PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove use of bit library from all NSE libs

Browse Source
This commit is contained in:
dmiller
2018-08-28 15:21:53 +00:00
parent 4d136359b3
commit e0af0179eb
10 changed files with 219 additions and 231 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
nselib/afp.lua
View File

@@ -112,7 +112,6 @@
-- - moved afp.username & afp.password arguments to library
local bin = require "bin"
local bit = require "bit"
local datetime = require "datetime"
local ipOps = require "ipOps"
local nmap = require "nmap"
@@ -353,7 +352,7 @@ local ERROR_MSG = {
-- Check if all the bits in flag are set in bitmap.
local function flag_is_set(bitmap, flag)
return bit.band(bitmap, flag) == flag
return (bitmap & flag) == flag
end
-- Response class returned by all functions in Proto
@@ -1069,7 +1068,7 @@ Proto = {
_, record = Util.decode_file_bitmap( file_bitmap, response.packet.data, pos )
end
if bit.mod( len, 2 ) ~= 0 then
if ( len % 2 ) ~= 0 then
len = len + 1
end
@@ -1853,15 +1852,15 @@ Util =
local acl_table = {}
if bit.band( acls, ACLS.OwnerSearch ) == ACLS.OwnerSearch then
if ( acls & ACLS.OwnerSearch ) == ACLS.OwnerSearch then
table.insert( acl_table, "Search")
end
if bit.band( acls, ACLS.OwnerRead ) == ACLS.OwnerRead then
if ( acls & ACLS.OwnerRead ) == ACLS.OwnerRead then
table.insert( acl_table, "Read")
end
if bit.band( acls, ACLS.OwnerWrite ) == ACLS.OwnerWrite then
if ( acls & ACLS.OwnerWrite ) == ACLS.OwnerWrite then
table.insert( acl_table, "Write")
end
@@ -1875,13 +1874,13 @@ Util =
-- @return table of long ACLs
acls_to_long_string = function( acls )
local owner = Util.acl_group_to_long_string( bit.band( acls, 255 ) )
local group = Util.acl_group_to_long_string( bit.band( bit.rshift(acls, 8), 255 ) )
local everyone = Util.acl_group_to_long_string( bit.band( bit.rshift(acls, 16), 255 ) )
local user = Util.acl_group_to_long_string( bit.band( bit.rshift(acls, 24), 255 ) )
local owner = Util.acl_group_to_long_string( ( acls & 255 ) )
local group = Util.acl_group_to_long_string( ( (acls >> 8) & 255 ) )
local everyone = Util.acl_group_to_long_string( ( (acls >> 16) & 255 ) )
local user = Util.acl_group_to_long_string( ( (acls >> 24) & 255 ) )
local blank = bit.band( acls, ACLS.BlankAccess ) == ACLS.BlankAccess and "Blank" or nil
local isowner = bit.band( acls, ACLS.UserIsOwner ) == ACLS.UserIsOwner and "IsOwner" or nil
local blank = ( acls & ACLS.BlankAccess ) == ACLS.BlankAccess and "Blank" or nil
local isowner = ( acls & ACLS.UserIsOwner ) == ACLS.UserIsOwner and "IsOwner" or nil
local options = {}
@@ -1914,17 +1913,17 @@ Util =
-- @param privs number containing the UnixPrivileges.ua_permissions value
-- @return string containing the ACL characters
decode_unix_privs = function( privs )
local owner = ( bit.band( privs, ACLS.OwnerRead ) == ACLS.OwnerRead ) and "r" or "-"
owner = owner .. (( bit.band( privs, ACLS.OwnerWrite ) == ACLS.OwnerWrite ) and "w" or "-")
owner = owner .. (( bit.band( privs, ACLS.OwnerSearch ) == ACLS.OwnerSearch ) and "x" or "-")
local owner = ( ( privs & ACLS.OwnerRead ) == ACLS.OwnerRead ) and "r" or "-"
owner = owner .. (( ( privs & ACLS.OwnerWrite ) == ACLS.OwnerWrite ) and "w" or "-")
owner = owner .. (( ( privs & ACLS.OwnerSearch ) == ACLS.OwnerSearch ) and "x" or "-")
local group = ( bit.band( privs, ACLS.GroupRead ) == ACLS.GroupRead ) and "r" or "-"
group = group .. (( bit.band( privs, ACLS.GroupWrite ) == ACLS.GroupWrite ) and "w" or "-")
group = group .. (( bit.band( privs, ACLS.GroupSearch ) == ACLS.GroupSearch ) and "x" or "-")
local group = ( ( privs & ACLS.GroupRead ) == ACLS.GroupRead ) and "r" or "-"
group = group .. (( ( privs & ACLS.GroupWrite ) == ACLS.GroupWrite ) and "w" or "-")
group = group .. (( ( privs & ACLS.GroupSearch ) == ACLS.GroupSearch ) and "x" or "-")
local other = ( bit.band( privs, ACLS.EveryoneRead ) == ACLS.EveryoneRead ) and "r" or "-"
