PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity

Remove bin.lua from more scripts

Browse Source
This commit is contained in:
dmiller
2018-09-06 14:20:31 +00:00
parent 8b371c3b96
commit c2ac2856d3
11 changed files with 59 additions and 73 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
scripts/broadcast-ataoe-discover.nse
View File

@@ -1,8 +1,8 @@
local bin = require "bin"
local math = require "math" local math = require "math"
local nmap = require "nmap" local nmap = require "nmap"
local packet = require "packet" local packet = require "packet"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string"
local table = require "table" local table = require "table"
description = [[ description = [[
@@ -63,9 +63,9 @@ ATAoE = {
local header = ATAoE.Header:new() local header = ATAoE.Header:new()
local pos, verflags local pos, verflags
pos, verflags, header.error, verflags, header.error,
header.major, header.minor, header.major, header.minor,
header.cmd, header.tag = bin.unpack(">CCSCCI", data) header.cmd, header.tag, pos = string.unpack(">BBI2BBI4", data)
header.version = verflags >> 4 header.version = verflags >> 4
header.flags = verflags & 0x0F header.flags = verflags & 0x0F
return header return header
@@ -75,7 +75,7 @@ ATAoE = {
__tostring = function(self) __tostring = function(self)
assert(self.tag, "No tag was specified in Config Info Request") assert(self.tag, "No tag was specified in Config Info Request")
local verflags = self.version << 4 local verflags = self.version << 4
return bin.pack(">CCSCCI", verflags, self.error, self.major, self.minor, self.cmd, self.tag) return string.pack(">BBI2BBI4", verflags, self.error, self.major, self.minor, self.cmd, self.tag)
end, end,
}, },
@@ -106,7 +106,7 @@ local function sendConfigInfoRequest(iface)
local p = packet.Frame:new() local p = packet.Frame:new()
p.mac_src = iface.mac p.mac_src = iface.mac
p.mac_dst = packet.mactobin(ETHER_BROADCAST) p.mac_dst = packet.mactobin(ETHER_BROADCAST)
p.ether_type = bin.pack(">S", P_ATAOE) p.ether_type = string.pack(">I2", P_ATAOE)
p.buf = tostring(req) p.buf = tostring(req)
p:build_ether_frame() p:build_ether_frame()

16
scripts/broadcast-ping.nse
View File

@@ -1,10 +1,10 @@
local bin = require "bin"
local coroutine = require "coroutine" local coroutine = require "coroutine"
local ipOps = require "ipOps" local ipOps = require "ipOps"
local nmap = require "nmap" local nmap = require "nmap"
local packet = require "packet" local packet = require "packet"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local tab = require "tab" local tab = require "tab"
local string = require "string"
local table = require "table" local table = require "table"
local target = require "target" local target = require "target"
@@ -102,22 +102,24 @@ local icmp_packet = function(srcIP, dstIP, ttl, data_length, mtu, seqNo, icmp_id
end end
-- Type=08; Code=00; Chksum=0000; ID=icmp_id; SeqNo=icmp_seqNo; Payload=icmp_payload(hex string); -- Type=08; Code=00; Chksum=0000; ID=icmp_id; SeqNo=icmp_seqNo; Payload=icmp_payload(hex string);
local icmp_msg = bin.pack(">CCSASA", 8, 0, 0, icmp_id, seqNo, icmp_payload) local icmp_msg = string.pack(">BBI2", 8, 0, 0) .. icmp_id .. string.pack("I2", seqNo) .. icmp_payload
local icmp_checksum = packet.in_cksum(icmp_msg) local icmp_checksum = packet.in_cksum(icmp_msg)
icmp_msg = bin.pack(">CCSASA", 8, 0, icmp_checksum, icmp_id, seqNo, icmp_payload) icmp_msg = string.pack(">BBI2", 8, 0, icmp_checksum) .. icmp_id .. string.pack("I2", seqNo) .. icmp_payload
--IP header --IP header
local ip_bin = bin.pack(">ASSACCx10", -- x10 = checksum & addresses local ip_bin = "\x45\x00", -- IPv4, no options, no DSCN, no ECN
"\x45\x00", -- IPv4, no options, no DSCN, no ECN string.pack(">I2I2",
20 + #icmp_msg, -- total length 20 + #icmp_msg, -- total length
0, -- IP ID 0) -- IP ID
"\x40\x00", -- DF .. "\x40\x00" -- DF
.. string.pack("CC",
ttl, ttl,
1 -- ICMP 1 -- ICMP
) )
.. ("\0"):rep(10) -- checksum & addresses
-- IP+ICMP; Addresses and checksum need to be filled -- IP+ICMP; Addresses and checksum need to be filled
local icmp_bin = ip_bin .. icmp_msg local icmp_bin = ip_bin .. icmp_msg

