PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove some more bin.lua packings, and fix one mistake in broadcast-ping.nse

Browse Source
This commit is contained in:
dmiller
2018-09-19 04:09:53 +00:00
parent 6986077364
commit cb24d657e2
5 changed files with 60 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
nselib/bjnp.lua
View File

@@ -8,11 +8,11 @@
-- @author Patrik Karlsson <patrik [at] cqure.net> -- @author Patrik Karlsson <patrik [at] cqure.net>
-- --
local bin = require("bin")
local nmap = require("nmap") local nmap = require("nmap")
local os = require("os") local os = require("os")
local stdnse = require("stdnse") local stdnse = require("stdnse")
local table = require("table") local table = require("table")
local string = require "string"
_ENV = stdnse.module("bjnp", stdnse.seeall) _ENV = stdnse.module("bjnp", stdnse.seeall)
@@ -39,15 +39,14 @@ BJNP = {
parse = function(data) parse = function(data)
local hdr = BJNP.Header:new({ code = -1 }) local hdr = BJNP.Header:new({ code = -1 })
local pos
pos, hdr.id, hdr.type, hdr.code, hdr.id, hdr.type, hdr.code,
hdr.seq, hdr.session, hdr.length = bin.unpack(">A4CCISI", data) hdr.seq, hdr.session, hdr.length = string.unpack(">c4BBI4I2I4", data)
return hdr return hdr
end, end,
__tostring = function(self) __tostring = function(self)
return bin.pack(">ACCISI", return string.pack(">c4BBI4I2I4",
self.id, self.id,
self.type, self.type,
self.code, self.code,
@@ -93,7 +92,7 @@ BJNP = {
end, end,
__tostring = function(self) __tostring = function(self)
return tostring(self.header) .. bin.pack(">I", self.data) return tostring(self.header) .. string.pack(">I4", self.data)
end, end,
} }
@@ -115,11 +114,12 @@ BJNP = {
identity.header = BJNP.Header.parse(data) identity.header = BJNP.Header.parse(data)
local pos = #tostring(identity.header) + 1 local pos = #tostring(identity.header) + 1
local pos, len = bin.unpack(">S", data, pos) if pos - 1 > #data - 2 then
if ( len ) then return nil
pos, identity.data = bin.unpack("A" .. len - 2, data, pos)
return identity
end end
local len, pos = string.unpack(">I2", data, pos)
identity.data = string.unpack("c" .. len - 2, data, pos)
return identity
end, end,
@@ -184,11 +184,12 @@ BJNP = {
identity.header = BJNP.Header.parse(data) identity.header = BJNP.Header.parse(data)
local pos = #tostring(identity.header) + 1 local pos = #tostring(identity.header) + 1
local pos, len = bin.unpack(">S", data, pos) if pos - 1 > #data - 2 then
if ( len ) then return nil
pos, identity.data = bin.unpack("A" .. len - 2, data, pos)
return identity
end end
local len, pos = string.unpack(">I2", data, pos)
identity.data = string.unpack("c" .. len - 2, data, pos)
return identity
end, end,

