PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove bin.lua from a few more libs

Browse Source
This commit is contained in:
dmiller
2018-09-11 19:20:16 +00:00
parent 00c65bc013
commit dc1e484ad0
3 changed files with 75 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
nselib/pppoe.lua
View File

@@ -21,8 +21,7 @@
-- @author Patrik Karlsson <patrik@cqure.net> -- @author Patrik Karlsson <patrik@cqure.net>
-- --
local bin = require "bin" local rand = require "rand"
local math = require "math"
local nmap = require "nmap" local nmap = require "nmap"
local packet = require "packet" local packet = require "packet"
local stdnse = require "stdnse" local stdnse = require "stdnse"
@@ -73,12 +72,12 @@ LCP = {
-- @return o instance of ConfigOption -- @return o instance of ConfigOption
parse = function(data) parse = function(data)
local opt, pos, len = {}, 1, 0 local opt, pos, len = {}, 1, 0
pos, opt.option, len = bin.unpack("CC", data, pos) opt.option, len, pos = string.unpack("BB", data, pos)
pos, opt.raw = bin.unpack("A" .. ( len - 2 ), data, pos) opt.raw, pos = string.unpack("c" .. ( len - 2 ), data, pos)
-- MRU -- MRU
if ( 1 == opt.option ) then if ( 1 == opt.option ) then
opt.value = select(2, bin.unpack(">S", opt.raw)) opt.value = string.unpack(">I2", opt.raw)
end end
return LCP.ConfigOption:new(opt.option, opt.value, opt.raw) return LCP.ConfigOption:new(opt.option, opt.value, opt.raw)
end, end,
@@ -88,9 +87,9 @@ LCP = {
__tostring = function(self) __tostring = function(self)
-- MRU -- MRU
if ( self.raw ) then if ( self.raw ) then
return bin.pack(">CCA", self.option, #self.raw + 2, self.raw ) return string.pack(">BB", self.option, #self.raw + 2) .. self.raw
elseif( 1 == self.option ) then elseif( 1 == self.option ) then
return bin.pack(">CCS", 1, 4, self.value) return string.pack(">BBI2", 1, 4, self.value)
else else
error( ("Unsupported configuration option %d"):format(self.option) ) error( ("Unsupported configuration option %d"):format(self.option) )
end end
@@ -146,9 +145,9 @@ LCP = {
local pos, opt, opt_val, len local pos, opt, opt_val, len
repeat repeat
pos, opt, len = bin.unpack(">CC", data, pos) opt, len, pos = string.unpack(">BB", data, pos)
if ( 0 == opt ) then break end if ( 0 == opt ) then break end
pos, opt_val = bin.unpack("A"..len, data, (pos - 2)) opt_val, pos = string.unpack("c"..len, data, (pos - 2))
options:add(LCP.ConfigOption.parse(opt_val)) options:add(LCP.ConfigOption.parse(opt_val))
until( pos == #data ) until( pos == #data )
return options return options
@@ -207,15 +206,14 @@ LCP = {
-- @return o instance of ConfigOption -- @return o instance of ConfigOption
parse = function(data) parse = function(data)
local header = LCP.Header:new() local header = LCP.Header:new()
local pos header.code, header.identifier, header.length = string.unpack(">BBI2", data)
pos, header.code, header.identifier, header.length = bin.unpack(">CCS", data)
return header return header
end, end,
-- Converts the class instance to string -- Converts the class instance to string
-- @return string containing the raw config option -- @return string containing the raw config option
