PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-16 20:59:02 +00:00
Code Issues Projects Releases Wiki Activity

code re-factoring and cleanup

Browse Source
This commit is contained in:
patrik
2012-10-10 22:19:49 +00:00
parent e2fb7301de
commit 89dab3fe14
1 changed files with 169 additions and 258 deletions
Download Patch File Download Diff File Expand all files Collapse all files

239
nselib/tns.lua
View File

@@ -25,8 +25,7 @@
-- contain a function to parse the servers response.
--
-- o Comm
-- - Implements a number of functions to handle communication over the
-- the TNSSocket class.
-- - Implements a number of functions to handle communication
--
-- o Crypt
-- - Implements encryption algorithms and functions to support
@@ -35,10 +34,6 @@
-- o Helper
-- - A helper class that provides easy access to the rest of the library
--
-- o TNSSocket
-- - This is a copy of the DB2Socket class which provides fundamental
-- buffering
--
--
-- Example
-- -------
@@ -117,6 +112,7 @@
local bin = require "bin"
local bit = require "bit"
local math = require "math"
local match = require "match"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
@@ -141,17 +137,15 @@ AuthOptions =
-- Creates a new AuthOptions instance
-- @return o new instance of AuthOptions
new = function( self )
local o = {}
local o = {
auth_term = "pts/" .. math.random(255),
auth_prog = ("sqlplus@nmap_%d (TNS V1-V3)"):format(math.random(32768)),
auth_machine = "nmap_target",
auth_pid = "" .. math.random(32768),
auth_sid = "nmap_" .. math.random(32768)
}
setmetatable(o, self)
self.__index = self
o.auth_user = nil
o.auth_term = "pts/" .. math.random(255)
o.auth_prog = ("sqlplus@nmap_%d (TNS V1-V3)"):format(math.random(32768))
o.auth_machine = "nmap_target"
o.auth_pid = "" .. math.random(32768)
o.auth_sid = "nmap_" .. math.random(32768)
return o
end,
@@ -188,10 +182,7 @@ DataTypeDecoders = {
bytes = convert_bytes(bytes, positive)
local k = ( #bytes - 1 > bytes[1] +1 ) and
( bytes[1] + 1 ) or
#bytes - 1
local k = ( #bytes - 1 > bytes[1] +1 ) and ( bytes[1] + 1 ) or #bytes - 1
local l = 0
for m=1, k do l = l * 100 + bytes[m+1] end
for m=bytes[1]-#bytes - 1, 0, -1 do l = l * 100 end
@@ -250,11 +241,12 @@ Packet.TNS = {
MARKER = 12,
},
new = function( self, sock )
local o = {}
new = function( self, typ )
local o = {
type = typ
}
setmetatable(o, self)
self.__index = self
o.socket = sock
return o
end,
@@ -263,23 +255,23 @@ Packet.TNS = {
-- @return true on success, false on failure
-- @return err string containing error message on failure
recv = function( self )
local _
local status, data = self.socket:recv( 2 )
local status, data = self.socket:receive_buf( match.numbytes(2), true )
if ( not(status) ) then
return status, data
end
local _
_, self.length = bin.unpack(">S", data )
status, data = self.socket:recv( 6 ) -- self.length - 2 )
status, data = self.socket:receive_buf( match.numbytes(6), true )
if ( not(status) ) then
return status, data
end
_, self.checksum, self.type, self.reserved, self.hdr_checksum = bin.unpack(">SCCS", data)
status, data = self.socket:recv( self.length - 8)
status, data = self.socket:receive_buf( match.numbytes(self.length - 8), true )
if ( status ) then
self.data = data
end
@@ -287,12 +279,19 @@ Packet.TNS = {
return true
end,
parse = function(data)
local tns = Packet.TNS:new()
local pos
pos, tns.length, tns.checksum, tns.type, tns.reserved, tns.hdr_checksum = bin.unpack(">SSCCS", data)
pos, tns.data = bin.unpack("A" .. ( tns.length - 8 ), data, pos)
return tns
end,
--- Converts the TNS packet to string suitable to be sent over the socket
--
