PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 14:11:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove bin.lua from a few more libs

Browse Source
This commit is contained in:
dmiller
2018-09-11 19:20:16 +00:00
parent 00c65bc013
commit dc1e484ad0
3 changed files with 75 additions and 91 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
nselib/pppoe.lua
View File

@@ -21,8 +21,7 @@
-- @author Patrik Karlsson <patrik@cqure.net>
--
local bin = require "bin"
local math = require "math"
local rand = require "rand"
local nmap = require "nmap"
local packet = require "packet"
local stdnse = require "stdnse"
@@ -73,12 +72,12 @@ LCP = {
-- @return o instance of ConfigOption
parse = function(data)
local opt, pos, len = {}, 1, 0
pos, opt.option, len = bin.unpack("CC", data, pos)
pos, opt.raw = bin.unpack("A" .. ( len - 2 ), data, pos)
opt.option, len, pos = string.unpack("BB", data, pos)
opt.raw, pos = string.unpack("c" .. ( len - 2 ), data, pos)
-- MRU
if ( 1 == opt.option ) then
opt.value = select(2, bin.unpack(">S", opt.raw))
opt.value = string.unpack(">I2", opt.raw)
end
return LCP.ConfigOption:new(opt.option, opt.value, opt.raw)
end,
@@ -88,9 +87,9 @@ LCP = {
__tostring = function(self)
-- MRU
if ( self.raw ) then
return bin.pack(">CCA", self.option, #self.raw + 2, self.raw )
return string.pack(">BB", self.option, #self.raw + 2) .. self.raw
elseif( 1 == self.option ) then
return bin.pack(">CCS", 1, 4, self.value)
return string.pack(">BBI2", 1, 4, self.value)
else
error( ("Unsupported configuration option %d"):format(self.option) )
end
@@ -146,9 +145,9 @@ LCP = {
local pos, opt, opt_val, len
repeat
pos, opt, len = bin.unpack(">CC", data, pos)
opt, len, pos = string.unpack(">BB", data, pos)
if ( 0 == opt ) then break end
pos, opt_val = bin.unpack("A"..len, data, (pos - 2))
opt_val, pos = string.unpack("c"..len, data, (pos - 2))
options:add(LCP.ConfigOption.parse(opt_val))
until( pos == #data )
return options
@@ -207,15 +206,14 @@ LCP = {
-- @return o instance of ConfigOption
parse = function(data)
local header = LCP.Header:new()
local pos
pos, header.code, header.identifier, header.length = bin.unpack(">CCS", data)
header.code, header.identifier, header.length = string.unpack(">BBI2", data)
return header
end,
-- Converts the class instance to string
-- @return string containing the raw config option
__tostring = function(self)
return bin.pack(">CCS", self.code, self.identifier, self.length)
return string.pack(">BBI2", self.code, self.identifier, self.length)
end,
},
@@ -392,9 +390,9 @@ PPPoE = {
-- @param data string containing raw bytes to parse
-- @return o instance of Header
parse = function(data)
local pos, vertyp
local header = PPPoE.Header:new()
pos, vertyp, header.code, header.session, header.length = bin.unpack(">CCSS", data)
local vertyp
vertyp, header.code, header.session, header.length = string.unpack(">BBI2I2", data)
header.version = (vertyp >> 4)
header.type = (vertyp & 0x0F)
return header
@@ -404,7 +402,7 @@ PPPoE = {
-- @return string containing the raw config option
__tostring = function(self)
local vertype = (self.version << 4) + self.type
return bin.pack(">CCSS", vertype, self.code, self.session, self.length)
return string.pack(">BBI2I2", vertype, self.code, self.session, self.length)
end,
@@ -427,7 +425,7 @@ PPPoE = {
-- Converts the instance to string
-- @return string containing the raw config option