__tostring = function(self) __tostring = function(self)
return bin.pack(">CCS", self.code, self.identifier, self.length) return string.pack(">BBI2", self.code, self.identifier, self.length)
end, end,
}, },
@@ -392,9 +390,9 @@ PPPoE = {
-- @param data string containing raw bytes to parse -- @param data string containing raw bytes to parse
-- @return o instance of Header -- @return o instance of Header
parse = function(data) parse = function(data)
local pos, vertyp
local header = PPPoE.Header:new() local header = PPPoE.Header:new()
pos, vertyp, header.code, header.session, header.length = bin.unpack(">CCSS", data) local vertyp
vertyp, header.code, header.session, header.length = string.unpack(">BBI2I2", data)
header.version = (vertyp >> 4) header.version = (vertyp >> 4)
header.type = (vertyp & 0x0F) header.type = (vertyp & 0x0F)
return header return header
@@ -404,7 +402,7 @@ PPPoE = {
-- @return string containing the raw config option -- @return string containing the raw config option
__tostring = function(self) __tostring = function(self)
local vertype = (self.version << 4) + self.type local vertype = (self.version << 4) + self.type
return bin.pack(">CCSS", vertype, self.code, self.session, self.length) return string.pack(">BBI2I2", vertype, self.code, self.session, self.length)
end, end,
@@ -427,7 +425,7 @@ PPPoE = {
-- Converts the instance to string -- Converts the instance to string
-- @return string containing the raw config option -- @return string containing the raw config option
__tostring = function(self) __tostring = function(self)
return bin.pack(">SSA", self.tag, #self.value, self.value) return string.pack(">I2s2", self.tag, self.value)
end, end,
}, },
@@ -438,10 +436,7 @@ PPPoE = {
-- @param value string/number containing the tag value -- @param value string/number containing the tag value
-- @return o instance of ConfigNak -- @return o instance of ConfigNak
new = function(self, tags) new = function(self, tags)
local c = "" local c = rand.random_string(8)
for i=1, 4 do
c = c .. math.random(255)
end
local o = { local o = {
header = PPPoE.Header:new(PPPoE.Code.PADI), header = PPPoE.Header:new(PPPoE.Code.PADI),
@@ -489,14 +484,12 @@ PPPoE = {
pado.data = data:sub(pos) pado.data = data:sub(pos)
repeat repeat
local tag, len, decoded, raw local tag, raw
pos, tag, len = bin.unpack(">SS", data, pos) tag, raw, pos = string.unpack(">I2s2", pos)
raw = select(2, bin.unpack("A" .. len, data, pos))
if ( PPPoE.TagDecoder[tag] ) then if ( PPPoE.TagDecoder[tag] ) then
pos, decoded = PPPoE.TagDecoder[tag](data, pos, len) decoded = PPPoE.TagDecoder[tag](raw)
else else
stdnse.debug1("PPPoE: Unsupported tag (%d)", tag) stdnse.debug1("PPPoE: Unsupported tag (%d)", tag)
pos = pos + len
end end
local t = PPPoE.Tag:new(tag, raw) local t = PPPoE.Tag:new(tag, raw)
t.decoded = decoded t.decoded = decoded
@@ -621,7 +614,7 @@ PPPoE = {
__tostring = function(self) __tostring = function(self)
-- 2 for the encapsulation -- 2 for the encapsulation
self.header.length = 2 + 4 + #self.data self.header.length = 2 + 4 + #self.data
return tostring(self.header) .. bin.pack(">S", 0xC021) .. self.data return tostring(self.header) .. "\xC0\x21" .. self.data
end, end,
} }
@@ -631,8 +624,8 @@ PPPoE = {
-- A bunch of tag decoders -- A bunch of tag decoders