9
scripts/krb5-enum-users.nse
View File

@@ -1,5 +1,4 @@
local asn1 = require "asn1" local asn1 = require "asn1"
local bin = require "bin"
local coroutine = require "coroutine" local coroutine = require "coroutine"
local nmap = require "nmap" local nmap = require "nmap"
local os = require "os" local os = require "os"
@@ -140,9 +139,9 @@ KRB5 = {
local len = asn1.ASN1Encoder.encodeLength(#val[1]) local len = asn1.ASN1Encoder.encodeLength(#val[1])
if ( val._type and types[val._type] ) then if ( val._type and types[val._type] ) then
return bin.pack("CAA", types[val._type], len, val[1]) return string.pack("B", types[val._type]) .. len .. val[1]
elseif ( val._type and 'number' == type(val._type) ) then elseif ( val._type and 'number' == type(val._type) ) then
return bin.pack("CAA", val._type, len, val[1]) return string.pack("B", val._type) .. len .. val[1]
end end
end, end,
@@ -227,7 +226,7 @@ KRB5 = {
-- forwardable -- forwardable
local kdc_options = 0x40000000 local kdc_options = 0x40000000
data = bin.pack(">I", kdc_options) .. data data = string.pack(">I4", kdc_options) .. data
-- add padding -- add padding
data = '\0' .. data data = '\0' .. data
@@ -245,7 +244,7 @@ KRB5 = {
data = self:encodeSequence(encoder, 0x6a, data) data = self:encodeSequence(encoder, 0x6a, data)
if ( protocol == "tcp" ) then if ( protocol == "tcp" ) then
data = bin.pack(">I", #data) .. data data = string.pack(">s4", data)
end end
return data return data

27
scripts/metasploit-msgrpc-brute.nse
View File

@@ -3,7 +3,6 @@ local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string" local string = require "string"
local http = require "http" local http = require "http"
local bin = require "bin"
local creds = require "creds" local creds = require "creds"
description = [[ description = [[
@@ -38,25 +37,19 @@ categories = {"intrusive", "brute"}
portrule = shortport.port_or_service(55553,"metasploit-msgrpc") portrule = shortport.port_or_service(55553,"metasploit-msgrpc")
-- returns a "prefix" that msgpack uses for strings
local get_prefix = function(data)
if #data <= 31 then
return string.pack("B", 0xa0 + #data)
else
return "\xda" .. string.pack(">I2", #data)
end
end
-- simple function that implements basic msgpack encoding we need for this script -- simple function that implements basic msgpack encoding we need for this script
-- see http://wiki.msgpack.org/display/MSGPACK/Format+specification for more -- see http://wiki.msgpack.org/display/MSGPACK/Format+specification for more
local encode = function(username, password) local encode = function(username, password)
local method = "auth.login" return "\x93\xaaauth.login" .. get_prefix(username) .. username .. get_prefix(password) .. password
local username_prefix
local password_prefix
if string.len(username) <= 31 then -- http://wiki.msgpack.org/display/MSGPACK/Format+specification#Formatspecification-fixraw
username_prefix = bin.pack("C",0xa0 + string.len(username))
else -- http://wiki.msgpack.org/display/MSGPACK/Format+specification#Formatspecification-raw16
username_prefix = "\xda" .. bin.pack(">s",string.len(username))
end
if string.len(password) <= 31 then
password_prefix = bin.pack("C",0xa0 + string.len(password))
else
password_prefix = "\xda" .. bin.pack(">s",string.len(password))
end
return "\x93\xaa" .. method .. username_prefix .. username .. password_prefix .. password
end end
Driver = { Driver = {

