PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove some more bin.lua packings, and fix one mistake in broadcast-ping.nse

Browse Source
This commit is contained in:
dmiller
2018-09-19 04:09:53 +00:00
parent 6986077364
commit cb24d657e2
5 changed files with 60 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
nselib/bjnp.lua
View File

@@ -8,11 +8,11 @@
-- @author Patrik Karlsson <patrik [at] cqure.net>
--
local bin = require("bin")
local nmap = require("nmap")
local os = require("os")
local stdnse = require("stdnse")
local table = require("table")
local string = require "string"
_ENV = stdnse.module("bjnp", stdnse.seeall)
@@ -39,15 +39,14 @@ BJNP = {
parse = function(data)
local hdr = BJNP.Header:new({ code = -1 })
local pos
pos, hdr.id, hdr.type, hdr.code,
hdr.seq, hdr.session, hdr.length = bin.unpack(">A4CCISI", data)
hdr.id, hdr.type, hdr.code,
hdr.seq, hdr.session, hdr.length = string.unpack(">c4BBI4I2I4", data)
return hdr
end,
__tostring = function(self)
return bin.pack(">ACCISI",
return string.pack(">c4BBI4I2I4",
self.id,
self.type,
self.code,
@@ -93,7 +92,7 @@ BJNP = {
end,
__tostring = function(self)
return tostring(self.header) .. bin.pack(">I", self.data)
return tostring(self.header) .. string.pack(">I4", self.data)
end,
}
@@ -115,11 +114,12 @@ BJNP = {
identity.header = BJNP.Header.parse(data)
local pos = #tostring(identity.header) + 1
local pos, len = bin.unpack(">S", data, pos)
if ( len ) then
pos, identity.data = bin.unpack("A" .. len - 2, data, pos)
return identity
if pos - 1 > #data - 2 then
return nil
end
local len, pos = string.unpack(">I2", data, pos)
identity.data = string.unpack("c" .. len - 2, data, pos)
return identity
end,
@@ -184,11 +184,12 @@ BJNP = {
identity.header = BJNP.Header.parse(data)
local pos = #tostring(identity.header) + 1
local pos, len = bin.unpack(">S", data, pos)
if ( len ) then
pos, identity.data = bin.unpack("A" .. len - 2, data, pos)
return identity
if pos - 1 > #data - 2 then
return nil
end
local len, pos = string.unpack(">I2", data, pos)
identity.data = string.unpack("c" .. len - 2, data, pos)
return identity
end,