PPPoE.TagDecoder = {} PPPoE.TagDecoder = {}
PPPoE.TagDecoder.decodeHex = function(data, pos, len) return pos + len, stdnse.tohex(data:sub(pos, pos+len)) end PPPoE.TagDecoder.decodeHex = stdnse.tohex
PPPoE.TagDecoder.decodeStr = function(data, pos, len) return pos + len, data:sub(pos, pos + len - 1) end PPPoE.TagDecoder.decodeStr = function(data) return data end
PPPoE.TagDecoder[PPPoE.TagType.SERVICE_NAME] = PPPoE.TagDecoder.decodeStr PPPoE.TagDecoder[PPPoE.TagType.SERVICE_NAME] = PPPoE.TagDecoder.decodeStr
PPPoE.TagDecoder[PPPoE.TagType.AC_NAME] = PPPoE.TagDecoder.decodeStr PPPoE.TagDecoder[PPPoE.TagType.AC_NAME] = PPPoE.TagDecoder.decodeStr
PPPoE.TagDecoder[PPPoE.TagType.AC_COOKIE] = PPPoE.TagDecoder.decodeHex PPPoE.TagDecoder[PPPoE.TagType.AC_COOKIE] = PPPoE.TagDecoder.decodeHex
@@ -663,10 +656,7 @@ Comm = {
self.socket = nmap.new_socket() self.socket = nmap.new_socket()
self.socket:set_timeout(10000) self.socket:set_timeout(10000)
-- there's probably a more elegant way of doing this local mac = stdnse.format_mac(self.src_mac)
local mac = {}
for i=1, #self.src_mac do table.insert(mac, select(2,bin.unpack("H", self.src_mac, i))) end
mac = stdnse.strjoin(":", mac)
-- let's set a filter on PPPoE we can then check what packet is ours, -- let's set a filter on PPPoE we can then check what packet is ours,
-- based on the HOST_UNIQUE tag, if we need to -- based on the HOST_UNIQUE tag, if we need to
@@ -679,7 +669,7 @@ Comm = {
-- @return status true on success, false on failure -- @return status true on success, false on failure
send = function(self, data) send = function(self, data)
local eth_type = ( data.header.code == PPPoE.Code.SESSION_DATA ) and 0x8864 or 0x8863 local eth_type = ( data.header.code == PPPoE.Code.SESSION_DATA ) and 0x8864 or 0x8863
local ether = bin.pack(">AAS", self.dst_mac, self.src_mac, eth_type) local ether = self.dst_mac .. self.src_mac .. string.pack(">I2", eth_type)
local p = packet.Frame:new(ether .. tostring(data)) local p = packet.Frame:new(ether .. tostring(data))
local sock = nmap.new_dnet() local sock = nmap.new_dnet()
@@ -805,7 +795,7 @@ Helper = {
-- @return pado instance of PADO on success, err string on failure -- @return pado instance of PADO on success, err string on failure
discoverInit = function(self) discoverInit = function(self)
local padi = PPPoE.PADI:new() local padi = PPPoE.PADI:new()
self.comm.dst_mac = bin.pack("H", "FF FF FF FF FF FF") self.comm.dst_mac = ("\xFF"):rep(6)
local status, err = self.comm:send(padi) local status, err = self.comm:send(padi)
if ( not(status) ) then if ( not(status) ) then
return false, err return false, err
@@ -895,10 +885,10 @@ Helper = {
local AuthMethod = { local AuthMethod = {
methods = { methods = {
{ name = "EAP", value = bin.pack("H", "C227") }, { name = "EAP", value = "\xC2\x27" },
{ name = "MSCHAPv1", value = bin.pack("H", "C22380") }, { name = "MSCHAPv1", value = "\xC2\x23\x80" },
{ name = "MSCHAPv2", value = bin.pack("H", "C22381") }, { name = "MSCHAPv2", value = "\xC2\x23\x81" },
{ name = "PAP", value = bin.pack("H", "C023") }, { name = "PAP", value = "\xC0\x23" },
} }
} }

49
nselib/rdp.lua
View File

@@ -7,9 +7,9 @@
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
-- --
