PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-14 11:49:01 +00:00
Code Issues Projects Releases Wiki Activity

Significant changes, both bugfixes and best practice changes, to smb-psexec.nse. Primarily:

Browse Source 
o It no longer uses the global environment to store the modules table
o It now uses loadfile() to load the configuration files, which follows best practices better
o The module() line at the top of the configuration files is no longer required, but if it exists all that happens is a warning is printed
o Worked around what appears to be a bug in one person's Nmap install where absolute paths didn't resolve properly -- I couldn't replicate, but he confirmed it was fixed
This commit is contained in:
ron
2010-08-07 19:36:47 +00:00
parent 1f9b7228ee
commit 934cf2edf0
9 changed files with 35 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
nselib/data/psexec/backdoor.lua
View File

@@ -1,4 +1,3 @@
module(... or "backdoor", package.seeall)
---This config file is designed for adding a backdoor to the system. It has a few ---This config file is designed for adding a backdoor to the system. It has a few
-- options by default, only one enabled by default. I suggest -- options by default, only one enabled by default. I suggest
-- --

1
nselib/data/psexec/default.lua
View File

@@ -1,4 +1,3 @@
module(... or "network", package.seeall)
---This is the default configuration file. It simply runs some built-in Window ---This is the default configuration file. It simply runs some built-in Window
-- programs to gather information about the remote system. It's intended to be -- programs to gather information about the remote system. It's intended to be
-- simple, demonstrate some of the concepts, and not break/alte anything. -- simple, demonstrate some of the concepts, and not break/alte anything.

1
nselib/data/psexec/drives.lua
View File

@@ -1,4 +1,3 @@
module(... or "drive", package.seeall)
---This configuration file pulls info about a given harddrive ---This configuration file pulls info about a given harddrive
-- Any variable in the 'config' table in smb-psexec.nse can be overriden in the -- Any variable in the 'config' table in smb-psexec.nse can be overriden in the

1
nselib/data/psexec/examples.lua
View File

@@ -1,4 +1,3 @@
module(... or "default", package.seeall)
---This configuration file contains the examples given in smb-psexec.nse. ---This configuration file contains the examples given in smb-psexec.nse.
-- Any variable in the 'config' table in smb-psexec.nse can be overriden in the -- Any variable in the 'config' table in smb-psexec.nse can be overriden in the

1
nselib/data/psexec/experimental.lua
View File

@@ -1,4 +1,3 @@
module(... or "experimental", package.seeall)
---This is the configuration file for modules that aren't quite ready for prime ---This is the configuration file for modules that aren't quite ready for prime
-- time yet. -- time yet.

1
nselib/data/psexec/network.lua
View File

@@ -1,4 +1,3 @@
module(... or "default", package.seeall)
---More verbose network scripts ---More verbose network scripts
-- Any variable in the 'config' table in smb-psexec.nse can be overriden in the -- Any variable in the 'config' table in smb-psexec.nse can be overriden in the

1
nselib/data/psexec/pwdump.lua
View File

@@ -1,4 +1,3 @@
module(... or "pwdump", package.seeall)
---This config file is designed for running password-dumping scripts. So far, ---This config file is designed for running password-dumping scripts. So far,
-- it supports pwdump6 2.0.0 and fgdump. -- it supports pwdump6 2.0.0 and fgdump.
-- --

19
nselib/smb.lua
View File

@@ -2209,9 +2209,19 @@ function file_upload(host, localfile, share, remotefile, overrides, encoded)
local status, err, smbstate local status, err, smbstate
local chunk = 1024 local chunk = 1024
local filename = nmap.fetchfile(localfile) -- Attempt to open a handle to the file without adding a path to it
if(filename == nil) then local handle = io.open(localfile, "r")
return false, "Couldn't find the file"
-- If the open failed, try to search for the file
if(not(handle)) then
stdnse.print_debug(1, "Couldn't open %s directly, searching Nmap's paths...", localfile)
local filename = nmap.fetchfile(localfile)
-- Check if it was found
if(filename == nil) then
return false, string.format("Couldn't find the file to upload (%s)", localfile)
end
handle = io.open(filename, "r")
end end
-- Create the SMB session -- Create the SMB session
@@ -2220,10 +2230,9 @@ function file_upload(host, localfile, share, remotefile, overrides, encoded)
return false, smbstate return false, smbstate
end end
local handle = io.open(filename, "r")
local data = handle:read(chunk)
local i = 0 local i = 0
local data = handle:read(chunk)
while(data ~= nil and #data > 0) do while(data ~= nil and #data > 0) do
if(encoded) then if(encoded) then

