PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove bin.lua from more scripts

Browse Source
This commit is contained in:
dmiller
2018-09-06 14:20:31 +00:00
parent 8b371c3b96
commit c2ac2856d3
11 changed files with 59 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/broadcast-ataoe-discover.nse
View File

@@ -1,8 +1,8 @@
local bin = require "bin"
local math = require "math"
local nmap = require "nmap"
local packet = require "packet"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
description = [[
@@ -63,9 +63,9 @@ ATAoE = {
local header = ATAoE.Header:new()
local pos, verflags
pos, verflags, header.error,
verflags, header.error,
header.major, header.minor,
header.cmd, header.tag = bin.unpack(">CCSCCI", data)
header.cmd, header.tag, pos = string.unpack(">BBI2BBI4", data)
header.version = verflags >> 4
header.flags = verflags & 0x0F
return header
@@ -75,7 +75,7 @@ ATAoE = {
__tostring = function(self)
assert(self.tag, "No tag was specified in Config Info Request")
local verflags = self.version << 4
return bin.pack(">CCSCCI", verflags, self.error, self.major, self.minor, self.cmd, self.tag)
return string.pack(">BBI2BBI4", verflags, self.error, self.major, self.minor, self.cmd, self.tag)
end,
},
@@ -106,7 +106,7 @@ local function sendConfigInfoRequest(iface)
local p = packet.Frame:new()
p.mac_src = iface.mac
p.mac_dst = packet.mactobin(ETHER_BROADCAST)
p.ether_type = bin.pack(">S", P_ATAOE)
p.ether_type = string.pack(">I2", P_ATAOE)
p.buf = tostring(req)
p:build_ether_frame()

16
scripts/broadcast-ping.nse
View File

@@ -1,10 +1,10 @@
local bin = require "bin"
local coroutine = require "coroutine"
local ipOps = require "ipOps"
local nmap = require "nmap"
local packet = require "packet"
local stdnse = require "stdnse"
local tab = require "tab"
local string = require "string"
local table = require "table"
local target = require "target"
@@ -102,22 +102,24 @@ local icmp_packet = function(srcIP, dstIP, ttl, data_length, mtu, seqNo, icmp_id
end
-- Type=08; Code=00; Chksum=0000; ID=icmp_id; SeqNo=icmp_seqNo; Payload=icmp_payload(hex string);
local icmp_msg = bin.pack(">CCSASA", 8, 0, 0, icmp_id, seqNo, icmp_payload)
local icmp_msg = string.pack(">BBI2", 8, 0, 0) .. icmp_id .. string.pack("I2", seqNo) .. icmp_payload
local icmp_checksum = packet.in_cksum(icmp_msg)
icmp_msg = bin.pack(">CCSASA", 8, 0, icmp_checksum, icmp_id, seqNo, icmp_payload)
icmp_msg = string.pack(">BBI2", 8, 0, icmp_checksum) .. icmp_id .. string.pack("I2", seqNo) .. icmp_payload
--IP header
local ip_bin = bin.pack(">ASSACCx10", -- x10 = checksum & addresses
"\x45\x00", -- IPv4, no options, no DSCN, no ECN
local ip_bin = "\x45\x00", -- IPv4, no options, no DSCN, no ECN
string.pack(">I2I2",
20 + #icmp_msg, -- total length
0, -- IP ID
"\x40\x00", -- DF
0) -- IP ID
.. "\x40\x00" -- DF
.. string.pack("CC",
ttl,
1 -- ICMP
)
.. ("\0"):rep(10) -- checksum & addresses
-- IP+ICMP; Addresses and checksum need to be filled
local icmp_bin = ip_bin .. icmp_msg

9
scripts/krb5-enum-users.nse
View File

@@ -1,5 +1,4 @@
local asn1 = require "asn1"
local bin = require "bin"
local coroutine = require "coroutine"
local nmap = require "nmap"
local os = require "os"
@@ -140,9 +139,9 @@ KRB5 = {
local len = asn1.ASN1Encoder.encodeLength(#val[1])
if ( val._type and types[val._type] ) then
return bin.pack("CAA", types[val._type], len, val[1])
return string.pack("B", types[val._type]) .. len .. val[1]
elseif ( val._type and 'number' == type(val._type) ) then
return bin.pack("CAA", val._type, len, val[1])
return string.pack("B", val._type) .. len .. val[1]
end
end,
@@ -227,7 +226,7 @@ KRB5 = {
-- forwardable
local kdc_options = 0x40000000
data = bin.pack(">I", kdc_options) .. data
data = string.pack(">I4", kdc_options) .. data
-- add padding
data = '\0' .. data
@@ -245,7 +244,7 @@ KRB5 = {
data = self:encodeSequence(encoder, 0x6a, data)
if ( protocol == "tcp" ) then
data = bin.pack(">I", #data) .. data
data = string.pack(">s4", data)
end
return data