local bin = require("bin")
local nmap = require("nmap") local nmap = require("nmap")
local stdnse = require("stdnse") local stdnse = require("stdnse")
local string = require "string"
_ENV = stdnse.module("rdp", stdnse.seeall) _ENV = stdnse.module("rdp", stdnse.seeall)
Packet = { Packet = {
@@ -24,20 +24,19 @@ Packet = {
end, end,
__tostring = function(self) __tostring = function(self)
return bin.pack(">CCSA", return string.pack(">BBI2",
self.version, self.version,
self.reserved or 0, self.reserved or 0,
(self.data and #self.data + 4 or 4), (self.data and #self.data + 4 or 4))
self.data ..self.data
)
end, end,
parse = function(data) parse = function(data)
local tpkt = Packet.TPKT:new() local tpkt = Packet.TPKT:new()
local pos local pos
pos, tpkt.version, tpkt.reserved, tpkt.length = bin.unpack(">CCS", data) tpkt.version, tpkt.reserved, tpkt.length, pos = string.unpack(">BBI2", data)
pos, tpkt.data = bin.unpack("A" .. (#data - pos), data, pos) tpkt.data = data:sub(pos)
return tpkt return tpkt
end end
}, },
@@ -55,15 +54,15 @@ Packet = {
local itut = Packet.ITUT:new() local itut = Packet.ITUT:new()
local pos local pos
pos, itut.length, itut.code = bin.unpack("CC", data) itut.length, itut.code, pos = string.unpack("BB", data)
if ( itut.code == 0xF0 ) then if ( itut.code == 0xF0 ) then
pos, itut.eot = bin.unpack("C", data, pos) itut.eot, pos = string.unpack("B", data, pos)
elseif ( itut.code == 0xD0 ) then elseif ( itut.code == 0xD0 ) then
pos, itut.dstref, itut.srcref, itut.class = bin.unpack(">SSC", data, pos) itut.dstref, itut.srcref, itut.class, pos = string.unpack(">I2I2B", data, pos)
end end
pos, itut.data = bin.unpack("A" .. (#data - pos), data, pos) itut.data = data:sub(pos)
return itut return itut
end, end,
@@ -76,13 +75,13 @@ Packet = {
eot = "" eot = ""
len = #self.data + 1 len = #self.data + 1
end end
local data = bin.pack("CCA", local data = string.pack("BB",
len, len,
self.code or 0, self.code or 0)
eot .. eot
) .. self.data
return data .. self.data return data
end, end,
}, },
@@ -105,14 +104,14 @@ Request = {
local itpkt_len = 21 + #cookie local itpkt_len = 21 + #cookie
local itut_len = 16 + #cookie local itut_len = 16 + #cookie
local data = bin.pack(">SSCA", local data = string.pack(">I2I2B",
0x0000, -- dst reference 0x0000, -- dst reference
0x0000, -- src reference 0x0000, -- src reference
0x00, -- class and options 0x00) -- class and options
("Cookie: %s\r\n"):format(cookie)) .. ("Cookie: %s\r\n"):format(cookie)
if ( self.proto ) then if ( self.proto ) then
data = data .. bin.pack("<CCSI", data = data .. string.pack("<BBI2I4",
0x01, -- TYPE_RDP_NEG_REQ 0x01, -- TYPE_RDP_NEG_REQ
0x00, -- flags 0x00, -- flags
0x0008, -- length 0x0008, -- length
@@ -134,7 +133,7 @@ Request = {
__tostring = function(self) __tostring = function(self)
local data = bin.pack("<HIH", local data = stdnse.fromhex(
"7f 65" .. -- BER: Application-Defined Type = APPLICATION 101, "7f 65" .. -- BER: Application-Defined Type = APPLICATION 101,
"82 01 90" .. -- BER: Type Length = 404 bytes "82 01 90" .. -- BER: Type Length = 404 bytes
"04 01 01" .. -- Connect-Initial::callingDomainSelector "04 01 01" .. -- Connect-Initial::callingDomainSelector
@@ -204,9 +203,9 @@ Request = {