other = other .. (( bit.band( privs, ACLS.EveryoneWrite ) == ACLS.EveryoneWrite ) and "w" or "-")
other = other .. (( bit.band( privs, ACLS.EveryoneSearch ) == ACLS.EveryoneSearch ) and "x" or "-")
local other = ( ( privs & ACLS.EveryoneRead ) == ACLS.EveryoneRead ) and "r" or "-"
other = other .. (( ( privs & ACLS.EveryoneWrite ) == ACLS.EveryoneWrite ) and "w" or "-")
other = other .. (( ( privs & ACLS.EveryoneSearch ) == ACLS.EveryoneSearch ) and "x" or "-")
return owner .. group .. other
end,
@@ -1940,59 +1939,59 @@ Util =
decode_file_bitmap = function( bitmap, data, pos )
local file = {}
if ( bit.band( bitmap, FILE_BITMAP.Attributes ) == FILE_BITMAP.Attributes ) then
if ( ( bitmap & FILE_BITMAP.Attributes ) == FILE_BITMAP.Attributes ) then
pos, file.Attributes = bin.unpack(">S", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.ParentDirId ) == FILE_BITMAP.ParentDirId ) then
if ( ( bitmap & FILE_BITMAP.ParentDirId ) == FILE_BITMAP.ParentDirId ) then
pos, file.ParentDirId = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.CreationDate ) == FILE_BITMAP.CreationDate ) then
if ( ( bitmap & FILE_BITMAP.CreationDate ) == FILE_BITMAP.CreationDate ) then
pos, file.CreationDate = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.ModificationDate ) == FILE_BITMAP.ModificationDate ) then
if ( ( bitmap & FILE_BITMAP.ModificationDate ) == FILE_BITMAP.ModificationDate ) then
pos, file.ModificationDate = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.BackupDate ) == FILE_BITMAP.BackupDate ) then
if ( ( bitmap & FILE_BITMAP.BackupDate ) == FILE_BITMAP.BackupDate ) then
pos, file.BackupDate = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.FinderInfo ) == FILE_BITMAP.FinderInfo ) then
if ( ( bitmap & FILE_BITMAP.FinderInfo ) == FILE_BITMAP.FinderInfo ) then
pos, file.FinderInfo = bin.unpack("A32", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.LongName ) == FILE_BITMAP.LongName ) then
if ( ( bitmap & FILE_BITMAP.LongName ) == FILE_BITMAP.LongName ) then
local offset, p, name
pos, offset = bin.unpack(">S", data, pos)
p, file.LongName = bin.unpack("p", data, offset + pos - 1)
end
if ( bit.band( bitmap, FILE_BITMAP.ShortName ) == FILE_BITMAP.ShortName ) then
if ( ( bitmap & FILE_BITMAP.ShortName ) == FILE_BITMAP.ShortName ) then
local offset, p, name
pos, offset = bin.unpack(">S", data, pos)
p, file.ShortName = bin.unpack("p", data, offset + pos - 1)
end
if ( bit.band( bitmap, FILE_BITMAP.NodeId ) == FILE_BITMAP.NodeId ) then
if ( ( bitmap & FILE_BITMAP.NodeId ) == FILE_BITMAP.NodeId ) then
pos, file.NodeId = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.DataForkSize ) == FILE_BITMAP.DataForkSize ) then
if ( ( bitmap & FILE_BITMAP.DataForkSize ) == FILE_BITMAP.DataForkSize ) then
pos, file.DataForkSize = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.ResourceForkSize ) == FILE_BITMAP.ResourceForkSize ) then
if ( ( bitmap & FILE_BITMAP.ResourceForkSize ) == FILE_BITMAP.ResourceForkSize ) then
pos, file.ResourceForkSize = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.ExtendedDataForkSize ) == FILE_BITMAP.ExtendedDataForkSize ) then
if ( ( bitmap & FILE_BITMAP.ExtendedDataForkSize ) == FILE_BITMAP.ExtendedDataForkSize ) then
pos, file.ExtendedDataForkSize = bin.unpack(">L", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.LaunchLimit ) == FILE_BITMAP.LaunchLimit ) then
if ( ( bitmap & FILE_BITMAP.LaunchLimit ) == FILE_BITMAP.LaunchLimit ) then
-- should not be set as it's deprecated according to:
-- http://developer.apple.com/mac/library/documentation/Networking/Reference/AFP_Reference/Reference/reference.html#//apple_ref/doc/c_ref/kFPLaunchLimitBit
end
if ( bit.band( bitmap, FILE_BITMAP.UTF8Name ) == FILE_BITMAP.UTF8Name ) then
if ( ( bitmap & FILE_BITMAP.UTF8Name ) == FILE_BITMAP.UTF8Name ) then
local offset, p, name