27
scripts/metasploit-msgrpc-brute.nse
View File

@@ -3,7 +3,6 @@ local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local http = require "http"
local bin = require "bin"
local creds = require "creds"
description = [[
@@ -38,25 +37,19 @@ categories = {"intrusive", "brute"}
portrule = shortport.port_or_service(55553,"metasploit-msgrpc")
-- returns a "prefix" that msgpack uses for strings
local get_prefix = function(data)
if #data <= 31 then
return string.pack("B", 0xa0 + #data)
else
return "\xda" .. string.pack(">I2", #data)
end
end
-- simple function that implements basic msgpack encoding we need for this script
-- see http://wiki.msgpack.org/display/MSGPACK/Format+specification for more
local encode = function(username, password)
local method = "auth.login"
local username_prefix
local password_prefix
if string.len(username) <= 31 then -- http://wiki.msgpack.org/display/MSGPACK/Format+specification#Formatspecification-fixraw
username_prefix = bin.pack("C",0xa0 + string.len(username))
else -- http://wiki.msgpack.org/display/MSGPACK/Format+specification#Formatspecification-raw16
username_prefix = "\xda" .. bin.pack(">s",string.len(username))
end
if string.len(password) <= 31 then
password_prefix = bin.pack("C",0xa0 + string.len(password))
else
password_prefix = "\xda" .. bin.pack(">s",string.len(password))
end
return "\x93\xaa" .. method .. username_prefix .. username .. password_prefix .. password
return "\x93\xaaauth.login" .. get_prefix(username) .. username .. get_prefix(password) .. password
end
Driver = {

8
scripts/mikrotik-routeros-brute.nse
View File

@@ -27,7 +27,6 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"}
local shortport = require "shortport"
local bin = require "bin"
local brute = require "brute"
local creds = require "creds"
local nmap = require "nmap"
@@ -55,7 +54,7 @@ Driver =
login = function( self, username, password )
local status, data, try
data = bin.pack("cAx", 0x6,"/login")
data = string.pack("s1x", "/login")
--Connect to service and obtain the challenge response
try = nmap.new_try(function() return false end)
@@ -67,10 +66,9 @@ Driver =
--If we find the challenge value we continue the connection process
if ret then
stdnse.debug1("Challenge value found:%s", ret)
local md5str = bin.pack("xAA", password, stdnse.fromhex( ret)) --appends pwd and challenge
local md5str = "\0" .. password .. stdnse.fromhex(ret) --appends pwd and challenge
local chksum = stdnse.tohex(openssl.md5(md5str))
local user_l = username:len()+6 --we add six because of the string "=name="
local login_pkt = bin.pack("cAcAcAx", 0x6, "/login", user_l, "=name="..username, 0x2c, "=response=00"..chksum)
local login_pkt = string.pack("s1s1s1x", "/login", "=name="..username, "=response=00"..chksum)
try(self.s:send(login_pkt))
data = try(self.s:receive_bytes(50))
stdnse.debug1("Response #2:%s", data)

8
scripts/modbus-discover.nse
View File

@@ -1,4 +1,3 @@
local bin = require "bin"
local comm = require "comm"
local nmap = require "nmap"
local shortport = require "shortport"
@@ -60,11 +59,11 @@ local form_rsid = function(sid, functionId, data)
if ( #data > 0 ) then
payload_len = payload_len + #data
end
return "\0\0\0\0\0" .. bin.pack('CCC', payload_len, sid, functionId) .. data
return "\0\0\0\0\0" .. string.pack('BBB', payload_len, sid, functionId) .. data
end
discover_device_id_recursive = function(host, port, sid, start_id, objects_table)
local rsid = form_rsid(sid, 0x2B, "\x0E\x01" .. bin.pack('C', start_id))
local rsid = form_rsid(sid, 0x2B, "\x0E\x01" .. string.pack('B', start_id))
local status, result = comm.exchange(host, port, rsid)
if ( status and (#result >= 8)) then
local ret_code = string.byte(result, 8)
@@ -100,8 +99,7 @@ end
local extract_slave_id = function(response)
local byte_count = string.byte(response, 9)
if ( byte_count == nil or byte_count == 0) then return nil end
local offset, slave_id = bin.unpack("A"..byte_count, response, 10)
return slave_id
return string.unpack("c"..byte_count, response, 10)
end
modbus_exception_codes = {