"04 c0 0c 00" .. -- TS_UD_HEADER::type = CS_CLUSTER (0xc004), length = 12 bytes "04 c0 0c 00" .. -- TS_UD_HEADER::type = CS_CLUSTER (0xc004), length = 12 bytes
"09 00 00 00" .. -- TS_UD_CS_CLUSTER::Flags = 0x0d "09 00 00 00" .. -- TS_UD_CS_CLUSTER::Flags = 0x0d
"00 00 00 00" .. -- TS_UD_CS_CLUSTER::RedirectedSessionID "00 00 00 00" .. -- TS_UD_CS_CLUSTER::RedirectedSessionID
"02 c0 0c 00", -- TS_UD_HEADER::type = CS_SECURITY (0xc002), length = 12 bytes "02 c0 0c 00") -- TS_UD_HEADER::type = CS_SECURITY (0xc002), length = 12 bytes
-- "1b 00 00 00" .. -- TS_UD_CS_SEC::encryptionMethods -- "1b 00 00 00" .. -- TS_UD_CS_SEC::encryptionMethods
self.cipher or 0, .. string.pack("<I4", self.cipher or 0) .. stdnse.fromhex(
"00 00 00 00" .. -- TS_UD_CS_SEC::extEncryptionMethods "00 00 00 00" .. -- TS_UD_CS_SEC::extEncryptionMethods
"03 c0 2c 00" .. -- TS_UD_HEADER::type = CS_NET (0xc003), length = 44 bytes "03 c0 2c 00" .. -- TS_UD_HEADER::type = CS_NET (0xc003), length = 44 bytes
"03 00 00 00" .. -- TS_UD_CS_NET::channelCount = 3 "03 00 00 00" .. -- TS_UD_CS_NET::channelCount = 3
@@ -220,8 +219,6 @@ Request = {
return tostring(Packet.TPKT:new(Packet.ITUT:new(0xF0, data))) return tostring(Packet.TPKT:new(Packet.ITUT:new(0xF0, data)))
end end
} }
} }
@@ -330,7 +327,7 @@ Comm = {
return false, "Packet too short" return false, "Packet too short"
end end
local pos, itut_code = bin.unpack("C", data, 6) local itut_code = string.byte(data, 6)
if ( itut_code == 0xD0 ) then if ( itut_code == 0xD0 ) then
stdnse.debug2("RDP: Received ConnectionConfirm response") stdnse.debug2("RDP: Received ConnectionConfirm response")
return true, Response.ConnectionConfirm.parse(data) return true, Response.ConnectionConfirm.parse(data)

51
nselib/smbauth.lua
View File

@@ -80,7 +80,6 @@
-- For information, see <code>smbauth.lua</code>. -- For information, see <code>smbauth.lua</code>.
--@args smbnoguest Use to disable usage of the 'guest' account. --@args smbnoguest Use to disable usage of the 'guest' account.
local bin = require "bin"
local nmap = require "nmap" local nmap = require "nmap"
local stdnse = require "stdnse" local stdnse = require "stdnse"
local string = require "string" local string = require "string"
@@ -656,16 +655,16 @@ function get_password_response(ip, username, domain, password, password_hash, ha
if(password_hash ~= nil) then if(password_hash ~= nil) then
if(string.find(password_hash, "^" .. string.rep("%x%x", 16) .. "$")) then if(string.find(password_hash, "^" .. string.rep("%x%x", 16) .. "$")) then
stdnse.debug2("SMB: Found a 16-byte hex string") stdnse.debug2("SMB: Found a 16-byte hex string")
lm_hash = bin.pack("H", password_hash:sub(1, 32)) lm_hash = stdnse.fromhex(password_hash:sub(1, 32))
ntlm_hash = bin.pack("H", password_hash:sub(1, 32)) ntlm_hash = stdnse.fromhex(password_hash:sub(1, 32))
elseif(string.find(password_hash, "^" .. string.rep("%x%x", 32) .. "$")) then elseif(string.find(password_hash, "^" .. string.rep("%x%x", 32) .. "$")) then
stdnse.debug2("SMB: Found a 32-byte hex string") stdnse.debug2("SMB: Found a 32-byte hex string")
lm_hash = bin.pack("H", password_hash:sub(1, 32)) lm_hash = stdnse.fromhex(password_hash:sub(1, 32))