-- @return string containing the TNS packet
__tostring = function( self )
local data = bin.pack(">SSCCSA", self.length, self.checksum, self.type,
self.reserved, self.hdr_checksum, self.data )
local data = bin.pack(">SSCCSA", self.length, self.checksum, self.type, self.reserved, self.hdr_checksum, self.data )
return data
end,
@@ -393,14 +392,13 @@ Packet.Data = {
-- Createas a new Data instance
-- @return o new instance of Data
new = function( self, sock, data )
local o = {}
new = function( self, data )
local o = {
TNS = Packet.TNS:new( Packet.TNS.Type.DATA ),
data = data
}
setmetatable(o, self)
self.__index = self
o.TNS = Packet.TNS:new( sock )
o.TNS.type = Packet.TNS.Type.DATA
o.socket = sock
o.data = data
return o
end,
@@ -444,7 +442,6 @@ Packet.PreAuth = {
tns_type = Packet.TNS.Type.DATA,
flags = 0,
param_order = {
{ ["AUTH_TERMINAL"] = "auth_term" },
{ ["AUTH_PROGRAM_NM"] = "auth_prog" },
@@ -453,7 +450,6 @@ Packet.PreAuth = {
{ ["AUTH_SID"] = "auth_sid" }
},
--- Creates a new PreAuth packet
--
-- @param user string containing the user name
@@ -495,15 +491,12 @@ Packet.PreAuth = {
-- @param tns Packet.TNS containing the TNS packet recieved from the server
-- @return table containing the keys and values returned by the server
parseResponse = function( self, tns )
local kvp_count, key, val, kvp_flags
local kvps = {}
local pos = 4
pos, kvp_count = bin.unpack( "C", tns.data, pos )
local pos, kvp_count = bin.unpack( "C", tns.data, 4 )
pos = 6
for kvp_itr=1, kvp_count do
local key, val, kvp_flags
pos, key, val, kvp_flags = Marshaller.unmarshalKvp( tns.data, pos )
-- we don't actually do anything with the flags currently, but they're there
kvps[key] = val
@@ -519,8 +512,6 @@ Packet.Auth = {
tns_type = Packet.TNS.Type.DATA,
flags = 0,
param_order = {
{ ['key'] = "AUTH_RTT", ['def'] = "25456" },
{ ['key'] = "AUTH_CLNT_MEM", ['def'] = "4096" },
@@ -588,14 +579,12 @@ Packet.Auth = {
-- @param tns Packet.TNS containing the TNS packet recieved from the server
-- @return table containing the key pair values from the Auth packet
parseResponse = function( self, tns )
local kvp_count, key, val, kvp_flags
local kvps = {}
local pos = 4
pos, kvp_count = bin.unpack( "C", tns.data, pos )
local pos, kvp_count = bin.unpack( "C", tns.data, 4 )
pos = 6
for kvp_itr=1, kvp_count do
local key, val, kvp_flags
pos, key, val, kvp_flags = Marshaller.unmarshalKvp( tns.data, pos )
-- we don't actually do anything with the flags currently, but they're there
kvps[key] = val
@@ -662,9 +651,7 @@ Packet.ProtoNeg = {
--
-- @param tns Packet.TNS containing the response from the server
parseResponse = function( self, tns )
local flags, neg, ver, srv, pos, _
pos, flags, neg, ver, _, srv = bin.unpack(">SCCCz", tns.data)
local pos, flags, neg, ver, _, srv = bin.unpack(">SCCCz", tns.data)
if ( neg ~= 1 ) then
return false, "Error protocol negotiation failed"
end
@@ -672,7 +659,6 @@ Packet.ProtoNeg = {
if ( ver ~= 6 ) then
return false, ("Error protocol version (%d) not supported"):format(ver)
end
return true, srv
end
@@ -1189,14 +1175,9 @@ Marshaller = {
-- @param flags The flags
-- @return A binary packed string representing the KVP structure
marshalKvp = function( key, value, flags )
flags = flags or 0
local result = ""
result = result .. Marshaller.marshalKvpComponent( key )
result = result .. Marshaller.marshalKvpComponent( value )
result = result .. bin.pack( "<I", flags )
return result
return Marshaller.marshalKvpComponent( key ) ..
Marshaller.marshalKvpComponent( value ) ..
bin.pack( "<I", ( flags or 0 ) )
end,
--- Parses a TNS key-value pair data structure.