12
scripts/oracle-sid-brute.nse
View File

@@ -1,4 +1,3 @@
local bin = require "bin"
local io = require "io"
local nmap = require "nmap"
local shortport = require "shortport"
@@ -56,7 +55,7 @@ local tns_type = {CONNECT=1, REFUSE=4, REDIRECT=5, RESEND=11}
--
local function create_tns_header(packetType, packetLength)
local request = bin.pack( ">SSCCS",
local request = string.pack( ">I2 I2 BB I2",
packetLength + 34, -- Packet Length
0, -- Packet Checksum
tns_type[packetType], -- Packet Type
@@ -82,7 +81,7 @@ local function create_connect_packet( host_ip, port_no, sid )
"(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))\z
(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", sid, host_ip, port_no)
local data = bin.pack(">SSSSSSSSSSICCA",
local data = string.pack(">I2 I2 I2 I2 I2 I2 I2 I2 I2 I2 I4 BB",
308, -- Version
300, -- Version (Compatibility)
0, -- Service Options
@@ -95,9 +94,9 @@ local function create_connect_packet( host_ip, port_no, sid )
34, -- Offset to connect data
0, -- Maximum Receivable Connect Data
1, -- Connect Flags 0
1, -- Connect Flags 1
connect_data
1 -- Connect Flags 1
)
.. connect_data
local header = create_tns_header("CONNECT", connect_data:len() )
@@ -116,8 +115,7 @@ local function process_tns_packet( packet )
local tnspacket = {}
-- just pull out the bare minimum to be able to match
local _
_, tnspacket.Length, tnspacket.Checksum, tnspacket.Type = bin.unpack(">SSC", packet)
tnspacket.Length, tnspacket.Checksum, tnspacket.Type = string.unpack(">I2I2B", packet)
return tnspacket

10
scripts/rdp-enum-encryption.nse
View File

@@ -29,12 +29,12 @@ author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
local bin = require("bin")
local nmap = require("nmap")
local table = require("table")
local shortport = require("shortport")
local rdp = require("rdp")
local stdnse = require("stdnse")
local string = require "string"
categories = {"safe", "discovery"}
@@ -71,11 +71,11 @@ local function enum_protocols(host, port)
return false, response
end
local pos, success = bin.unpack("C", response.itut.data)
local success = string.unpack("B", response.itut.data)
if ( success == 2 ) then
table.insert(res_proto, ("%s: SUCCESS"):format(k))
elseif ( nmap.debugging() > 0 ) then
local pos, err = bin.unpack("C", response.itut.data, 5)
local err = string.unpack("B", response.itut.data, 5)
if ( err > 0 ) then
table.insert(res_proto, ("%s: FAILED (%s)"):format(k, ERRORS[err] or "Unknown"))
else
@@ -133,8 +133,8 @@ local function enum_ciphers(host, port)
local status, response = comm:exch(msc)
comm:close()
if ( status ) then
local pos, enc_level = bin.unpack("C", response.itut.data, 95 + 8)
local pos, enc_cipher= bin.unpack("C", response.itut.data, 95 + 4)
local enc_level = string.unpack("B", response.itut.data, 95 + 8)
local enc_cipher= string.unpack("B", response.itut.data, 95 + 4)
if ( enc_cipher == v ) then
table.insert(res_ciphers, ("%s: SUCCESS"):format(k))
end

