From b48cdbebfeef59ec030c985023e05bab36a568b0 Mon Sep 17 00:00:00 2001 From: kris Date: Tue, 4 Sep 2007 20:40:38 +0000 Subject: [PATCH] A couple changes to my HTTPpasswd.nse and HTTPtrace.nse scripts. In both I'm using a more object-oriented approach to methods, e.g. using response:find(..) rather than string.find(response, ..). And in HTTPtrace.nse, I'm changing a couple badly-named variable names in validate(). --- scripts/HTTPpasswd.nse | 20 ++++++++++---------- scripts/HTTPtrace.nse | 24 ++++++++++++------------ 2 files changed, 22 insertions(+), 22 deletions(-) diff --git a/scripts/HTTPpasswd.nse b/scripts/HTTPpasswd.nse index 4c9e7c63e..f8c5a0d3f 100644 --- a/scripts/HTTPpasswd.nse +++ b/scripts/HTTPpasswd.nse @@ -25,17 +25,17 @@ validate = function(response) -- Hopefully checking for only 200 won't bite me in the ass, but -- it's the only one that makes sense and I haven't seen it fail - if string.match(response, "HTTP/1.[01] 200") then - start, stop = string.find(response, "\r\n\r\n") - passwd = string.sub(response, stop+1) + if response:match("HTTP/1.[01] 200") then + start, stop = response:find("\r\n\r\n") + passwd = response:sub(stop + 1) else return end - start, stop = string.find(passwd, "[\r\n]") - line = string.sub(passwd, 1, stop) + start, stop = passwd:find("[\r\n]") + line = passwd:sub(1, stop) - if string.match(line, "^[^:]+:[^:]*:[0-9]+:[0-9]+:") then + if line:match("^[^:]+:[^:]*:[0-9]+:[0-9]+:") then return passwd end @@ -76,16 +76,16 @@ end hexify = function(str) local ret - ret = string.gsub(str, "%.", "%%2E") - ret = string.gsub(ret, "/", "%%2F") - ret = string.gsub(ret, "\\", "%%5C") + ret = str:gsub("%.", "%%2E") + ret = ret:gsub("/", "%%2F") + ret = ret:gsub("\\", "%%5C") return ret end -- Returns truncated passwd file and returned length truncatePasswd = function(passwd) local len = 250 - return string.sub(passwd, 1, len), len + return passwd:sub(1, len), len end output = function(passwd, dir) diff --git a/scripts/HTTPtrace.nse b/scripts/HTTPtrace.nse index cbf3f40d5..80b67e018 100644 --- a/scripts/HTTPtrace.nse +++ b/scripts/HTTPtrace.nse @@ -33,27 +33,27 @@ end validate = function(response, original) local start, stop - local data + local body - if not string.match(response, "HTTP/1.[01] 200") or - not string.match(response, "TRACE / HTTP/1.0") then + if not response:match("HTTP/1.[01] 200") or + not response:match("TRACE / HTTP/1.0") then return end - start, stop = string.find(response, "\r\n\r\n") - data = string.sub(response, stop + 1) + start, stop = response:find("\r\n\r\n") + body = response:sub(stop + 1) - if original ~= data then + if original ~= body then local output = "Response differs from request. " - if string.match(data, "^TRACE / HTTP/1.0\r\n") then - local sub = string.sub(data, 19) -- skip TRACE line + if body:match("^TRACE / HTTP/1.0\r\n") then + local extra = body:sub(19) -- skip TRACE line local tab = {} -- Skip extra newline at the end (making sure it's there) - sub = string.gsub(sub, "\r\n\r\n$", "\r\n") + extra = extra:gsub("\r\n\r\n$", "\r\n") - tab = stdnse.strsplit("\r\n", sub) + tab = stdnse.strsplit("\r\n", extra) if #tab > 5 then output = output .. "First 5 additional lines:\n" @@ -61,13 +61,13 @@ validate = function(response, original) end output = output .. "Additional lines:\n" - return output .. sub .. "\n" + return output .. extra .. "\n" end -- This shouldn't happen output = output .. "Full response:\n" - return output .. data .. "\n" + return output .. body .. "\n" end return