@@ -1250,7 +1231,6 @@ Marshaller = {
local write_value = value:sub( 1, write_length )
-- ...and remove that piece from the remaining string
value = value:sub( write_length + 1 )
result = result .. bin.pack( "p", write_value )
end
@@ -1311,8 +1291,9 @@ Comm = {
-- @return new instance of Comm
new = function(self, socket)
local o = {
tnssocket = socket,
data_counter = 06 }
socket = socket,
data_counter = 06
}
setmetatable(o, self)
self.__index = self
return o
@@ -1324,8 +1305,7 @@ Comm = {
-- @return Status (true or false).
-- @return Error code (if status is false).
sendTNSPacket = function( self, pkt )
local tns = Packet.TNS:new( self.tnssocket )
tns.type = pkt.tns_type
local tns = Packet.TNS:new( pkt.tns_type )
if ( pkt.setCounter ) then
pkt:setCounter(self.data_counter)
self.data_counter = self.data_counter + 1
@@ -1336,7 +1316,7 @@ Comm = {
-- buffer incase of RESEND
self.pkt = pkt
return self.tnssocket:send( tostring(tns) )
return self.socket:send( tostring(tns) )
end,
--- Handles communication when a MARKER packet is recieved and retrieves
@@ -1346,7 +1326,6 @@ Comm = {
-- @return msg containing the error message
handleMarker = function( self )
local status, tns = self:recvTNSPacket()
local pos, msg, b1
if ( not(status) or tns.type ~= Packet.TNS.Type.MARKER ) then
return false, "ERROR: failed to handle marker sent by server"
@@ -1365,15 +1344,11 @@ Comm = {
-- check if byte 12 is set or not, this should help us distinguish the offset
-- to the error message in Oracle 10g and 11g
pos, b1 = bin.unpack("C", tns.data, 10)
if( b1 == 1 ) then
pos = 99
else
pos = 69
end
local pos, b1 = bin.unpack("C", tns.data, 10)
pos = (b1 == 1) and 99 or 69
-- fetch the oracle error and return it
local msg
pos, msg = bin.unpack("p", tns.data, pos )
return false, msg
@@ -1384,11 +1359,25 @@ Comm = {
-- @return status true on success, false on failure
-- @return tns Packet.TNS containing the recieved packet or err on failure
recvTNSPacket = function( self )
local tns = Packet.TNS:new( self.tnssocket )
local tns
local retries = 5
repeat
local status = tns:recv()
local function recv()
local status, header = self.socket:receive_buf( match.numbytes(8), true )
if ( not(status) ) then return status, header end
local _, length = bin.unpack(">S", header )
local status, data = self.socket:receive_buf( match.numbytes(length - 8), true )
if ( not(status) ) then
return false, data
else
return status, Packet.TNS.parse(header .. data)
end
end
local status
status, tns = recv()
if ( not(status) ) then
if ( retries == 0 ) then
return false, "ERROR: recvTNSPacket failed to receive TNS headers"
@@ -1465,7 +1454,6 @@ Crypt = {
HashPassword10g = function( self, username, password )
local uspw = ( username .. password ):gsub("(%w)", "\0%1")
local key = bin.pack("H", "0123456789abcdef")
local enc, iv2, hash
-- do padding
if ( #uspw % 8 > 0 ) then
@@ -1474,8 +1462,8 @@ Crypt = {
end
end
iv2 = openssl.encrypt( "DES-CBC", key, nil, uspw, false ):sub(-8)
enc = openssl.encrypt( "DES-CBC", iv2, nil, uspw, false ):sub(-8)
local iv2 = openssl.encrypt( "DES-CBC", key, nil, uspw, false ):sub(-8)
local enc = openssl.encrypt( "DES-CBC", iv2, nil, uspw, false ):sub(-8)
return enc
end,
@@ -1527,9 +1515,7 @@ Crypt = {
combined_sesskey = combined_sesskey .. string.char( bit.bxor( string.byte(srv_sesskey, i), string.byte(cli_sesskey, i) ) )
end
combined_sesskey = openssl.md5( combined_sesskey )
auth_pass = openssl.encrypt("AES-128-CBC", combined_sesskey, nil, rnd .. pass, true )
auth_pass = select(2, bin.unpack("H" .. #auth_pass, auth_pass))
cli_sesskey_enc = select(2, bin.unpack("H" .. #cli_sesskey_enc, cli_sesskey_enc))
return cli_sesskey_enc, auth_pass
@@ -1584,12 +1570,10 @@ Helper = {
local o = {
host = host,
port = port,
tnssocket = TNSSocket:new(),
