %s", v.name)
|
||||
stdnse.debug1("ERROR attributes: %s", v.name)
|
||||
end
|
||||
end
|
||||
end
|
||||
@@ -380,13 +380,13 @@ hostaction = function(host)
|
||||
mnt_comm = rpc.Comm:new('mountd', host.registry.nfs.mountver)
|
||||
status, result = mnt_comm:Connect(ahost, host.registry.nfs.mountport)
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(4, "ShowMounts: %s", result)
|
||||
stdnse.debug4("ShowMounts: %s", result)
|
||||
return false, result
|
||||
end
|
||||
status, mounts = mnt:Export(mnt_comm)
|
||||
mnt_comm:Disconnect()
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(4, "ShowMounts: %s", mounts)
|
||||
stdnse.debug4("ShowMounts: %s", mounts)
|
||||
end
|
||||
return status, mounts
|
||||
end,
|
||||
@@ -400,14 +400,14 @@ hostaction = function(host)
|
||||
|
||||
status, err = mnt_comm:Connect(host, host.registry.nfs.mountport)
|
||||
if not status then
|
||||
stdnse.print_debug(4, "MountPath: %s", err)
|
||||
stdnse.debug4("MountPath: %s", err)
|
||||
return nil, err
|
||||
end
|
||||
|
||||
status, fhandle = mnt:Mount(mnt_comm, path)
|
||||
if not status then
|
||||
mnt_comm:Disconnect()
|
||||
stdnse.print_debug(4, "MountPath: %s", fhandle)
|
||||
stdnse.debug4("MountPath: %s", fhandle)
|
||||
return nil, fhandle
|
||||
end
|
||||
|
||||
@@ -420,7 +420,7 @@ hostaction = function(host)
|
||||
nfs_comm = rpc.Comm:new('nfs', host.registry.nfs.nfsver)
|
||||
status, err = nfs_comm:Connect(host, host.registry.nfs.nfsport)
|
||||
if not status then
|
||||
stdnse.print_debug(4, "NfsOpen: %s", err)
|
||||
stdnse.debug4("NfsOpen: %s", err)
|
||||
return nil, err
|
||||
end
|
||||
|
||||
|
||||
@@ -55,7 +55,7 @@ local function get_exports(host, port)
|
||||
local mnt_comm = rpc.Comm:new('mountd', mountver)
|
||||
local status, result = mnt_comm:Connect(host, port)
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(4, "get_exports: %s", result)
|
||||
stdnse.debug4("get_exports: %s", result)
|
||||
return false, result
|
||||
end
|
||||
host.registry.nfs.mountver = mountver
|
||||
@@ -63,7 +63,7 @@ local function get_exports(host, port)
|
||||
local status, mounts = mnt:Export(mnt_comm)
|
||||
mnt_comm:Disconnect()
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(4, "get_exports: %s", mounts)
|
||||
stdnse.debug4("get_exports: %s", mounts)
|
||||
end
|
||||
return status, mounts
|
||||
end
|
||||
|
||||
@@ -274,13 +274,13 @@ hostaction = function(host)
|
||||
mnt_comm = rpc.Comm:new('mountd', host.registry.nfs.mountver)
|
||||
status, result = mnt_comm:Connect(ahost, host.registry.nfs.mountport)
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(4, "ShowMounts: %s", result)
|
||||
stdnse.debug4("ShowMounts: %s", result)
|
||||
return false, result
|
||||
end
|
||||
status, mounts = mnt:Export(mnt_comm)
|
||||
mnt_comm:Disconnect()
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(4, "ShowMounts: %s", mounts)
|
||||
stdnse.debug4("ShowMounts: %s", mounts)
|
||||
end
|
||||
return status, mounts
|
||||
end,
|
||||
@@ -294,14 +294,14 @@ hostaction = function(host)
|
||||
|
||||
status, err = mnt_comm:Connect(host, host.registry.nfs.mountport)
|
||||
if not status then
|
||||
stdnse.print_debug(4, "MountPath: %s", err)
|
||||
stdnse.debug4("MountPath: %s", err)
|
||||
return nil, err
|
||||
end
|
||||
|
||||
status, fhandle = mnt:Mount(mnt_comm, path)
|
||||
if not status then
|
||||
mnt_comm:Disconnect()
|
||||
stdnse.print_debug(4, "MountPath: %s", fhandle)
|
||||
stdnse.debug4("MountPath: %s", fhandle)
|
||||
return nil, fhandle
|
||||
end
|
||||
|
||||
@@ -314,7 +314,7 @@ hostaction = function(host)
|
||||
nfs_comm = rpc.Comm:new('nfs', host.registry.nfs.nfsver)
|
||||
status, err = nfs_comm:Connect(host, host.registry.nfs.nfsport)
|
||||
if not status then
|
||||
stdnse.print_debug(4, "NfsOpen: %s", err)
|
||||
stdnse.debug4("NfsOpen: %s", err)
|
||||
return nil, err
|
||||
end
|
||||
|
||||
|
||||
@@ -130,7 +130,7 @@ local nrpe_open = function(host, port)
|
||||
return true, sock
|
||||
end
|
||||
|
||||
stdnse.print_debug(2, "Can't connect using %s: %s", proto, err)
|
||||
stdnse.debug2("Can't connect using %s: %s", proto, err)
|
||||
sock:close()
|
||||
end
|
||||
|
||||
@@ -183,7 +183,7 @@ local nrpe_check = function(host, port, cmd)
|
||||
-- Send query.