57
nselib/cassandra.lua
View File

@@ -7,7 +7,6 @@
-- Version 0.1
--
local bin = require "bin"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
@@ -36,16 +35,11 @@ LOGINACC = "\x00\x00\x00\x01\x0c"
--@param password to put in format
--@return str : string in cassandra format for login
function loginstr (username, password)
return bin.pack("A>aAaaaaA",
CASSANDRAREQ,
"login",
CASSLOGINMAGIC,
"username",
username,
"password",
password,
"\x00\x00" -- add two null on the end
)
return CASSANDRAREQ
.. string.pack(">s4", "login")
.. CASSLOGINMAGIC
.. string.pack(">s4s4s4s4", "username", username, "password", password)
.. "\x00\x00" -- add two null on the end
end
--Invokes command over socket and returns the response
@@ -55,12 +49,9 @@ end
--@return status : true if ok; false if bad
--@return result : value if status ok, error msg if bad
function cmdstr (command,cnt)
return bin.pack("A>aIA",
CASSANDRAREQ,
command,
cnt,
"\x00" -- add null on the end
)
return CASSANDRAREQ
.. string.pack(">s4I4", command, cnt)
.. "\x00" -- add null on the end
end
--Invokes command over socket and returns the response
@@ -73,7 +64,7 @@ function sendcmd (socket, command, cnt)
local cmdstr = cmdstr (command,cnt)
local response
local status, err = socket:send(bin.pack(">I",string.len(cmdstr)))
local status, err = socket:send(string.pack(">I4", #cmdstr))
if ( not(status) ) then
return false, "error sending packet length"
end
@@ -87,19 +78,19 @@ function sendcmd (socket, command, cnt)
if ( not(status) ) then
return false, "error receiving length"
end
local _,size = bin.unpack(">I",response,1)
local size = string.unpack(">I4", response)
if (string.len(response) < size+4 ) then
if #response < size + 4 then
local resp2
status, resp2 = socket:receive_bytes(size+4 - string.len(response))
status, resp2 = socket:receive_bytes(size + 4 - #response)
if ( not(status) ) then
return false, "error receiving payload"
return false, "error receiving payload"
end
response = response .. resp2
end
-- magic response starts at 5th byte for 4 bytes, 4 byte for length + length of string command
if (string.sub(response,5,8+4+string.len(command)) ~= bin.pack("A>a", CASSANDRARESP, command)) then
if response:sub(5, 8 + 4 + #command) ~= CASSANDRARESP .. string.pack(">s4", command) then
return false, "protocol response error"
end
@@ -122,11 +113,8 @@ function describe_cluster_name (socket,cnt)
-- grab the size
-- pktlen(4) + CASSANDRARESP(4) + lencmd(4) + lencmd(v) + params(7) + next byte position
local position = 12+string.len(cname)+7+1
local _,size = bin.unpack(">I",resp,position)
-- read the string after the size
local value = string.sub(resp,position+4,position+4+size-1)
local position = 12 + #cname + 7 + 1
local value = string.unpack(">s4", resp, position)
return true, value
end
@@ -146,11 +134,8 @@ function describe_version (socket,cnt)
-- grab the size
-- pktlen(4) + CASSANDRARESP(4) + lencmd(4) + lencmd(v) + params(7) + next byte position
local position = 12+string.len(cname)+7+1
local _,size = bin.unpack(">I",resp,position)
-- read the string after the size
local value = string.sub(resp,position+4,position+4+size-1)
local position = 12 + #cname + 7 + 1
local value = string.unpack(">s4", resp, position)
return true, value
end
@@ -165,7 +150,7 @@ function login (socket,username,password)
local loginstr = loginstr (username, password)
local combo = username..":"..password
local status, err = socket:send(bin.pack(">I",string.len(loginstr)))
local status, err = socket:send(string.pack(">I4", #loginstr))
if ( not(status) ) then
stdnse.debug3("cannot send len "..combo)
return false, "Failed to connect to server"
@@ -183,10 +168,10 @@ function login (socket,username,password)
stdnse.debug3("Receive packet for "..combo)
return false, err
end
local _, size = bin.unpack(">I", response, 1)
local size = string.unpack(">I4", response)
local loginresp = string.sub(response,5,17)
if (loginresp ~= bin.pack("A>a", CASSANDRARESP, "login")) then
if (loginresp ~= CASSANDRARESP .. string.pack(">s4", "login")) then
return false, "protocol error"
end

24
nselib/drda.lua
View File

@@ -58,7 +58,6 @@
-- x Apache Derby
-- x IBM Informix Dynamic Server
local bin = require "bin"
local match = require "match"
local nmap = require "nmap"
local stdnse = require "stdnse"
@@ -229,11 +228,13 @@ DRDA = {
return nil
end
local data = bin.pack(">SCCSSS", self.DDM.Length, self.DDM.Magic, self.DDM.Format, self.DDM.CorelId, self.DDM.Length2, self.DDM.CodePoint )
local data = {
string.pack(">I2BBI2I2I2", self.DDM.Length, self.DDM.Magic, self.DDM.Format, self.DDM.CorelId, self.DDM.Length2, self.DDM.CodePoint )
}
for k,v in ipairs(self.Parameters) do
data = data .. tostring(v)
data[#data+1] = tostring(v)
end
return data
return table.concat(data)
end,
--- Sends the DRDA over the db2socket
@@ -305,7 +306,7 @@ DRDAParameter = {
--
-- @return data string containing the DRDA Parameter
__tostring = function( self )
return bin.pack(">SSA", self.Length, self.CodePoint, self.Data or "" )
return string.pack(">I2I2", self.Length, self.CodePoint) .. (self.Data or "")
end,
--- Builds a DRDA Parameter from a string
@@ -317,13 +318,10 @@ DRDAParameter = {
if( #data < 4 ) then
return -1
end
pos, self.Length, self.CodePoint = bin.unpack( ">SS", data, pos )
-- make sure the Length is assigned a value even though 0(nil) is returned
self.Length = self.Length or 0
self.Length, self.CodePoint, pos = string.unpack( ">I2I2", data, pos )
if ( self.Length > 0 ) then
pos, self.Data = bin.unpack("A" .. self.Length - 4, data, pos )
self.Data, pos = string.unpack("c" .. self.Length - 4, data, pos )
end
return pos
end,
@@ -381,7 +379,7 @@ DDM = {
--- Converts the DDM object to a string
__tostring = function( self )
return bin.pack(">SCCSSS", self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint)
return string.pack(">I2BBI2I2I2", self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint)
end,
--- Constructs a DDM object from a string
@@ -395,7 +393,7 @@ DDM = {
return -1, ("drda.DDM.fromString: str was less than DDM_SIZE (%d)"):format( DDM_SIZE )
end
pos, self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint = bin.unpack( ">SCCSSS", str )
self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint, pos = string.unpack( ">I2BBI2I2I2", str )
return pos
end,
@@ -617,7 +615,7 @@ Helper = {
return false, "ERROR: Response did not contain any valid security mechanisms"
end
if ( select(2, bin.unpack(">S", param:getData())) ~= SecMec.USER_PASSWORD ) then
if ( string.unpack(">I2", param:getData()) ~= SecMec.USER_PASSWORD ) then
stdnse.debug1("drda.Helper.login: ERROR: Securite Mechanism not supported")
return false, "ERROR: Security mechanism not supported"
end