8
scripts/mikrotik-routeros-brute.nse
View File

@@ -27,7 +27,6 @@ license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"intrusive", "brute"} categories = {"intrusive", "brute"}
local shortport = require "shortport" local shortport = require "shortport"
local bin = require "bin"
local brute = require "brute" local brute = require "brute"
local creds = require "creds" local creds = require "creds"
local nmap = require "nmap" local nmap = require "nmap"
@@ -55,7 +54,7 @@ Driver =
login = function( self, username, password ) login = function( self, username, password )
local status, data, try local status, data, try
data = bin.pack("cAx", 0x6,"/login") data = string.pack("s1x", "/login")
--Connect to service and obtain the challenge response --Connect to service and obtain the challenge response
try = nmap.new_try(function() return false end) try = nmap.new_try(function() return false end)
@@ -67,10 +66,9 @@ Driver =
--If we find the challenge value we continue the connection process --If we find the challenge value we continue the connection process
if ret then if ret then
stdnse.debug1("Challenge value found:%s", ret) stdnse.debug1("Challenge value found:%s", ret)
local md5str = bin.pack("xAA", password, stdnse.fromhex( ret)) --appends pwd and challenge local md5str = "\0" .. password .. stdnse.fromhex(ret) --appends pwd and challenge
local chksum = stdnse.tohex(openssl.md5(md5str)) local chksum = stdnse.tohex(openssl.md5(md5str))
local user_l = username:len()+6 --we add six because of the string "=name=" local login_pkt = string.pack("s1s1s1x", "/login", "=name="..username, "=response=00"..chksum)
local login_pkt = bin.pack("cAcAcAx", 0x6, "/login", user_l, "=name="..username, 0x2c, "=response=00"..chksum)
try(self.s:send(login_pkt)) try(self.s:send(login_pkt))
data = try(self.s:receive_bytes(50)) data = try(self.s:receive_bytes(50))
stdnse.debug1("Response #2:%s", data) stdnse.debug1("Response #2:%s", data)

8
scripts/modbus-discover.nse
View File

@@ -1,4 +1,3 @@
local bin = require "bin"
local comm = require "comm" local comm = require "comm"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
@@ -60,11 +59,11 @@ local form_rsid = function(sid, functionId, data)
if ( #data > 0 ) then if ( #data > 0 ) then
payload_len = payload_len + #data payload_len = payload_len + #data
end end
return "\0\0\0\0\0" .. bin.pack('CCC', payload_len, sid, functionId) .. data return "\0\0\0\0\0" .. string.pack('BBB', payload_len, sid, functionId) .. data
end end
discover_device_id_recursive = function(host, port, sid, start_id, objects_table) discover_device_id_recursive = function(host, port, sid, start_id, objects_table)
local rsid = form_rsid(sid, 0x2B, "\x0E\x01" .. bin.pack('C', start_id)) local rsid = form_rsid(sid, 0x2B, "\x0E\x01" .. string.pack('B', start_id))
local status, result = comm.exchange(host, port, rsid) local status, result = comm.exchange(host, port, rsid)
if ( status and (#result >= 8)) then if ( status and (#result >= 8)) then
local ret_code = string.byte(result, 8) local ret_code = string.byte(result, 8)
@@ -100,8 +99,7 @@ end
local extract_slave_id = function(response) local extract_slave_id = function(response)
local byte_count = string.byte(response, 9) local byte_count = string.byte(response, 9)
if ( byte_count == nil or byte_count == 0) then return nil end if ( byte_count == nil or byte_count == 0) then return nil end
local offset, slave_id = bin.unpack("A"..byte_count, response, 10) return string.unpack("c"..byte_count, response, 10)
return slave_id
end end
modbus_exception_codes = { modbus_exception_codes = {