__tostring = function(self)
return bin.pack(">SSA", self.tag, #self.value, self.value)
return string.pack(">I2s2", self.tag, self.value)
end,
},
@@ -438,10 +436,7 @@ PPPoE = {
-- @param value string/number containing the tag value
-- @return o instance of ConfigNak
new = function(self, tags)
local c = ""
for i=1, 4 do
c = c .. math.random(255)
end
local c = rand.random_string(8)
local o = {
header = PPPoE.Header:new(PPPoE.Code.PADI),
@@ -489,14 +484,12 @@ PPPoE = {
pado.data = data:sub(pos)
repeat
local tag, len, decoded, raw
pos, tag, len = bin.unpack(">SS", data, pos)
raw = select(2, bin.unpack("A" .. len, data, pos))
local tag, raw
tag, raw, pos = string.unpack(">I2s2", pos)
if ( PPPoE.TagDecoder[tag] ) then
pos, decoded = PPPoE.TagDecoder[tag](data, pos, len)
decoded = PPPoE.TagDecoder[tag](raw)
else
stdnse.debug1("PPPoE: Unsupported tag (%d)", tag)
pos = pos + len
end
local t = PPPoE.Tag:new(tag, raw)
t.decoded = decoded
@@ -621,7 +614,7 @@ PPPoE = {
__tostring = function(self)
-- 2 for the encapsulation
self.header.length = 2 + 4 + #self.data
return tostring(self.header) .. bin.pack(">S", 0xC021) .. self.data
return tostring(self.header) .. "\xC0\x21" .. self.data
end,
}
@@ -631,8 +624,8 @@ PPPoE = {
-- A bunch of tag decoders
PPPoE.TagDecoder = {}
PPPoE.TagDecoder.decodeHex = function(data, pos, len) return pos + len, stdnse.tohex(data:sub(pos, pos+len)) end
PPPoE.TagDecoder.decodeStr = function(data, pos, len) return pos + len, data:sub(pos, pos + len - 1) end
PPPoE.TagDecoder.decodeHex = stdnse.tohex
PPPoE.TagDecoder.decodeStr = function(data) return data end
PPPoE.TagDecoder[PPPoE.TagType.SERVICE_NAME] = PPPoE.TagDecoder.decodeStr
PPPoE.TagDecoder[PPPoE.TagType.AC_NAME] = PPPoE.TagDecoder.decodeStr
PPPoE.TagDecoder[PPPoE.TagType.AC_COOKIE] = PPPoE.TagDecoder.decodeHex
@@ -663,10 +656,7 @@ Comm = {
self.socket = nmap.new_socket()
self.socket:set_timeout(10000)
-- there's probably a more elegant way of doing this
local mac = {}
for i=1, #self.src_mac do table.insert(mac, select(2,bin.unpack("H", self.src_mac, i))) end
mac = stdnse.strjoin(":", mac)
local mac = stdnse.format_mac(self.src_mac)
-- let's set a filter on PPPoE we can then check what packet is ours,
-- based on the HOST_UNIQUE tag, if we need to
@@ -679,7 +669,7 @@ Comm = {
-- @return status true on success, false on failure
send = function(self, data)
local eth_type = ( data.header.code == PPPoE.Code.SESSION_DATA ) and 0x8864 or 0x8863
local ether = bin.pack(">AAS", self.dst_mac, self.src_mac, eth_type)
local ether = self.dst_mac .. self.src_mac .. string.pack(">I2", eth_type)
local p = packet.Frame:new(ether .. tostring(data))
local sock = nmap.new_dnet()
@@ -805,7 +795,7 @@ Helper = {
-- @return pado instance of PADO on success, err string on failure
discoverInit = function(self)
local padi = PPPoE.PADI:new()
self.comm.dst_mac = bin.pack("H", "FF FF FF FF FF FF")
self.comm.dst_mac = ("\xFF"):rep(6)
local status, err = self.comm:send(padi)
if ( not(status) ) then
return false, err
@@ -895,10 +885,10 @@ Helper = {
local AuthMethod = {
methods = {
{ name = "EAP", value = bin.pack("H", "C227") },
{ name = "MSCHAPv1", value = bin.pack("H", "C22380") },
{ name = "MSCHAPv2", value = bin.pack("H", "C22381") },
{ name = "PAP", value = bin.pack("H", "C023") },
{ name = "EAP", value = "\xC2\x27" },
{ name = "MSCHAPv1", value = "\xC2\x23\x80" },
{ name = "MSCHAPv2", value = "\xC2\x23\x81" },