ntlm_hash = bin.pack("H", password_hash:sub(33, 64)) ntlm_hash = stdnse.fromhex(password_hash:sub(33, 64))
elseif(string.find(password_hash, "^" .. string.rep("%x%x", 16) .. "." .. string.rep("%x%x", 16) .. "$")) then elseif(string.find(password_hash, "^" .. string.rep("%x%x", 16) .. "." .. string.rep("%x%x", 16) .. "$")) then
stdnse.debug2("SMB: Found two 16-byte hex strings") stdnse.debug2("SMB: Found two 16-byte hex strings")
lm_hash = bin.pack("H", password_hash:sub(1, 32)) lm_hash = stdnse.fromhex(password_hash:sub(1, 32))
ntlm_hash = bin.pack("H", password_hash:sub(34, 65)) ntlm_hash = stdnse.fromhex(password_hash:sub(34, 65))
else else
stdnse.debug1("SMB: ERROR: Hash(es) provided in an invalid format (should be 32, 64, or 65 hex characters)") stdnse.debug1("SMB: ERROR: Hash(es) provided in an invalid format (should be 32, 64, or 65 hex characters)")
lm_hash = nil lm_hash = nil
@@ -761,7 +760,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
if(security_blob == nil) then if(security_blob == nil) then
-- If security_blob is nil, this is the initial packet -- If security_blob is nil, this is the initial packet
new_blob = bin.pack("<zIILL", new_blob = string.pack("<zI4I4I8I8",
"NTLMSSP", -- Identifier "NTLMSSP", -- Identifier
NTLMSSP_NEGOTIATE, -- Type NTLMSSP_NEGOTIATE, -- Type
flags, -- Flags flags, -- Flags
@@ -772,7 +771,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
return true, new_blob, "", "" return true, new_blob, "", ""
else else
-- Parse the old security blob -- Parse the old security blob
local pos, identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, reserved = bin.unpack("<LISSIIA8A8", security_blob, 1) local identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, reserved = string.unpack("<I8I4I2I2I4I4c8c8", security_blob)
local lanman, ntlm, mac_key = get_password_response(ip, username, domain, password, password_hash, hash_type, challenge, true) local lanman, ntlm, mac_key = get_password_response(ip, username, domain, password, password_hash, hash_type, challenge, true)
-- Convert the username and domain to unicode (TODO: Disable the unicode flag, evaluate if that'll work) -- Convert the username and domain to unicode (TODO: Disable the unicode flag, evaluate if that'll work)
@@ -789,7 +788,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
local ntlm_offset = lanman_offset + #lanman local ntlm_offset = lanman_offset + #lanman
local sessionkey_offset = ntlm_offset + #ntlm local sessionkey_offset = ntlm_offset + #ntlm
new_blob = bin.pack("<zISSISSISSISSISSISSIIAAAAAA", new_blob = string.pack("<zI4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I4",
"NTLMSSP", "NTLMSSP",
NTLMSSP_AUTH, NTLMSSP_AUTH,
#lanman, #lanman,
@@ -810,13 +809,13 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
#session_key, #session_key,
#session_key, #session_key,
sessionkey_offset, sessionkey_offset,
flags, flags)
domain, .. domain
username, .. username
hostname, .. hostname
lanman, .. lanman
ntlm, .. ntlm
session_key) .. session_key
return true, new_blob, mac_key return true, new_blob, mac_key
end end
@@ -841,7 +840,7 @@ end
-- @return A host_info table containing the data in the blob. -- @return A host_info table containing the data in the blob.