12
scripts/oracle-sid-brute.nse
View File

@@ -1,4 +1,3 @@
local bin = require "bin"
local io = require "io" local io = require "io"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
@@ -56,7 +55,7 @@ local tns_type = {CONNECT=1, REFUSE=4, REDIRECT=5, RESEND=11}
-- --
local function create_tns_header(packetType, packetLength) local function create_tns_header(packetType, packetLength)
local request = bin.pack( ">SSCCS", local request = string.pack( ">I2 I2 BB I2",
packetLength + 34, -- Packet Length packetLength + 34, -- Packet Length
0, -- Packet Checksum 0, -- Packet Checksum
tns_type[packetType], -- Packet Type tns_type[packetType], -- Packet Type
@@ -82,7 +81,7 @@ local function create_connect_packet( host_ip, port_no, sid )
"(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))\z "(DESCRIPTION=(CONNECT_DATA=(SID=%s)(CID=(PROGRAM=)(HOST=__jdbc__)(USER=)))\z
(ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", sid, host_ip, port_no) (ADDRESS=(PROTOCOL=tcp)(HOST=%s)(PORT=%d)))", sid, host_ip, port_no)
local data = bin.pack(">SSSSSSSSSSICCA", local data = string.pack(">I2 I2 I2 I2 I2 I2 I2 I2 I2 I2 I4 BB",
308, -- Version 308, -- Version
300, -- Version (Compatibility) 300, -- Version (Compatibility)
0, -- Service Options 0, -- Service Options
@@ -95,9 +94,9 @@ local function create_connect_packet( host_ip, port_no, sid )
34, -- Offset to connect data 34, -- Offset to connect data
0, -- Maximum Receivable Connect Data 0, -- Maximum Receivable Connect Data
1, -- Connect Flags 0 1, -- Connect Flags 0
1, -- Connect Flags 1 1 -- Connect Flags 1
connect_data
) )
.. connect_data
local header = create_tns_header("CONNECT", connect_data:len() ) local header = create_tns_header("CONNECT", connect_data:len() )
@@ -116,8 +115,7 @@ local function process_tns_packet( packet )
local tnspacket = {} local tnspacket = {}
-- just pull out the bare minimum to be able to match -- just pull out the bare minimum to be able to match
local _ tnspacket.Length, tnspacket.Checksum, tnspacket.Type = string.unpack(">I2I2B", packet)
_, tnspacket.Length, tnspacket.Checksum, tnspacket.Type = bin.unpack(">SSC", packet)
return tnspacket return tnspacket

10
scripts/rdp-enum-encryption.nse
View File

@@ -29,12 +29,12 @@ author = "Patrik Karlsson"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html" license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
local bin = require("bin")
local nmap = require("nmap") local nmap = require("nmap")
local table = require("table") local table = require("table")
local shortport = require("shortport") local shortport = require("shortport")
local rdp = require("rdp") local rdp = require("rdp")
local stdnse = require("stdnse") local stdnse = require("stdnse")
local string = require "string"
categories = {"safe", "discovery"} categories = {"safe", "discovery"}
@@ -71,11 +71,11 @@ local function enum_protocols(host, port)
return false, response return false, response
end end
local pos, success = bin.unpack("C", response.itut.data) local success = string.unpack("B", response.itut.data)
if ( success == 2 ) then if ( success == 2 ) then
table.insert(res_proto, ("%s: SUCCESS"):format(k)) table.insert(res_proto, ("%s: SUCCESS"):format(k))
elseif ( nmap.debugging() > 0 ) then elseif ( nmap.debugging() > 0 ) then
local pos, err = bin.unpack("C", response.itut.data, 5) local err = string.unpack("B", response.itut.data, 5)
if ( err > 0 ) then if ( err > 0 ) then
table.insert(res_proto, ("%s: FAILED (%s)"):format(k, ERRORS[err] or "Unknown")) table.insert(res_proto, ("%s: FAILED (%s)"):format(k, ERRORS[err] or "Unknown"))
else else
@@ -133,8 +133,8 @@ local function enum_ciphers(host, port)
local status, response = comm:exch(msc) local status, response = comm:exch(msc)
comm:close() comm:close()
if ( status ) then if ( status ) then
local pos, enc_level = bin.unpack("C", response.itut.data, 95 + 8) local enc_level = string.unpack("B", response.itut.data, 95 + 8)
local pos, enc_cipher= bin.unpack("C", response.itut.data, 95 + 4) local enc_cipher= string.unpack("B", response.itut.data, 95 + 4)
if ( enc_cipher == v ) then if ( enc_cipher == v ) then
table.insert(res_ciphers, ("%s: SUCCESS"):format(k)) table.insert(res_ciphers, ("%s: SUCCESS"):format(k))
end end