57
nselib/cassandra.lua
View File

@@ -7,7 +7,6 @@
-- Version 0.1 -- Version 0.1
-- --
local bin = require "bin"
local nmap = require "nmap" local nmap = require "nmap"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string" local string = require "string"
@@ -36,16 +35,11 @@ LOGINACC = "\x00\x00\x00\x01\x0c"
--@param password to put in format --@param password to put in format
--@return str : string in cassandra format for login --@return str : string in cassandra format for login
function loginstr (username, password) function loginstr (username, password)
return bin.pack("A>aAaaaaA", return CASSANDRAREQ
CASSANDRAREQ, .. string.pack(">s4", "login")
"login", .. CASSLOGINMAGIC
CASSLOGINMAGIC, .. string.pack(">s4s4s4s4", "username", username, "password", password)
"username", .. "\x00\x00" -- add two null on the end
username,
"password",
password,
"\x00\x00" -- add two null on the end
)
end end
--Invokes command over socket and returns the response --Invokes command over socket and returns the response
@@ -55,12 +49,9 @@ end
--@return status : true if ok; false if bad --@return status : true if ok; false if bad
--@return result : value if status ok, error msg if bad --@return result : value if status ok, error msg if bad
function cmdstr (command,cnt) function cmdstr (command,cnt)
return bin.pack("A>aIA", return CASSANDRAREQ
CASSANDRAREQ, .. string.pack(">s4I4", command, cnt)
command, .. "\x00" -- add null on the end
cnt,
"\x00" -- add null on the end
)
end end
--Invokes command over socket and returns the response --Invokes command over socket and returns the response
@@ -73,7 +64,7 @@ function sendcmd (socket, command, cnt)
local cmdstr = cmdstr (command,cnt) local cmdstr = cmdstr (command,cnt)
local response local response
local status, err = socket:send(bin.pack(">I",string.len(cmdstr))) local status, err = socket:send(string.pack(">I4", #cmdstr))
if ( not(status) ) then if ( not(status) ) then
return false, "error sending packet length" return false, "error sending packet length"
end end
@@ -87,19 +78,19 @@ function sendcmd (socket, command, cnt)
if ( not(status) ) then if ( not(status) ) then
return false, "error receiving length" return false, "error receiving length"
end end
local _,size = bin.unpack(">I",response,1) local size = string.unpack(">I4", response)
if (string.len(response) < size+4 ) then if #response < size + 4 then
local resp2 local resp2
status, resp2 = socket:receive_bytes(size+4 - string.len(response)) status, resp2 = socket:receive_bytes(size + 4 - #response)
if ( not(status) ) then if ( not(status) ) then
return false, "error receiving payload" return false, "error receiving payload"
end end
response = response .. resp2 response = response .. resp2
end end
-- magic response starts at 5th byte for 4 bytes, 4 byte for length + length of string command -- magic response starts at 5th byte for 4 bytes, 4 byte for length + length of string command
if (string.sub(response,5,8+4+string.len(command)) ~= bin.pack("A>a", CASSANDRARESP, command)) then if response:sub(5, 8 + 4 + #command) ~= CASSANDRARESP .. string.pack(">s4", command) then
return false, "protocol response error" return false, "protocol response error"
end end
@@ -122,11 +113,8 @@ function describe_cluster_name (socket,cnt)
-- grab the size -- grab the size
-- pktlen(4) + CASSANDRARESP(4) + lencmd(4) + lencmd(v) + params(7) + next byte position -- pktlen(4) + CASSANDRARESP(4) + lencmd(4) + lencmd(v) + params(7) + next byte position
local position = 12+string.len(cname)+7+1 local position = 12 + #cname + 7 + 1
local _,size = bin.unpack(">I",resp,position) local value = string.unpack(">s4", resp, position)
-- read the string after the size
local value = string.sub(resp,position+4,position+4+size-1)
return true, value return true, value
end end
@@ -146,11 +134,8 @@ function describe_version (socket,cnt)
-- grab the size -- grab the size
-- pktlen(4) + CASSANDRARESP(4) + lencmd(4) + lencmd(v) + params(7) + next byte position -- pktlen(4) + CASSANDRARESP(4) + lencmd(4) + lencmd(v) + params(7) + next byte position
local position = 12+string.len(cname)+7+1 local position = 12 + #cname + 7 + 1
local _,size = bin.unpack(">I",resp,position) local value = string.unpack(">s4", resp, position)
-- read the string after the size
local value = string.sub(resp,position+4,position+4+size-1)
return true, value return true, value
end end
@@ -165,7 +150,7 @@ function login (socket,username,password)
local loginstr = loginstr (username, password) local loginstr = loginstr (username, password)
local combo = username..":"..password local combo = username..":"..password
local status, err = socket:send(bin.pack(">I",string.len(loginstr))) local status, err = socket:send(string.pack(">I4", #loginstr))
if ( not(status) ) then if ( not(status) ) then
stdnse.debug3("cannot send len "..combo) stdnse.debug3("cannot send len "..combo)
return false, "Failed to connect to server" return false, "Failed to connect to server"
@@ -183,10 +168,10 @@ function login (socket,username,password)
stdnse.debug3("Receive packet for "..combo) stdnse.debug3("Receive packet for "..combo)
return false, err return false, err
end end
local _, size = bin.unpack(">I", response, 1) local size = string.unpack(">I4", response)
local loginresp = string.sub(response,5,17) local loginresp = string.sub(response,5,17)
if (loginresp ~= bin.pack("A>a", CASSANDRARESP, "login")) then if (loginresp ~= CASSANDRARESP .. string.pack(">s4", "login")) then
return false, "protocol error" return false, "protocol error"
end end