{ name = "PAP", value = "\xC0\x23" },
}
}

49
nselib/rdp.lua
View File

@@ -7,9 +7,9 @@
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
--
local bin = require("bin")
local nmap = require("nmap")
local stdnse = require("stdnse")
local string = require "string"
_ENV = stdnse.module("rdp", stdnse.seeall)
Packet = {
@@ -24,20 +24,19 @@ Packet = {
end,
__tostring = function(self)
return bin.pack(">CCSA",
return string.pack(">BBI2",
self.version,
self.reserved or 0,
(self.data and #self.data + 4 or 4),
self.data
)
(self.data and #self.data + 4 or 4))
..self.data
end,
parse = function(data)
local tpkt = Packet.TPKT:new()
local pos
pos, tpkt.version, tpkt.reserved, tpkt.length = bin.unpack(">CCS", data)
pos, tpkt.data = bin.unpack("A" .. (#data - pos), data, pos)
tpkt.version, tpkt.reserved, tpkt.length, pos = string.unpack(">BBI2", data)
tpkt.data = data:sub(pos)
return tpkt
end
},
@@ -55,15 +54,15 @@ Packet = {
local itut = Packet.ITUT:new()
local pos
pos, itut.length, itut.code = bin.unpack("CC", data)
itut.length, itut.code, pos = string.unpack("BB", data)
if ( itut.code == 0xF0 ) then
pos, itut.eot = bin.unpack("C", data, pos)
itut.eot, pos = string.unpack("B", data, pos)
elseif ( itut.code == 0xD0 ) then
pos, itut.dstref, itut.srcref, itut.class = bin.unpack(">SSC", data, pos)
itut.dstref, itut.srcref, itut.class, pos = string.unpack(">I2I2B", data, pos)
end
pos, itut.data = bin.unpack("A" .. (#data - pos), data, pos)
itut.data = data:sub(pos)
return itut
end,
@@ -76,13 +75,13 @@ Packet = {
eot = ""
len = #self.data + 1
end
local data = bin.pack("CCA",
local data = string.pack("BB",
len,
self.code or 0,
eot
)
self.code or 0)
.. eot
.. self.data
return data .. self.data
return data
end,
},
@@ -105,14 +104,14 @@ Request = {
local itpkt_len = 21 + #cookie
local itut_len = 16 + #cookie
local data = bin.pack(">SSCA",
local data = string.pack(">I2I2B",
0x0000, -- dst reference
0x0000, -- src reference
0x00, -- class and options
("Cookie: %s\r\n"):format(cookie))
0x00) -- class and options
.. ("Cookie: %s\r\n"):format(cookie)
if ( self.proto ) then
data = data .. bin.pack("<CCSI",
data = data .. string.pack("<BBI2I4",
0x01, -- TYPE_RDP_NEG_REQ
0x00, -- flags
0x0008, -- length
@@ -134,7 +133,7 @@ Request = {
__tostring = function(self)
local data = bin.pack("<HIH",
local data = stdnse.fromhex(
"7f 65" .. -- BER: Application-Defined Type = APPLICATION 101,
"82 01 90" .. -- BER: Type Length = 404 bytes
"04 01 01" .. -- Connect-Initial::callingDomainSelector
@@ -204,9 +203,9 @@ Request = {
"04 c0 0c 00" .. -- TS_UD_HEADER::type = CS_CLUSTER (0xc004), length = 12 bytes
"09 00 00 00" .. -- TS_UD_CS_CLUSTER::Flags = 0x0d
"00 00 00 00" .. -- TS_UD_CS_CLUSTER::RedirectedSessionID
"02 c0 0c 00", -- TS_UD_HEADER::type = CS_SECURITY (0xc002), length = 12 bytes
"02 c0 0c 00") -- TS_UD_HEADER::type = CS_SECURITY (0xc002), length = 12 bytes
-- "1b 00 00 00" .. -- TS_UD_CS_SEC::encryptionMethods
self.cipher or 0,
.. string.pack("<I4", self.cipher or 0) .. stdnse.fromhex(
"00 00 00 00" .. -- TS_UD_CS_SEC::extEncryptionMethods
"03 c0 2c 00" .. -- TS_UD_HEADER::type = CS_NET (0xc003), length = 44 bytes
"03 00 00 00" .. -- TS_UD_CS_NET::channelCount = 3
@@ -220,8 +219,6 @@ Request = {
return tostring(Packet.TPKT:new(Packet.ITUT:new(0xF0, data)))
end
}
}
@@ -330,7 +327,7 @@ Comm = {
return false, "Packet too short"
end
local pos, itut_code = bin.unpack("C", data, 6)