10
scripts/rdp-vuln-ms12-020.nse
View File

@@ -1,7 +1,7 @@
local bin = require "bin"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns" local vulns = require "vulns"
description = [[ description = [[
@@ -192,13 +192,13 @@ action = function(host, port)
status, err = socket:send(connectInitial) status, err = socket:send(connectInitial)
status, err = socket:send(userRequest) -- send attach user request status, err = socket:send(userRequest) -- send attach user request
status, response = socket:receive_bytes(0) -- receive attach user confirm status, response = socket:receive_bytes(0) -- receive attach user confirm
pos,user1 = bin.unpack(">S",response:sub(10,11)) -- user_channel-1001 - see http://msdn.microsoft.com/en-us/library/cc240918%28v=prot.10%29.aspx user1, pos = string.unpack(">I2", response, 10) -- user_channel-1001 - see http://msdn.microsoft.com/en-us/library/cc240918%28v=prot.10%29.aspx
status, err = socket:send(userRequest) -- send another attach user request status, err = socket:send(userRequest) -- send another attach user request
status, response = socket:receive_bytes(0) -- receive another attach user confirm status, response = socket:receive_bytes(0) -- receive another attach user confirm
pos,user2 = bin.unpack(">S",response:sub(10,11)) -- second user's channel - 1001 user2, pos = string.unpack(">I2", response, 10) -- second user's channel - 1001
user2 = user2+1001 -- second user's channel user2 = user2+1001 -- second user's channel
local data4 = bin.pack(">SS",user1,user2) local data4 = string.pack(">I2I2", user1, user2)
local data5 = stdnse.fromhex("0300000c02f08038") -- channel join request TPDU local data5 = stdnse.fromhex("0300000c02f08038") -- channel join request TPDU
local channelJoinRequest = data5 .. data4 local channelJoinRequest = data5 .. data4
status, err = socket:send(channelJoinRequest) -- bogus channel join request user1 requests channel of user2 status, err = socket:send(channelJoinRequest) -- bogus channel join request user1 requests channel of user2
@@ -208,7 +208,7 @@ action = function(host, port)
-- see http://msdn.microsoft.com/en-us/library/cc240911%28v=prot.10%29.aspx -- see http://msdn.microsoft.com/en-us/library/cc240911%28v=prot.10%29.aspx
-- service is vulnerable -- service is vulnerable
-- send a valid request to prevent the BSoD -- send a valid request to prevent the BSoD
data4 = bin.pack(">SS",user2-1001,user2) data4 = string.pack(">I2I2", user2 - 1001, user2)
channelJoinRequest = data5 .. data4 -- valid join request channelJoinRequest = data5 .. data4 -- valid join request
status, err = socket:send(channelJoinRequest) status, err = socket:send(channelJoinRequest)
status, response = socket:receive_bytes(0) status, response = socket:receive_bytes(0)