25
nselib/iax2.lua
View File

@@ -5,11 +5,11 @@
-- @author Patrik Karlsson <patrik@cqure.net>
--
local bin = require "bin"
local math = require "math"
local nmap = require "nmap"
local os = require "os"
local stdnse = require "stdnse"
local string = require "string"
local openssl = stdnse.silent_require "openssl"
local table = require "table"
_ENV = stdnse.module("iax2", stdnse.seeall)
@@ -72,26 +72,25 @@ IAX2 = {
-- @return header instance of Header
parse = function(data)
local header = IAX2.Header:new()
local pos, frame_type = bin.unpack("C", data)
local frame_type, pos = string.unpack("B", data)
if ( (frame_type & 0x80) == 0 ) then
print("frame_type", stdnse.tohex(frame_type))
stdnse.debug2("Frametype not supported")
return
end
header.type = IAX2.PacketType.FULL
pos, header.src_call = bin.unpack(">S", data)
header.src_call, pos = string.unpack(">I2", data)
header.src_call = (header.src_call & 0x7FFF)
local retrans
pos, retrans = bin.unpack("C", data, pos)
local retrans = string.unpack("B", data, pos)
if ( (retrans & 0x80) == 8 ) then
header.retrans = true
end
pos, header.dst_call = bin.unpack(">S", data, pos - 1)
header.dst_call, pos = string.unpack(">I2", data, pos)
header.dst_call = (header.dst_call & 0x7FFF)
pos, header.timestamp, header.oseqno,
header.iseqno, header.frametype, header.subclass = bin.unpack(">ICCCC", data, pos)
header.timestamp, header.oseqno,
header.iseqno, header.frametype, header.subclass, pos = string.unpack(">I4BBBB", data, pos)
return header
end,
@@ -109,7 +108,7 @@ IAX2 = {
if ( self.retrans ) then
dst_call = dst_call + 32768
end
return bin.pack(">SSICCCC", src_call, dst_call, self.timestamp,
return string.pack(">I2I2 I4BBBB", src_call, dst_call, self.timestamp,
self.oseqno, self.iseqno, self.frametype, self.subclass)
end,
},
@@ -155,12 +154,12 @@ IAX2 = {
-- Converts the instance to a string
-- @return str containing the instance
__tostring = function(self)
local data = ""
local data = {}
for _, ie in ipairs(self.ies) do
data = data .. bin.pack("Cp", ie.type, ie.value )
data[#data+1] = string.pack("Bs1", ie.type, ie.value )
end
return tostring(self.header) .. data
return tostring(self.header) .. table.concat(data)
end,
},
@@ -213,7 +212,7 @@ IAX2 = {
resp.ies = {}
repeat
local ie = {}
pos, ie.type, ie.value = bin.unpack(">Cp", data, pos)
ie.type, ie.value, pos = string.unpack(">Bs1", data, pos)
table.insert(resp.ies, ie)
until( pos > #data )
return resp

2
scripts/broadcast-ping.nse
View File

@@ -115,7 +115,7 @@ local icmp_packet = function(srcIP, dstIP, ttl, data_length, mtu, seqNo, icmp_id
20 + #icmp_msg, -- total length
0) -- IP ID
.. "\x40\x00" -- DF
.. string.pack("CC",
.. string.pack("BB",
ttl,
1 -- ICMP
)