Fixing locals/globals on following scripts

- telnet-brute.nse required a small refactoring to fix the use of a global variable called soc
2025-12-06 04:31:29 +00:00 · 2009-07-16 22:54:38 +00:00
parent 4d9094fb21
commit a14ab3c637
4 changed files with 24 additions and 22 deletions
--- a/scripts/http-trace.nse
+++ b/scripts/http-trace.nse
@@ -29,11 +29,13 @@ require "stdnse"
 --@param tab The table to truncate.
 --@return Truncated, formatted table.
 local truncate = function(tab)
-    return tab[1] .. "\n" ..
-           tab[2] .. "\n" ..
-           tab[3] .. "\n" ..
-           tab[4] .. "\n" ..
-           tab[5] .. "\n";
+	local str = ""
+	str = str .. tab[1] .. "\n"
+	str = str .. tab[2] .. "\n"
+	str = str .. tab[3] .. "\n"
+	str = str .. tab[4] .. "\n"
+	str = str .. tab[5] .. "\n"
+	return str
 end

 --- Validates the HTTP response and checks for modifications.
@@ -83,17 +85,15 @@ local validate = function(response, original)
 	return
 end

-portrule = shortport.port_or_service({80, 8080}, "http")
+portrule = shortport.port_or_service({80, 8080, 443}, {"http", "https"})

 action = function(host, port)
 	local cmd = "TRACE / HTTP/1.0\r\n\r\n"

-	local status, response = comm.exchange(host, port, cmd, {lines=1,timeout=5000})
-
-	if not status then
+	local sd, response = comm.tryssl(host, port, cmd, false)
+	if not sd then 
+		stdnse.print_debug("Unable to open connection") 
 		return
 	end
-
 	return validate(response, cmd)
 end
-
--- a/scripts/irc-info.nse
+++ b/scripts/irc-info.nse
@@ -27,7 +27,7 @@ require("comm")

 portrule = shortport.port_or_service({6666,6667,6697,6679},{"irc","ircs"})

-init = function()
+local init = function()
  -- Start of MOTD, we'll take the server name from here
  nmap.registry.ircserverinfo_375 = nmap.registry.ircserverinfo_375
    or pcre.new("^:([\\w-_.]+) 375", 0, "C")
@@ -117,7 +117,7 @@ action = function(host, port)

  init()

-  sd, line = comm.tryssl(host, port, "USER nmap +iw nmap :Nmap Wuz Here\nNICK " .. curr_nick .. "\n")
+  local sd, line = comm.tryssl(host, port, "USER nmap +iw nmap :Nmap Wuz Here\nNICK " .. curr_nick .. "\n")
  if not sd then return "Unable to open connection" end

  buf = stdnse.make_buffer(sd, "\r?\n")
--- a/scripts/robots.txt.nse
+++ b/scripts/robots.txt.nse
@@ -26,11 +26,12 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
 categories = {"default", "discovery", "safe"}
 runlevel = 1.0

-portrule = shortport.port_or_service({80, 8080}, {"http"})
+portrule = shortport.port_or_service({80, 8080,443}, {"http","https"})
 local last_len = 0

 -- split the output in 50 character length lines 
 local function buildOutput(output, w)
+        local nl

 	if w:len() == 0 then
 		return nil
@@ -68,6 +69,7 @@ local function parse_robots(body, output)
 end

 action = function(host, port)
+        local dis_count, noun 
 	local answer = http.get(host, port, "/robots.txt" )

 	if answer.status ~= 200 then
@@ -99,7 +101,7 @@ action = function(host, port)

 	noun = dis_count == 1 and "entry " or "entries "

-	shown = (detail == 0 or detail == dis_count) 
+	local shown = (detail == 0 or detail == dis_count) 
                 and "\n" or '(' .. detail .. ' shown)\n'

 	return "has " .. dis_count .. " disallowed " .. noun ..
--- a/scripts/telnet-brute.nse
+++ b/scripts/telnet-brute.nse
@@ -73,7 +73,7 @@ end
 ---
 -- Go through telnet's option palaver so we can get to the login prompt.
 -- We just deny every options the server asks us about.
-local negotiate_options = function(result)
+local negotiate_options = function(result, soc)
 	local index, x, opttype, opt, retbuf

 	index = 0
@@ -111,7 +111,7 @@ end
 -- server. Through pattern matching, it tries to deem if a user/pass
 -- pair is valid. Telnet does not have a way of telling the client
 -- if it was authenticated....so we have to make an educated guess
-local brute_line = function(line, user, pass, usent)
+local brute_line = function(line, user, pass, usent, soc)

 	if (line:find 'incorrect' or line:find 'failed' or line:find 'denied' or 
            line:find 'invalid' or line:find 'bad') and usent then
@@ -148,7 +148,7 @@ return value:
 	(4, nil)  	 - disconnected and didn't send pair
 --]]

-local brute_cred = function(user, pass)
+local brute_cred = function(user, pass, soc)
 	local status, ret, value, usent, results

 	usent = false ; ret = 0
@@ -164,13 +164,13 @@ local brute_cred = function(user, pass)
 		end

 		if (string.byte(results, 1) == 255) then
-			negotiate_options(results)
+			negotiate_options(results, soc)
 		end

 		results = string.lower(results)

 		for line in results:gmatch '[^\r\n]+' do 
-			ret, value, usent = brute_line(line, user, pass, usent)
+			ret, value, usent = brute_line(line, user, pass, usent, soc)
 			if (ret > 0) then
 				return ret, value
 			end
@@ -188,7 +188,7 @@ action = function(host, port)
 	
 	local opts = {timeout=4000}

-	soc, line, best_opt = comm.tryssl(host, port, "\n",opts)
+	local soc, line, best_opt = comm.tryssl(host, port, "\n",opts)
  	if not soc then return "Unable to open connection" end

 	-- continually try user/pass pairs (reconnecting, if we have to)
@@ -212,7 +212,7 @@ action = function(host, port)
 			try(soc:connect(host.ip, port.number, best_opt))
 		end

-		status, pair = brute_cred(user, pass)
+		status, pair = brute_cred(user, pass, soc)
 	end
 	soc:close()
 	return pair