8
scripts/rpc-grind.nse
View File

@@ -1,7 +1,7 @@
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string"
local nmap = require "nmap" local nmap = require "nmap"
local rpc = require "rpc" local rpc = require "rpc"
local bin = require "bin"
local math = require "math" local math = require "math"
local io = require "io" local io = require "io"
local coroutine = require "coroutine" local coroutine = require "coroutine"
@@ -103,8 +103,7 @@ local isRPC = function(host, port)
-- If we got response, set port to open -- If we got response, set port to open
nmap.set_port_state(host, port, "open") nmap.set_port_state(host, port, "open")
_, rxid = bin.unpack(">I", data, 1) rxid, msgtype = string.unpack(">I4 I4", data)
_, msgtype = bin.unpack(">I", data, 5)
-- If response XID does match request XID -- If response XID does match request XID
-- and message type equals 1 (REPLY) then -- and message type equals 1 (REPLY) then
-- it is a RPC port. -- it is a RPC port.
@@ -209,8 +208,7 @@ local rpcGrinder = function(host, port, iterator, result)
if response.accept_state == rpc.Portmap.AcceptState.PROG_MISMATCH then if response.accept_state == rpc.Portmap.AcceptState.PROG_MISMATCH then
result.program = program result.program = program
result.number = number result.number = number
_, result.highver = bin.unpack(">I", data, #data - 3) result.lowver, result.highver = string.unpack(">I4 I4", data, #data - 7)
_, result.lowver = bin.unpack(">I", data, #data - 7)
table.insert(result, true) -- To make #result > 1 table.insert(result, true) -- To make #result > 1
-- Otherwise, an Accept state other than Program unavailable is not normal behaviour. -- Otherwise, an Accept state other than Program unavailable is not normal behaviour.

14
scripts/telnet-encryption.nse
View File

@@ -1,7 +1,7 @@
local bin = require "bin"
local nmap = require "nmap" local nmap = require "nmap"
local shortport = require "shortport" local shortport = require "shortport"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string"
local table = require "table" local table = require "table"
description = [[ description = [[
@@ -50,20 +50,20 @@ local function processOptions(data)
local result = {} local result = {}
while ( pos < #data ) do while ( pos < #data ) do
local iac, cmd, option local iac, cmd, option
pos, iac, cmd = bin.unpack("CC", data, pos) iac, cmd, pos = string.unpack("BB", data, pos)
if ( 0xFF ~= iac ) then if ( 0xFF ~= iac ) then
break break
end end
if ( COMMAND.SubCommand == cmd ) then if ( COMMAND.SubCommand == cmd ) then
repeat repeat
pos, iac = bin.unpack("C", data, pos) iac, pos = string.unpack("B", data, pos)
until( pos == #data or 0xFF == iac ) until( pos == #data or 0xFF == iac )
pos, cmd = bin.unpack("C", data, pos) cmd, pos = string.unpack("B", data, pos)
if ( not(cmd) == 0xF0 ) then if ( not(cmd) == 0xF0 ) then
return false, "Failed to parse options" return false, "Failed to parse options"
end end
else else
pos, option = bin.unpack("H", data, pos) pos, option = string.unpack("B", data, pos)
result[option] = result[option] or {} result[option] = result[option] or {}
table.insert(result[option], cmd) table.insert(result[option], cmd)
end end
@@ -95,9 +95,9 @@ action = function(host, port)
if ( not(status) ) then if ( not(status) ) then
return fail("Failed to process telnet options") return fail("Failed to process telnet options")
end end
until( result.done or result.cmds['26'] ) until( result.done or result.cmds[0x26] )
for _, cmd in ipairs(result.cmds['26'] or {}) do for _, cmd in ipairs(result.cmds[0x26] or {}) do
if ( COMMAND.Will == cmd or COMMAND.Do == cmd ) then if ( COMMAND.Will == cmd or COMMAND.Do == cmd ) then
return "\n Telnet server supports encryption" return "\n Telnet server supports encryption"
end end