24
nselib/drda.lua
View File

@@ -58,7 +58,6 @@
-- x Apache Derby -- x Apache Derby
-- x IBM Informix Dynamic Server -- x IBM Informix Dynamic Server
local bin = require "bin"
local match = require "match" local match = require "match"
local nmap = require "nmap" local nmap = require "nmap"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -229,11 +228,13 @@ DRDA = {
return nil return nil
end end
local data = bin.pack(">SCCSSS", self.DDM.Length, self.DDM.Magic, self.DDM.Format, self.DDM.CorelId, self.DDM.Length2, self.DDM.CodePoint ) local data = {
string.pack(">I2BBI2I2I2", self.DDM.Length, self.DDM.Magic, self.DDM.Format, self.DDM.CorelId, self.DDM.Length2, self.DDM.CodePoint )
}
for k,v in ipairs(self.Parameters) do for k,v in ipairs(self.Parameters) do
data = data .. tostring(v) data[#data+1] = tostring(v)
end end
return data return table.concat(data)
end, end,
--- Sends the DRDA over the db2socket --- Sends the DRDA over the db2socket
@@ -305,7 +306,7 @@ DRDAParameter = {
-- --
-- @return data string containing the DRDA Parameter -- @return data string containing the DRDA Parameter
__tostring = function( self ) __tostring = function( self )
return bin.pack(">SSA", self.Length, self.CodePoint, self.Data or "" ) return string.pack(">I2I2", self.Length, self.CodePoint) .. (self.Data or "")
end, end,
--- Builds a DRDA Parameter from a string --- Builds a DRDA Parameter from a string
@@ -317,13 +318,10 @@ DRDAParameter = {
if( #data < 4 ) then if( #data < 4 ) then
return -1 return -1
end end
pos, self.Length, self.CodePoint = bin.unpack( ">SS", data, pos ) self.Length, self.CodePoint, pos = string.unpack( ">I2I2", data, pos )
-- make sure the Length is assigned a value even though 0(nil) is returned
self.Length = self.Length or 0
if ( self.Length > 0 ) then if ( self.Length > 0 ) then
pos, self.Data = bin.unpack("A" .. self.Length - 4, data, pos ) self.Data, pos = string.unpack("c" .. self.Length - 4, data, pos )
end end
return pos return pos
end, end,
@@ -381,7 +379,7 @@ DDM = {
--- Converts the DDM object to a string --- Converts the DDM object to a string
__tostring = function( self ) __tostring = function( self )
return bin.pack(">SCCSSS", self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint) return string.pack(">I2BBI2I2I2", self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint)
end, end,
--- Constructs a DDM object from a string --- Constructs a DDM object from a string
@@ -395,7 +393,7 @@ DDM = {
return -1, ("drda.DDM.fromString: str was less than DDM_SIZE (%d)"):format( DDM_SIZE ) return -1, ("drda.DDM.fromString: str was less than DDM_SIZE (%d)"):format( DDM_SIZE )
end end
pos, self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint = bin.unpack( ">SCCSSS", str ) self.Length, self.Magic, self.Format, self.CorelId, self.Length2, self.CodePoint, pos = string.unpack( ">I2BBI2I2I2", str )
return pos return pos
end, end,
@@ -617,7 +615,7 @@ Helper = {
return false, "ERROR: Response did not contain any valid security mechanisms" return false, "ERROR: Response did not contain any valid security mechanisms"
end end
if ( select(2, bin.unpack(">S", param:getData())) ~= SecMec.USER_PASSWORD ) then if ( string.unpack(">I2", param:getData()) ~= SecMec.USER_PASSWORD ) then
stdnse.debug1("drda.Helper.login: ERROR: Securite Mechanism not supported") stdnse.debug1("drda.Helper.login: ERROR: Securite Mechanism not supported")
return false, "ERROR: Security mechanism not supported" return false, "ERROR: Security mechanism not supported"
end end