|
||||
local status, err = sock:send(nrpe_write(cmd))
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Failed to send NRPE query for command %s: %s", cmd, err)
|
||||
stdnse.debug1("Failed to send NRPE query for command %s: %s", cmd, err)
|
||||
sock:close()
|
||||
return false, nil
|
||||
end
|
||||
@@ -191,7 +191,7 @@ local nrpe_check = function(host, port, cmd)
|
||||
-- Receive response.
|
||||
local status, resp = sock:receive()
|
||||
if not status then
|
||||
stdnse.print_debug(1, "Can't read NRPE response: %s", resp)
|
||||
stdnse.debug1("Can't read NRPE response: %s", resp)
|
||||
sock:close()
|
||||
return false, nil
|
||||
end
|
||||
|
||||
@@ -124,7 +124,7 @@ action = function(host, port)
|
||||
end
|
||||
|
||||
if(#output > 0) then
|
||||
stdnse.print_debug("Test len: %d", #output)
|
||||
stdnse.debug1("Test len: %d", #output)
|
||||
nmap.set_port_state(host, port, "open")
|
||||
if nmap.verbosity() < 1 then
|
||||
local mt = getmetatable(output)
|
||||
|
||||
@@ -203,7 +203,7 @@ function formatoptions(header)
|
||||
end
|
||||
local rawmeth = msg["method"]
|
||||
if not rawmeth then
|
||||
stdnse.print_debug(2, "header missing method field")
|
||||
stdnse.debug2("header missing method field")
|
||||
return
|
||||
end
|
||||
local method = parsestring(rawmeth)
|
||||
@@ -211,7 +211,7 @@ function formatoptions(header)
|
||||
return
|
||||
end
|
||||
if method ~= "hello" then
|
||||
stdnse.print_debug(1, "expecting hello, got " .. method .. " instead")
|
||||
stdnse.debug1("expecting hello, got " .. method .. " instead")
|
||||
return
|
||||
end
|
||||
local rawopts = msg["options"]
|
||||
|
||||
@@ -154,7 +154,7 @@ Driver =
|
||||
return true, brute.Account:new(username .. " as sysdba", password, creds.State.VALID)
|
||||
-- check for any other message
|
||||
elseif ( data:match("ORA[-]%d+")) then
|
||||
stdnse.print_debug(3, "username: %s, password: %s, error: %s", username, password, data )
|
||||
stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
|
||||
return false, brute.Error:new(data)
|
||||
-- any other errors are likely communication related, attempt to re-try
|
||||
else
|
||||
|
||||
@@ -218,7 +218,7 @@ local function prng_generate_ports(ip, seed)
|
||||
local i
|
||||
local magic = 0x015A4E35
|
||||
|
||||
stdnse.print_debug(1, "Conficker: Generating ports based on ip (0x%08x) and seed (%d)", ip, seed)
|
||||
stdnse.debug1("Conficker: Generating ports based on ip (0x%08x) and seed (%d)", ip, seed)
|
||||
|
||||
v1 = -(ip + 1)
|
||||
repeat
|
||||
@@ -274,7 +274,7 @@ local function p2p_checksum(data)
|
||||
local pos, i
|
||||
local hash = #data
|
||||
|
||||
stdnse.print_debug(2, "Conficker: Calculating checksum for %d-byte buffer", #data)
|
||||
stdnse.debug2("Conficker: Calculating checksum for %d-byte buffer", #data)
|
||||
|
||||
-- Get the first character
|
||||
pos, i = bin.unpack("<C", data)
|
||||
|
||||
@@ -90,7 +90,7 @@ Driver = {
|
||||
if not status and not retry then
|
||||
break
|
||||
end
|
||||
stdnse.print_debug("in a loop")
|
||||
stdnse.debug1("in a loop")
|
||||
stdnse.sleep(2) -- needs relatively big timeout between retries
|
||||
end
|
||||
if not status or string.find(response,"Please press <Enter>") == nil then
|
||||
@@ -118,7 +118,7 @@ Driver = {
|
||||
local response
|
||||
local err
|
||||
local status
|
||||
stdnse.print_debug( "Trying %s/%s ...", user, pass )
|
||||
stdnse.debug1( "Trying %s/%s ...", user, pass )
|
||||
-- send username and password
|
||||
-- both are prefixed with 0x06, size and are encrypted
|
||||
status, err = self.socket:send(bin.pack("C",0x06) .. bin.pack("C",string.len(user)) .. encrypt(user) ) -- send username
|
||||
|
||||
@@ -105,7 +105,7 @@ action = function( host, port )