-- fallback to the common ORCL instance if none was supplied
dbinstance = instance or
stdnse.get_script_args('tns.sid') or
"orcl"
socket = nmap.new_socket(),
dbinstance = instance or stdnse.get_script_args('tns.sid') or "orcl"
}
o.socket:set_timeout(30000)
setmetatable(o, self)
self.__index = self
return o
@@ -1606,12 +1590,12 @@ Helper = {
"Linuxi386/Linux-2.0.34-8.1.0",
"x86_64/Linux 2.4.xx"
}
local status, data = self.tnssocket:connect( self.host.ip, self.port.number, "tcp" )
local status, data = self.socket:connect( self.host.ip, self.port.number, "tcp" )
local conn, packet, tns
if( not(status) ) then return status, data end
self.comm = Comm:new( self.tnssocket )
self.comm = Comm:new( self.socket )
status, self.version = self.comm:exchTNSPacket( Packet.Connect:new( self.host.ip, self.port.number, self.dbinstance ) )
if ( not(status) ) then return false, self.version end
@@ -1693,15 +1677,14 @@ Helper = {
-- @param cmd string containing the command to send to the server
-- @return data string containing the result recieved from the server
lsnrCtl = function( self, cmd )
local status, data = self.tnssocket:connect( self.host.ip, self.port.number, "tcp" )
local status, data = self.socket:connect( self.host.ip, self.port.number, "tcp" )
local conn, packet, tns, pkt
if( not(status) ) then
return status, data
end
self.comm = Comm:new( self.tnssocket )
self.comm = Comm:new( self.socket )
pkt = Packet.Connect:new( self.host.ip, self.port.number, self.dbinstance )
pkt:setCmd(cmd)
@@ -1768,8 +1751,7 @@ Helper = {
status, auth = self.comm:exchTNSPacket( Packet.PreAuth:new( user, auth_options, self.os ) )
if ( not(status) ) then
return false, auth
end
if ( auth["AUTH_SESSKEY"] ) then
elseif ( auth["AUTH_SESSKEY"] ) then
return true, auth
else
return false
@@ -1828,80 +1810,9 @@ Helper = {
Close = function( self )
-- We should probably stick some slick sqlplus termination stuff in here
local status = self.comm:sendTNSPacket( Packet.EOF:new( ) )
self.tnssocket:close()
self.socket:close()
end,
}
-- copy paste of DB2Socket aka VNCSocket
TNSSocket =
{
new = function(self)
local o = {}
setmetatable(o, self)
self.__index = self
o.Socket = nmap.new_socket()
-- We need this massive timeout due to Oracle 11g throttling of
-- repeated login attempts.
o.Socket:set_timeout(30000)
o.Buffer = nil
return o
end,
--- Establishes a connection.
--
-- @param hostid Hostname or IP address.
-- @param port Port number.
-- @param protocol <code>"tcp"</code>, <code>"udp"</code>, or
-- @return Status (true or false).
-- @return Error code (if status is false).
connect = function( self, hostid, port, protocol )
return self.Socket:connect( hostid, port, protocol )
end,
--- Closes an open connection.
--
-- @return Status (true or false).
-- @return Error code (if status is false).
close = function( self )
return self.Socket:close()
end,
--- Opposed to the <code>socket:receive_bytes</code> function, that returns
-- at least x bytes, this function returns the amount of bytes requested.
--
-- @param count of bytes to read
-- @return true on success, false on failure
-- @return data containing bytes read from the socket
-- err containing error message if status is false
recv = function( self, count )
local status, data
self.Buffer = self.Buffer or ""
if ( #self.Buffer < count ) then
status, data = self.Socket:receive_bytes( count - #self.Buffer )
if ( not(status) or #data < count - #self.Buffer ) then
return false, data
end
self.Buffer = self.Buffer .. data
end
data = self.Buffer:sub( 1, count )
self.Buffer = self.Buffer:sub( count + 1)
return true, data
end,
--- Sends data over the socket
--
-- @return Status (true or false).
-- @return Error code (if status is false).
send = function( self, data )
return self.Socket:send( data )
end,
}
return _ENV;