From a14ab3c637c517a9adc8d1f8e8226a279c151c97 Mon Sep 17 00:00:00 2001 From: joao Date: Thu, 16 Jul 2009 22:54:38 +0000 Subject: [PATCH] Fixing locals/globals on following scripts - telnet-brute.nse required a small refactoring to fix the use of a global variable called soc --- scripts/http-trace.nse | 22 +++++++++++----------- scripts/irc-info.nse | 4 ++-- scripts/robots.txt.nse | 6 ++++-- scripts/telnet-brute.nse | 14 +++++++------- 4 files changed, 24 insertions(+), 22 deletions(-) diff --git a/scripts/http-trace.nse b/scripts/http-trace.nse index 34d50a5dc..fd410ef8e 100644 --- a/scripts/http-trace.nse +++ b/scripts/http-trace.nse @@ -29,11 +29,13 @@ require "stdnse" --@param tab The table to truncate. --@return Truncated, formatted table. local truncate = function(tab) - return tab[1] .. "\n" .. - tab[2] .. "\n" .. - tab[3] .. "\n" .. - tab[4] .. "\n" .. - tab[5] .. "\n"; + local str = "" + str = str .. tab[1] .. "\n" + str = str .. tab[2] .. "\n" + str = str .. tab[3] .. "\n" + str = str .. tab[4] .. "\n" + str = str .. tab[5] .. "\n" + return str end --- Validates the HTTP response and checks for modifications. @@ -83,17 +85,15 @@ local validate = function(response, original) return end -portrule = shortport.port_or_service({80, 8080}, "http") +portrule = shortport.port_or_service({80, 8080, 443}, {"http", "https"}) action = function(host, port) local cmd = "TRACE / HTTP/1.0\r\n\r\n" - local status, response = comm.exchange(host, port, cmd, {lines=1,timeout=5000}) - - if not status then + local sd, response = comm.tryssl(host, port, cmd, false) + if not sd then + stdnse.print_debug("Unable to open connection") return end - return validate(response, cmd) end - diff --git a/scripts/irc-info.nse b/scripts/irc-info.nse index fdc0ff11f..cf5a6dfe8 100644 --- a/scripts/irc-info.nse +++ b/scripts/irc-info.nse @@ -27,7 +27,7 @@ require("comm") portrule = shortport.port_or_service({6666,6667,6697,6679},{"irc","ircs"}) -init = function() +local init = function() -- Start of MOTD, we'll take the server name from here nmap.registry.ircserverinfo_375 = nmap.registry.ircserverinfo_375 or pcre.new("^:([\\w-_.]+) 375", 0, "C") @@ -117,7 +117,7 @@ action = function(host, port) init() - sd, line = comm.tryssl(host, port, "USER nmap +iw nmap :Nmap Wuz Here\nNICK " .. curr_nick .. "\n") + local sd, line = comm.tryssl(host, port, "USER nmap +iw nmap :Nmap Wuz Here\nNICK " .. curr_nick .. "\n") if not sd then return "Unable to open connection" end buf = stdnse.make_buffer(sd, "\r?\n") diff --git a/scripts/robots.txt.nse b/scripts/robots.txt.nse index 6a31512e3..a3098515d 100644 --- a/scripts/robots.txt.nse +++ b/scripts/robots.txt.nse @@ -26,11 +26,12 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"default", "discovery", "safe"} runlevel = 1.0 -portrule = shortport.port_or_service({80, 8080}, {"http"}) +portrule = shortport.port_or_service({80, 8080,443}, {"http","https"}) local last_len = 0 -- split the output in 50 character length lines local function buildOutput(output, w) + local nl if w:len() == 0 then return nil @@ -68,6 +69,7 @@ local function parse_robots(body, output) end action = function(host, port) + local dis_count, noun local answer = http.get(host, port, "/robots.txt" ) if answer.status ~= 200 then @@ -99,7 +101,7 @@ action = function(host, port) noun = dis_count == 1 and "entry " or "entries " - shown = (detail == 0 or detail == dis_count) + local shown = (detail == 0 or detail == dis_count) and "\n" or '(' .. detail .. ' shown)\n' return "has " .. dis_count .. " disallowed " .. noun .. diff --git a/scripts/telnet-brute.nse b/scripts/telnet-brute.nse index 9cd5bad4a..d03bee620 100644 --- a/scripts/telnet-brute.nse +++ b/scripts/telnet-brute.nse @@ -73,7 +73,7 @@ end --- -- Go through telnet's option palaver so we can get to the login prompt. -- We just deny every options the server asks us about. -local negotiate_options = function(result) +local negotiate_options = function(result, soc) local index, x, opttype, opt, retbuf index = 0 @@ -111,7 +111,7 @@ end -- server. Through pattern matching, it tries to deem if a user/pass -- pair is valid. Telnet does not have a way of telling the client -- if it was authenticated....so we have to make an educated guess -local brute_line = function(line, user, pass, usent) +local brute_line = function(line, user, pass, usent, soc) if (line:find 'incorrect' or line:find 'failed' or line:find 'denied' or line:find 'invalid' or line:find 'bad') and usent then @@ -148,7 +148,7 @@ return value: (4, nil) - disconnected and didn't send pair --]] -local brute_cred = function(user, pass) +local brute_cred = function(user, pass, soc) local status, ret, value, usent, results usent = false ; ret = 0 @@ -164,13 +164,13 @@ local brute_cred = function(user, pass) end if (string.byte(results, 1) == 255) then - negotiate_options(results) + negotiate_options(results, soc) end results = string.lower(results) for line in results:gmatch '[^\r\n]+' do - ret, value, usent = brute_line(line, user, pass, usent) + ret, value, usent = brute_line(line, user, pass, usent, soc) if (ret > 0) then return ret, value end @@ -188,7 +188,7 @@ action = function(host, port) local opts = {timeout=4000} - soc, line, best_opt = comm.tryssl(host, port, "\n",opts) + local soc, line, best_opt = comm.tryssl(host, port, "\n",opts) if not soc then return "Unable to open connection" end -- continually try user/pass pairs (reconnecting, if we have to) @@ -212,7 +212,7 @@ action = function(host, port) try(soc:connect(host.ip, port.number, best_opt)) end - status, pair = brute_cred(user, pass) + status, pair = brute_cred(user, pass, soc) end soc:close() return pair