|
||||
for username in usernames do
|
||||
ssl_enable = not(nossl)
|
||||
for password in passwords do
|
||||
stdnse.print_debug("Trying %s/%s ...", username, password )
|
||||
stdnse.debug1("Trying %s/%s ...", username, password )
|
||||
local socket = connectSocket( host, port, ssl_enable )
|
||||
status, response = pg.sendStartup(socket, username, username)
|
||||
|
||||
@@ -126,7 +126,7 @@ action = function( host, port )
|
||||
status, response = pg.sendStartup(socket, username, username)
|
||||
if (not(status)) then
|
||||
if ( response:match("no pg_hba.conf entry for host") ) then
|
||||
stdnse.print_debug("The host was denied access to db \"%s\" as user \"%s\", aborting ...", username, username )
|
||||
stdnse.debug1("The host was denied access to db \"%s\" as user \"%s\", aborting ...", username, username )
|
||||
break
|
||||
else
|
||||
stdnse.debug1("sendStartup returned: %s", response )
|
||||
|
||||
@@ -83,7 +83,7 @@ local function parsefields(data)
|
||||
local parts = stdnse.strsplit("\\", data)
|
||||
local nullprefix = table.remove(parts, 1)
|
||||
if nullprefix ~= "" then
|
||||
stdnse.print_debug(2, "unrecognized field format, skipping options")
|
||||
stdnse.debug2("unrecognized field format, skipping options")
|
||||
return {}
|
||||
end
|
||||
for i = 1, #parts, 2 do
|
||||
@@ -112,11 +112,11 @@ end
|
||||
local function parseplayer(data)
|
||||
local parts = stdnse.strsplit(" ", data)
|
||||
if #parts < 3 then
|
||||
stdnse.print_debug(2, "player info line is missing elements, skipping a player")
|
||||
stdnse.debug2("player info line is missing elements, skipping a player")
|
||||
return nil
|
||||
end
|
||||
if #parts > 3 then
|
||||
stdnse.print_debug(2, "player info line has unknown elements, skipping a player")
|
||||
stdnse.debug2("player info line has unknown elements, skipping a player")
|
||||
return nil
|
||||
end
|
||||
local player = {}
|
||||
@@ -124,7 +124,7 @@ local function parseplayer(data)
|
||||
player.ping = parts[2]
|
||||
player.name = parsename(parts[3])
|
||||
if player.name == nil then
|
||||
stdnse.print_debug(2, "invalid player name serialization, skipping a player")
|
||||
stdnse.debug2("invalid player name serialization, skipping a player")
|
||||
return nil
|
||||
end
|
||||
return player
|
||||
@@ -204,12 +204,12 @@ action = function(host, port)
|
||||
return
|
||||
end
|
||||
if #parts < 2 then
|
||||
stdnse.print_debug(2, "incomplete status response, script abort")
|
||||
stdnse.debug2("incomplete status response, script abort")
|
||||
return
|
||||
end
|
||||
local nullend = table.remove(parts)
|
||||
if nullend ~= "" then
|
||||
stdnse.print_debug(2, "missing terminating endline, script abort")
|
||||
stdnse.debug2("missing terminating endline, script abort")
|
||||
return
|
||||
end
|
||||
local field_data = table.remove(parts, 1)
|
||||
|
||||
@@ -52,7 +52,7 @@ local addtargets = function(list)
|
||||
if st then
|
||||
sum = sum + 1
|
||||
else
|
||||
stdnse.print_debug("Couldn't add target " .. t .. ": " .. err)
|
||||
stdnse.debug1("Couldn't add target " .. t .. ": " .. err)
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
@@ -37,7 +37,7 @@ action = function(host, port)
|
||||
_, stamp = bin.unpack(">I", result)
|
||||
port.version.extrainfo = "64 bits"
|
||||
else
|
||||
stdnse.print_debug(1, "Odd response: %s", stdnse.filename_escape(result))
|
||||
stdnse.debug1("Odd response: %s", stdnse.filename_escape(result))
|
||||
return nil
|
||||
end
|
||||
|
||||
@@ -49,7 +49,7 @@ action = function(host, port)
|
||||
local diff = os.difftime(stamp,os.time())
|
||||
if diff < 0 then diff = -diff end
|
||||
-- confidence decreases by 1 for each year the time is off.