local itut_code = string.byte(data, 6)
if ( itut_code == 0xD0 ) then
stdnse.debug2("RDP: Received ConnectionConfirm response")
return true, Response.ConnectionConfirm.parse(data)

51
nselib/smbauth.lua
View File

@@ -80,7 +80,6 @@
-- For information, see <code>smbauth.lua</code>.
--@args smbnoguest Use to disable usage of the 'guest' account.
local bin = require "bin"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
@@ -656,16 +655,16 @@ function get_password_response(ip, username, domain, password, password_hash, ha
if(password_hash ~= nil) then
if(string.find(password_hash, "^" .. string.rep("%x%x", 16) .. "$")) then
stdnse.debug2("SMB: Found a 16-byte hex string")
lm_hash = bin.pack("H", password_hash:sub(1, 32))
ntlm_hash = bin.pack("H", password_hash:sub(1, 32))
lm_hash = stdnse.fromhex(password_hash:sub(1, 32))
ntlm_hash = stdnse.fromhex(password_hash:sub(1, 32))
elseif(string.find(password_hash, "^" .. string.rep("%x%x", 32) .. "$")) then
stdnse.debug2("SMB: Found a 32-byte hex string")
lm_hash = bin.pack("H", password_hash:sub(1, 32))
ntlm_hash = bin.pack("H", password_hash:sub(33, 64))
lm_hash = stdnse.fromhex(password_hash:sub(1, 32))
ntlm_hash = stdnse.fromhex(password_hash:sub(33, 64))
elseif(string.find(password_hash, "^" .. string.rep("%x%x", 16) .. "." .. string.rep("%x%x", 16) .. "$")) then
stdnse.debug2("SMB: Found two 16-byte hex strings")
lm_hash = bin.pack("H", password_hash:sub(1, 32))
ntlm_hash = bin.pack("H", password_hash:sub(34, 65))
lm_hash = stdnse.fromhex(password_hash:sub(1, 32))
ntlm_hash = stdnse.fromhex(password_hash:sub(34, 65))
else
stdnse.debug1("SMB: ERROR: Hash(es) provided in an invalid format (should be 32, 64, or 65 hex characters)")
lm_hash = nil
@@ -761,7 +760,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
if(security_blob == nil) then
-- If security_blob is nil, this is the initial packet
new_blob = bin.pack("<zIILL",
new_blob = string.pack("<zI4I4I8I8",
"NTLMSSP", -- Identifier
NTLMSSP_NEGOTIATE, -- Type
flags, -- Flags
@@ -772,7 +771,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
return true, new_blob, "", ""
else
-- Parse the old security blob
local pos, identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, reserved = bin.unpack("<LISSIIA8A8", security_blob, 1)
local identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, reserved = string.unpack("<I8I4I2I2I4I4c8c8", security_blob)
local lanman, ntlm, mac_key = get_password_response(ip, username, domain, password, password_hash, hash_type, challenge, true)
-- Convert the username and domain to unicode (TODO: Disable the unicode flag, evaluate if that'll work)
@@ -789,7 +788,7 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
local ntlm_offset = lanman_offset + #lanman
local sessionkey_offset = ntlm_offset + #ntlm
new_blob = bin.pack("<zISSISSISSISSISSISSIIAAAAAA",
new_blob = string.pack("<zI4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I2I2I4 I4",
"NTLMSSP",
NTLMSSP_AUTH,
#lanman,
@@ -810,13 +809,13 @@ function get_security_blob(security_blob, ip, username, domain, password, passwo
#session_key,
#session_key,
sessionkey_offset,
flags,
domain,
username,
hostname,
lanman,
ntlm,
session_key)
flags)
.. domain
.. username
.. hostname
.. lanman
.. ntlm
.. session_key
return true, new_blob, mac_key
end
@@ -841,7 +840,7 @@ end
-- @return A host_info table containing the data in the blob.
