PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2026-01-06 06:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Cleaned up the creation of the string payload.

Browse Source
This commit is contained in:
batrick
2008-12-09 06:00:50 +00:00
parent f08596bf49
commit 88419b0c6e
1 changed files with 20 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
scripts/pptp-version.nse
View File

@@ -15,31 +15,29 @@ require "shortport"
portrule = shortport.portnumber(1723)
action = function(host, port)
local payload
-- build a PPTP Start-Control-Connection-Request packet
-- copied from packet capture of pptp exchange
-- for details of packet structure, see http://www.ietf.org/rfc/rfc2637.txt
payload = "\000\156\000\001\026\043\060\077" -- length=156, Message type=control, cookie
payload = payload .. "\000\001\000\000\001\000\000\000" -- Control type=Start-Control-Connection-Request, Reserved, Protocol=1.0, Reserverd
payload = payload .. "\000\000\000\001\000\000\000\001" -- Framing Capabilities, Bearer Capabilities
payload = payload .. "\255\255\000\001" .. "none" -- Maximum channels, firmware version, hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for hostname
payload = payload .. "\000\000\000\000" .. "nmap" -- padding for hostname, vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name
payload = payload .. "\000\000\000\000" -- padding for vendor name
local payload = "\000\156\000\001\026\043\060\077" .. -- length=156, Message type=control, cookie
"\000\001\000\000\001\000\000\000" .. -- Control type=Start-Control-Connection-Request, Reserved, Protocol=1.0, Reserverd
"\000\000\000\001\000\000\000\001" .. -- Framing Capabilities, Bearer Capabilities
"\255\255\000\001" .. "none" .. -- Maximum channels, firmware version, hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000\000\000\000\000" .. -- padding for hostname
"\000\000\000\000" .. "nmap" .. -- padding for hostname, vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000\000\000\000\000" .. -- padding for vendor name
"\000\000\000\000"; -- padding for vendor name
local try = nmap.new_try()
local response = try(comm.exchange(host, port, payload, {timeout=5000}))