o [NSE] Added the Netware Core Protocol (NCP) library and the scripts

ncp-serverinfo and ncp-enum-users. [Patrik]

CHANGELOG

@@ -1,7 +1,11 @@
 # Nmap Changelog ($Id$); -*-text-*-
 
+o [NSE] Added the Netware Core Protocol (NCP) library and the scripts
+  ncp-serverinfo and ncp-enum-users. [Patrik]
+
 o [NSE] Added ldap-novell-getpass, a script that provides support for
   retrieving Universal Passwords in plain-text from Novell eDirectory.
+  [Patrik]
 
 o [ZenMmap] Fixed issue with ports closed in newer scan not being removed
   from the ports list [Colin Rice]

scripts/ncp-enum-users.nse

@@ -0,0 +1,51 @@
+description = [[
+Retrieves a list of all eDirectory users from the NCP service
+]]
+
+---
+--
+--@output
+-- PORT    STATE SERVICE REASON
+-- 524/tcp open  ncp     syn-ack
+-- | ncp-enum-users: 
+-- |   CN=admin.O=cqure
+-- |   CN=cawi.OU=finance.O=cqure
+-- |   CN=linux-l84tadmin.O=cqure
+-- |   CN=nist.OU=hr.O=cqure
+-- |   CN=novlxregd.O=cqure
+-- |   CN=novlxsrvd.O=cqure
+-- |   CN=OESCommonProxy_linux-l84t.O=cqure
+-- |   CN=sasi.OU=hr.O=cqure
+-- |_  CN=wwwrun.O=cqure
+--
+
+-- Version 0.1
+-- Created 04/26/2011 - v0.1 - created by Patrik Karlsson
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+require 'shortport'
+require 'ncp'
+
+portrule = shortport.port_or_service(524, "ncp", "tcp")
+
+action = function(host, port)
+	local helper = ncp.Helper:new(host,port)
+
+	local status, resp = helper:connect()
+	if ( not(status) ) then	return stdnse.format_output(false, resp) end
+
+	status, resp = helper:search("[Root]", "User", "*")
+	if ( not(status) ) then	return stdnse.format_output(false, resp) end
+	
+	local output = {}
+	
+	for _, entry in ipairs(resp) do
+		table.insert(output, entry.name)
+	end
+
+	return stdnse.format_output(true, output)
+end
+

scripts/ncp-serverinfo.nse

@@ -0,0 +1,48 @@
+description = [[
+Gets NCP Server Information
+]]
+
+---
+--
+--@output
+-- PORT    STATE SERVICE
+-- 524/tcp open  ncp
+-- | ncp-serverinfo: 
+-- |   Server name: LINUX-L84T
+-- |   Tree Name: IIT-LABTREE
+-- |   OS Version: 5.70 (rev 7)
+-- |   Product version: 6.50 (rev 7)
+-- |   OS Language ID: 4
+-- |   Addresses
+-- |     10.0.200.33 524/udp
+-- |     10.0.200.33 524/tcp
+-- |   Mounts
+-- |     SYS
+-- |     ADMIN
+-- |_    _ADMIN
+
+-- Version 0.1
+-- Created 04/26/2011 - v0.1 - created by Patrik Karlsson
+
+author = "Patrik Karlsson"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"discovery", "safe"}
+
+require "shortport"
+require "ncp"
+
+portrule = shortport.port_or_service(524, "ncp", "tcp")
+
+action = function(host, port)
+	local helper = ncp.Helper:new(host,port)
+
+	local status, resp = helper:connect()
+	if ( not(status) ) then	return stdnse.format_output(false, resp) end
+
+	status, resp = helper:getServerInfo()
+	if ( not(status) ) then	return stdnse.format_output(false, resp) end
+	
+	helper:close()
+
+	return stdnse.format_output(true, resp)
+end

scripts/script.db

@@ -113,6 +113,8 @@ Entry { filename = "mysql-users.nse", categories = { "discovery", "intrusive", }
 Entry { filename = "mysql-variables.nse", categories = { "discovery", "intrusive", } }
 Entry { filename = "nat-pmp-info.nse", categories = { "default", "discovery", "safe", } }
 Entry { filename = "nbstat.nse", categories = { "default", "discovery", "safe", } }
+Entry { filename = "ncp-enum-users.nse", categories = { "discovery", "safe", } }
+Entry { filename = "ncp-serverinfo.nse", categories = { "discovery", "safe", } }
 Entry { filename = "netbus-auth-bypass.nse", categories = { "auth", "safe", "vuln", } }
 Entry { filename = "netbus-brute.nse", categories = { "auth", "intrusive", } }
 Entry { filename = "netbus-info.nse", categories = { "default", "discovery", "safe", } }