-- @see host_info
function get_host_info_from_security_blob(security_blob)
local hpos, identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge = bin.unpack("<A8ISSIIL", security_blob)
local identifier, message_type, domain_length, domain_max, domain_offset, server_flags, challenge, hpos = string.unpack("<c8I4 I2I2I4 I4I8", security_blob)
-- Do some validation on the NTLMSSP message
if ( identifier ~= "NTLMSSP\0" ) then
@@ -860,7 +859,7 @@ function get_host_info_from_security_blob(security_blob)
local length = domain_length
local pos = domain_offset + 1 -- +1 to convert to Lua's 1-based indexes
local target_realm
pos, target_realm = bin.unpack( string.format( "A%d", length ), security_blob, pos )
target_realm = string.unpack("c" .. length, security_blob, pos )
ntlm_challenge[ "target_realm" ] = unicode.utf16to8( target_realm )
end
@@ -870,11 +869,11 @@ function get_host_info_from_security_blob(security_blob)
return ntlm_challenge
end
local hpos, context, target_info_length, target_info_max, target_info_offset = bin.unpack("<LSSI", security_blob, hpos)
local context, target_info_length, target_info_max, target_info_offset, hpos = string.unpack("<I8 I2I2I4", security_blob, hpos)
-- OS info is in the intervening 8 bytes, subtract 1 for lua 1-index
if target_info_offset >= hpos + 7 and domain_offset >= hpos + 7 then
local hpos, major, minor, build, reserved = bin.unpack("<CCSA4", security_blob, hpos)
local major, minor, build, reserved = string.unpack("<BBI2c4", security_blob, hpos)
if reserved == "\0\0\0\x0f" then
ntlm_challenge.os_major_version = major
ntlm_challenge.os_minor_version = minor
@@ -917,21 +916,19 @@ function get_host_info_from_security_blob(security_blob)
local length = target_info_length
local pos = target_info_offset + 1 -- +1 to convert to Lua's 1-based indexes
local target_info
pos, target_info = bin.unpack( string.format( "A%d", length ), security_blob, pos )
target_info = string.unpack("c" .. length, security_blob, pos)
pos = 1 -- reset pos to 1, since we'll be working out of just the target_info
repeat
local value, av_id, av_len
pos, av_id, av_len = bin.unpack( "<SS", target_info, pos )
pos, value = bin.unpack( string.format( "A%d", av_len ), target_info, pos )
local value, av_id
av_id, value, pos = string.unpack( "<I2s2", target_info, pos )
local friendly_name = NTLM_AV_ID_NAMES[ av_id ]
if ( av_id == NTLM_AV_ID_VALUES.MsvAvEOL ) then
break
elseif ( av_id == NTLM_AV_ID_VALUES.MsvAvTimestamp ) then
-- this is a FILETIME value (see [MS-DTYP]), representing the time in 100-ns increments since 1/1/1601
local _
_, ntlm_challenge[ friendly_name ] = bin.unpack( "<L", value )
ntlm_challenge[ friendly_name ] = string.unpack( "<I8", value )
elseif ( friendly_name ) then
ntlm_challenge[ friendly_name ] = unicode.utf16to8( value )
end