29
scripts/smb-psexec.nse
View File

@@ -661,10 +661,10 @@ end
--@param config A table to fill with configuration values. --@param config A table to fill with configuration values.
--@return status true or false --@return status true or false
--@return config The configuration table or an error message. --@return config The configuration table or an error message.
--require 'nsedebug'
local function get_config(host, config) local function get_config(host, config)
local status local status
local filename = nmap.registry.args.config local filename = nmap.registry.args.config
local settings_file
config.enabled_modules = {} config.enabled_modules = {}
config.disabled_modules = {} config.disabled_modules = {}
@@ -676,11 +676,17 @@ local function get_config(host, config)
-- Load the config file -- Load the config file
stdnse.print_debug(1, "smb-psexec: Attempting to load config file: %s", filename) stdnse.print_debug(1, "smb-psexec: Attempting to load config file: %s", filename)
settings_file = require(string.sub(filename, 1, #filename - 4)) local file = loadfile(filename)
if(not(settings_file)) then if(not(file)) then
return false, "Couldn't load the configuration file" return false, "Couldn't load module file:\n" .. filename
end end
-- Run the config file
setfenv(file, setmetatable({modules = {}; overrides = {}; module = function() stdnse.print_debug(1, "WARNING: Selected config file contains an unnecessary call to module()") end}, {__index = _G}))
file()
local modules = getfenv(file)["modules"]
local overrides = getfenv(file)["overrides"]
-- Generate a cipher key -- Generate a cipher key
if(nmap.registry.args.nocipher == "1" or nmap.registry.args.nocipher == "true") then if(nmap.registry.args.nocipher == "1" or nmap.registry.args.nocipher == "true") then
config.key = "" config.key = ""
@@ -717,14 +723,21 @@ local function get_config(host, config)
return false, service_name return false, service_name
end end
-- Make sure the modules loaded properly
-- NOTE: If you're here because of an error that 'modules' is undefined, it's likely because your configuration file doesn't have a
-- proper modules table, or your configuration file has a module() declaration at the top.
if(not(modules) or #modules == 0) then
return false, string.format("Configuration file (%s) doesn't have a proper 'modules' table.", filename)
end
-- Make sure we got a proper modules array -- Make sure we got a proper modules array
if(type(settings_file.modules) ~= "table") then if(type(modules) ~= "table") then
return false, string.format("The chosen configuration file, %s.lua, doesn't have a proper 'modules' table. If possible, it should be modified to have a public array called 'modules' that contains a list of all modules that will be run.", filename) return false, string.format("The chosen configuration file, %s.lua, doesn't have a proper 'modules' table. If possible, it should be modified to have a public array called 'modules' that contains a list of all modules that will be run.", filename)
end end
-- Loop through the modules for some pre-processing -- Loop through the modules for some pre-processing
stdnse.print_debug(1, "smb-psexec: Verifying uploadable executables exist") stdnse.print_debug(1, "smb-psexec: Verifying uploadable executables exist")
for i, mod in ipairs(settings_file.modules) do for i, mod in ipairs(modules) do
local enabled = true local enabled = true
-- Do some sanity checking -- Do some sanity checking
if(mod.program == nil) then if(mod.program == nil) then
@@ -877,8 +890,8 @@ local function get_config(host, config)
stdnse.print_debug(1, "smb-psexec: Timeout waiting for a response is %d seconds", config.timeout) stdnse.print_debug(1, "smb-psexec: Timeout waiting for a response is %d seconds", config.timeout)
-- Do config overrides -- Do config overrides
if(settings_file.overrides) then if(overrides) then
config = do_overrides(config, settings_file.overrides) config = do_overrides(config, overrides)
end end
-- Replace variable values in the configuration (this has to go last) -- Replace variable values in the configuration (this has to go last)