|
||||
stdnse.print_debug(1, "Time difference: %d seconds (%0.2f years)", diff, diff / 31556926)
|
||||
stdnse.debug1("Time difference: %d seconds (%0.2f years)", diff, diff / 31556926)
|
||||
local confidence = 10 - diff / 31556926
|
||||
if confidence < 0 then confidence = 0 end
|
||||
port.version.name_confidence = confidence
|
||||
|
||||
@@ -76,7 +76,7 @@ Driver = {
|
||||
self.socket:close()
|
||||
end
|
||||
if ( not(status) ) then
|
||||
stdnse.print_debug(3, "ERROR: failed to connect to server")
|
||||
stdnse.debug3("ERROR: failed to connect to server")
|
||||
end
|
||||
return status
|
||||
end,
|
||||
@@ -92,7 +92,7 @@ Driver = {
|
||||
return false, err
|
||||
end
|
||||
if ( data ~= "\0" ) then
|
||||
stdnse.print_debug(2, "ERROR: Expected null byte")
|
||||
stdnse.debug2("ERROR: Expected null byte")
|
||||
local err = brute.Error:new( "Expected null byte" )
|
||||
err:setRetry( true )
|
||||
return false, err
|
||||
@@ -105,7 +105,7 @@ Driver = {
|
||||
return false, err
|
||||
end
|
||||
if ( data ~= "Password: " ) then
|
||||
stdnse.print_debug(2, "ERROR: Expected password prompt")
|
||||
stdnse.debug2("ERROR: Expected password prompt")
|
||||
local err = brute.Error:new( "Expected password prompt" )
|
||||
err:setRetry( true )
|
||||
return false, err
|
||||
|
||||
@@ -155,11 +155,11 @@ portrule = shortport.port_or_service({1098, 1099, 1090, 8901, 8902, 8903}, {"jav
|
||||
-- Some lazy shortcuts
|
||||
|
||||
local function dbg(str,...)
|
||||
stdnse.print_debug(3,"RMI-DUMPREG:"..str, ...)
|
||||
stdnse.debug3("RMI-DUMPREG:"..str, ...)
|
||||
end
|
||||
|
||||
local function dbg_err(str, ... )
|
||||
stdnse.print_debug("RMI-DUMPREG-ERR:"..str, ...)
|
||||
stdnse.debug1("RMI-DUMPREG-ERR:"..str, ...)
|
||||
end
|
||||
|
||||
-- Function to split a string
|
||||
|
||||
@@ -224,7 +224,7 @@ action = function(host, port)
|
||||
local result, lthreads = {}, {}
|
||||
|
||||
if not isRPC(host, port) then
|
||||
stdnse.print_debug("Target port %s is not a RPC port.", port.number)
|
||||
stdnse.debug1("Target port %s is not a RPC port.", port.number)
|
||||
return
|
||||
end
|
||||
local threads = tonumber(stdnse.get_script_args(SCRIPT_NAME .. ".threads")) or 4
|
||||
@@ -262,7 +262,7 @@ action = function(host, port)
|
||||
end
|
||||
nmap.set_port_version(host, port, "hardmatched")
|
||||
else
|
||||
stdnse.print_debug("Couldn't determine the target RPC service. Running a service not in nmap-rpc ?")
|
||||
stdnse.debug1("Couldn't determine the target RPC service. Running a service not in nmap-rpc ?")
|
||||
end
|
||||
return nil
|
||||
end
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user