10
scripts/rdp-vuln-ms12-020.nse
View File

@@ -1,7 +1,7 @@
local bin = require "bin"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns"
description = [[
@@ -192,13 +192,13 @@ action = function(host, port)
status, err = socket:send(connectInitial)
status, err = socket:send(userRequest) -- send attach user request
status, response = socket:receive_bytes(0) -- receive attach user confirm
pos,user1 = bin.unpack(">S",response:sub(10,11)) -- user_channel-1001 - see http://msdn.microsoft.com/en-us/library/cc240918%28v=prot.10%29.aspx
user1, pos = string.unpack(">I2", response, 10) -- user_channel-1001 - see http://msdn.microsoft.com/en-us/library/cc240918%28v=prot.10%29.aspx
status, err = socket:send(userRequest) -- send another attach user request
status, response = socket:receive_bytes(0) -- receive another attach user confirm
pos,user2 = bin.unpack(">S",response:sub(10,11)) -- second user's channel - 1001
user2, pos = string.unpack(">I2", response, 10) -- second user's channel - 1001
user2 = user2+1001 -- second user's channel
local data4 = bin.pack(">SS",user1,user2)
local data4 = string.pack(">I2I2", user1, user2)
local data5 = stdnse.fromhex("0300000c02f08038") -- channel join request TPDU
local channelJoinRequest = data5 .. data4
status, err = socket:send(channelJoinRequest) -- bogus channel join request user1 requests channel of user2
@@ -208,7 +208,7 @@ action = function(host, port)
-- see http://msdn.microsoft.com/en-us/library/cc240911%28v=prot.10%29.aspx
-- service is vulnerable
-- send a valid request to prevent the BSoD
data4 = bin.pack(">SS",user2-1001,user2)
data4 = string.pack(">I2I2", user2 - 1001, user2)
channelJoinRequest = data5 .. data4 -- valid join request
status, err = socket:send(channelJoinRequest)
status, response = socket:receive_bytes(0)

8
scripts/rpc-grind.nse
View File

@@ -1,7 +1,7 @@
local stdnse = require "stdnse"
local string = require "string"
local nmap = require "nmap"
local rpc = require "rpc"
local bin = require "bin"
local math = require "math"
local io = require "io"
local coroutine = require "coroutine"
@@ -103,8 +103,7 @@ local isRPC = function(host, port)
-- If we got response, set port to open
nmap.set_port_state(host, port, "open")
_, rxid = bin.unpack(">I", data, 1)
_, msgtype = bin.unpack(">I", data, 5)
rxid, msgtype = string.unpack(">I4 I4", data)
-- If response XID does match request XID
-- and message type equals 1 (REPLY) then
-- it is a RPC port.
@@ -209,8 +208,7 @@ local rpcGrinder = function(host, port, iterator, result)
if response.accept_state == rpc.Portmap.AcceptState.PROG_MISMATCH then
result.program = program
result.number = number
_, result.highver = bin.unpack(">I", data, #data - 3)
_, result.lowver = bin.unpack(">I", data, #data - 7)
result.lowver, result.highver = string.unpack(">I4 I4", data, #data - 7)
table.insert(result, true) -- To make #result > 1
-- Otherwise, an Accept state other than Program unavailable is not normal behaviour.

14
scripts/telnet-encryption.nse
View File

@@ -1,7 +1,7 @@
local bin = require "bin"
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
description = [[
@@ -50,20 +50,20 @@ local function processOptions(data)
local result = {}
while ( pos < #data ) do
local iac, cmd, option
pos, iac, cmd = bin.unpack("CC", data, pos)
iac, cmd, pos = string.unpack("BB", data, pos)
if ( 0xFF ~= iac ) then
break
end
if ( COMMAND.SubCommand == cmd ) then
repeat
pos, iac = bin.unpack("C", data, pos)
iac, pos = string.unpack("B", data, pos)
until( pos == #data or 0xFF == iac )
pos, cmd = bin.unpack("C", data, pos)
cmd, pos = string.unpack("B", data, pos)
if ( not(cmd) == 0xF0 ) then
return false, "Failed to parse options"
end
else
pos, option = bin.unpack("H", data, pos)
pos, option = string.unpack("B", data, pos)
result[option] = result[option] or {}
table.insert(result[option], cmd)
end
@@ -95,9 +95,9 @@ action = function(host, port)
if ( not(status) ) then
return fail("Failed to process telnet options")
end
until( result.done or result.cmds['26'] )
until( result.done or result.cmds[0x26] )
for _, cmd in ipairs(result.cmds['26'] or {}) do
for _, cmd in ipairs(result.cmds[0x26] or {}) do
if ( COMMAND.Will == cmd or COMMAND.Do == cmd ) then
return "\n Telnet server supports encryption"
end