25
nselib/iax2.lua
View File

@@ -5,11 +5,11 @@
-- @author Patrik Karlsson <patrik@cqure.net> -- @author Patrik Karlsson <patrik@cqure.net>
-- --
local bin = require "bin"
local math = require "math" local math = require "math"
local nmap = require "nmap" local nmap = require "nmap"
local os = require "os" local os = require "os"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string"
local openssl = stdnse.silent_require "openssl" local openssl = stdnse.silent_require "openssl"
local table = require "table" local table = require "table"
_ENV = stdnse.module("iax2", stdnse.seeall) _ENV = stdnse.module("iax2", stdnse.seeall)
@@ -72,26 +72,25 @@ IAX2 = {
-- @return header instance of Header -- @return header instance of Header
parse = function(data) parse = function(data)
local header = IAX2.Header:new() local header = IAX2.Header:new()
local pos, frame_type = bin.unpack("C", data) local frame_type, pos = string.unpack("B", data)
if ( (frame_type & 0x80) == 0 ) then if ( (frame_type & 0x80) == 0 ) then
print("frame_type", stdnse.tohex(frame_type)) print("frame_type", stdnse.tohex(frame_type))
stdnse.debug2("Frametype not supported") stdnse.debug2("Frametype not supported")
return return
end end
header.type = IAX2.PacketType.FULL header.type = IAX2.PacketType.FULL
pos, header.src_call = bin.unpack(">S", data) header.src_call, pos = string.unpack(">I2", data)
header.src_call = (header.src_call & 0x7FFF) header.src_call = (header.src_call & 0x7FFF)
local retrans local retrans = string.unpack("B", data, pos)
pos, retrans = bin.unpack("C", data, pos)
if ( (retrans & 0x80) == 8 ) then if ( (retrans & 0x80) == 8 ) then
header.retrans = true header.retrans = true
end end
pos, header.dst_call = bin.unpack(">S", data, pos - 1) header.dst_call, pos = string.unpack(">I2", data, pos)
header.dst_call = (header.dst_call & 0x7FFF) header.dst_call = (header.dst_call & 0x7FFF)
pos, header.timestamp, header.oseqno, header.timestamp, header.oseqno,
header.iseqno, header.frametype, header.subclass = bin.unpack(">ICCCC", data, pos) header.iseqno, header.frametype, header.subclass, pos = string.unpack(">I4BBBB", data, pos)
return header return header
end, end,
@@ -109,7 +108,7 @@ IAX2 = {
if ( self.retrans ) then if ( self.retrans ) then
dst_call = dst_call + 32768 dst_call = dst_call + 32768
end end
return bin.pack(">SSICCCC", src_call, dst_call, self.timestamp, return string.pack(">I2I2 I4BBBB", src_call, dst_call, self.timestamp,
self.oseqno, self.iseqno, self.frametype, self.subclass) self.oseqno, self.iseqno, self.frametype, self.subclass)
end, end,
}, },
@@ -155,12 +154,12 @@ IAX2 = {
-- Converts the instance to a string -- Converts the instance to a string
-- @return str containing the instance -- @return str containing the instance
__tostring = function(self) __tostring = function(self)
local data = "" local data = {}
for _, ie in ipairs(self.ies) do for _, ie in ipairs(self.ies) do
data = data .. bin.pack("Cp", ie.type, ie.value ) data[#data+1] = string.pack("Bs1", ie.type, ie.value )
end end
return tostring(self.header) .. data return tostring(self.header) .. table.concat(data)
end, end,
}, },
@@ -213,7 +212,7 @@ IAX2 = {
resp.ies = {} resp.ies = {}
repeat repeat
local ie = {} local ie = {}
pos, ie.type, ie.value = bin.unpack(">Cp", data, pos) ie.type, ie.value, pos = string.unpack(">Bs1", data, pos)
table.insert(resp.ies, ie) table.insert(resp.ies, ie)
until( pos > #data ) until( pos > #data )
return resp return resp

2
scripts/broadcast-ping.nse
View File

@@ -115,7 +115,7 @@ local icmp_packet = function(srcIP, dstIP, ttl, data_length, mtu, seqNo, icmp_id
20 + #icmp_msg, -- total length 20 + #icmp_msg, -- total length
0) -- IP ID 0) -- IP ID
.. "\x40\x00" -- DF .. "\x40\x00" -- DF
.. string.pack("CC", .. string.pack("BB",
ttl, ttl,
1 -- ICMP 1 -- ICMP
) )