-- @see host_info -- @see host_info
function get_host_info_from_security_blob(security_blob) function get_host_info_from_security_blob(security_blob)
local hpos, identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge = bin.unpack("<A8ISSIIL", security_blob) local identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, hpos = string.unpack("<c8I4 I2I2I4 I4I8", security_blob)
-- Do some validation on the NTLMSSP message -- Do some validation on the NTLMSSP message
if ( identifier ~= "NTLMSSP\0" ) then if ( identifier ~= "NTLMSSP\0" ) then
@@ -860,7 +859,7 @@ function get_host_info_from_security_blob(security_blob)
local length = domain_length local length = domain_length
local pos = domain_offset + 1 -- +1 to convert to Lua's 1-based indexes local pos = domain_offset + 1 -- +1 to convert to Lua's 1-based indexes
local target_realm local target_realm
pos, target_realm = bin.unpack( string.format( "A%d", length ), security_blob, pos ) target_realm = string.unpack("c" .. length, security_blob, pos )
ntlm_challenge[ "target_realm" ] = unicode.utf16to8( target_realm ) ntlm_challenge[ "target_realm" ] = unicode.utf16to8( target_realm )
end end
@@ -870,11 +869,11 @@ function get_host_info_from_security_blob(security_blob)
return ntlm_challenge return ntlm_challenge
end end
local hpos, context, target_info_length, target_info_max, target_info_offset = bin.unpack("<LSSI", security_blob, hpos) local context, target_info_length, target_info_max, target_info_offset, hpos = string.unpack("<I8 I2I2I4", security_blob, hpos)
-- OS info is in the intervening 8 bytes, subtract 1 for lua 1-index -- OS info is in the intervening 8 bytes, subtract 1 for lua 1-index
if target_info_offset >= hpos + 7 and domain_offset >= hpos + 7 then if target_info_offset >= hpos + 7 and domain_offset >= hpos + 7 then
local hpos, major, minor, build, reserved = bin.unpack("<CCSA4", security_blob, hpos) local major, minor, build, reserved = string.unpack("<BBI2c4", security_blob, hpos)
if reserved == "\0\0\0\x0f" then if reserved == "\0\0\0\x0f" then
ntlm_challenge.os_major_version = major ntlm_challenge.os_major_version = major
ntlm_challenge.os_minor_version = minor ntlm_challenge.os_minor_version = minor
@@ -917,21 +916,19 @@ function get_host_info_from_security_blob(security_blob)
local length = target_info_length local length = target_info_length
local pos = target_info_offset + 1 -- +1 to convert to Lua's 1-based indexes local pos = target_info_offset + 1 -- +1 to convert to Lua's 1-based indexes
local target_info local target_info
pos, target_info = bin.unpack( string.format( "A%d", length ), security_blob, pos ) target_info = string.unpack("c" .. length, security_blob, pos)
pos = 1 -- reset pos to 1, since we'll be working out of just the target_info pos = 1 -- reset pos to 1, since we'll be working out of just the target_info
repeat repeat
local value, av_id, av_len local value, av_id
pos, av_id, av_len = bin.unpack( "<SS", target_info, pos ) av_id, value, pos = string.unpack( "<I2s2", target_info, pos )
pos, value = bin.unpack( string.format( "A%d", av_len ), target_info, pos )
local friendly_name = NTLM_AV_ID_NAMES[ av_id ] local friendly_name = NTLM_AV_ID_NAMES[ av_id ]
if ( av_id == NTLM_AV_ID_VALUES.MsvAvEOL ) then if ( av_id == NTLM_AV_ID_VALUES.MsvAvEOL ) then
break break
elseif ( av_id == NTLM_AV_ID_VALUES.MsvAvTimestamp ) then elseif ( av_id == NTLM_AV_ID_VALUES.MsvAvTimestamp ) then
-- this is a FILETIME value (see [MS-DTYP]), representing the time in 100-ns increments since 1/1/1601 -- this is a FILETIME value (see [MS-DTYP]), representing the time in 100-ns increments since 1/1/1601
local _ ntlm_challenge[ friendly_name ] = string.unpack( "<I8", value )
_, ntlm_challenge[ friendly_name ] = bin.unpack( "<L", value )
elseif ( friendly_name ) then elseif ( friendly_name ) then
ntlm_challenge[ friendly_name ] = unicode.utf16to8( value ) ntlm_challenge[ friendly_name ] = unicode.utf16to8( value )
end end