pos, offset = bin.unpack(">S", data, pos)
p, file.UTF8Name = bin.unpack("p", data, offset + pos - 1)
end
if ( bit.band( bitmap, FILE_BITMAP.ExtendedResourceForkSize ) == FILE_BITMAP.ExtendedResourceForkSize ) then
if ( ( bitmap & FILE_BITMAP.ExtendedResourceForkSize ) == FILE_BITMAP.ExtendedResourceForkSize ) then
pos, file.ExtendedResourceForkSize = bin.unpack(">L", data, pos )
end
if ( bit.band( bitmap, FILE_BITMAP.UnixPrivileges ) == FILE_BITMAP.UnixPrivileges ) then
if ( ( bitmap & FILE_BITMAP.UnixPrivileges ) == FILE_BITMAP.UnixPrivileges ) then
local unixprivs = {}
pos, unixprivs.uid, unixprivs.gid,
unixprivs.permissions, unixprivs.ua_permissions = bin.unpack(">IIII", data, pos )
@@ -2011,25 +2010,25 @@ Util =
decode_dir_bitmap = function( bitmap, data, pos )
local dir = {}
if ( bit.band( bitmap, DIR_BITMAP.Attributes ) == DIR_BITMAP.Attributes ) then
if ( ( bitmap & DIR_BITMAP.Attributes ) == DIR_BITMAP.Attributes ) then
pos, dir.Attributes = bin.unpack(">S", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.ParentDirId ) == DIR_BITMAP.ParentDirId ) then
if ( ( bitmap & DIR_BITMAP.ParentDirId ) == DIR_BITMAP.ParentDirId ) then
pos, dir.ParentDirId = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.CreationDate ) == DIR_BITMAP.CreationDate ) then
if ( ( bitmap & DIR_BITMAP.CreationDate ) == DIR_BITMAP.CreationDate ) then
pos, dir.CreationDate = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.ModificationDate ) == DIR_BITMAP.ModificationDate ) then
if ( ( bitmap & DIR_BITMAP.ModificationDate ) == DIR_BITMAP.ModificationDate ) then
pos, dir.ModificationDate = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.BackupDate ) == DIR_BITMAP.BackupDate ) then
if ( ( bitmap & DIR_BITMAP.BackupDate ) == DIR_BITMAP.BackupDate ) then
pos, dir.BackupDate = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.FinderInfo ) == DIR_BITMAP.FinderInfo ) then
if ( ( bitmap & DIR_BITMAP.FinderInfo ) == DIR_BITMAP.FinderInfo ) then
pos, dir.FinderInfo = bin.unpack("A32", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.LongName ) == DIR_BITMAP.LongName ) then
if ( ( bitmap & DIR_BITMAP.LongName ) == DIR_BITMAP.LongName ) then
local offset, p, name
pos, offset = bin.unpack(">S", data, pos)
@@ -2044,32 +2043,32 @@ Util =
p, dir.LongName = bin.unpack("p", data, offset + pos - 1)
end
if ( bit.band( bitmap, DIR_BITMAP.ShortName ) == DIR_BITMAP.ShortName ) then
if ( ( bitmap & DIR_BITMAP.ShortName ) == DIR_BITMAP.ShortName ) then
local offset, p, name
pos, offset = bin.unpack(">S", data, pos)
p, dir.ShortName = bin.unpack("p", data, offset + pos - 1)
end
if ( bit.band( bitmap, DIR_BITMAP.NodeId ) == DIR_BITMAP.NodeId ) then
if ( ( bitmap & DIR_BITMAP.NodeId ) == DIR_BITMAP.NodeId ) then
pos, dir.NodeId = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.OffspringCount ) == DIR_BITMAP.OffspringCount ) then
if ( ( bitmap & DIR_BITMAP.OffspringCount ) == DIR_BITMAP.OffspringCount ) then
pos, dir.OffspringCount = bin.unpack(">S", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.OwnerId ) == DIR_BITMAP.OwnerId ) then
if ( ( bitmap & DIR_BITMAP.OwnerId ) == DIR_BITMAP.OwnerId ) then
pos, dir.OwnerId = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.GroupId ) == DIR_BITMAP.GroupId ) then
if ( ( bitmap & DIR_BITMAP.GroupId ) == DIR_BITMAP.GroupId ) then
pos, dir.GroupId = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.AccessRights ) == DIR_BITMAP.AccessRights ) then
if ( ( bitmap & DIR_BITMAP.AccessRights ) == DIR_BITMAP.AccessRights ) then
pos, dir.AccessRights = bin.unpack(">I", data, pos )
end
if ( bit.band( bitmap, DIR_BITMAP.UTF8Name ) == DIR_BITMAP.UTF8Name ) then
if ( ( bitmap & DIR_BITMAP.UTF8Name ) == DIR_BITMAP.UTF8Name ) then
local offset, p, name
pos, offset = bin.unpack(">S", data, pos)
p, dir.UTF8Name = bin.unpack("p", data, offset + pos - 1)
end
if ( bit.band( bitmap, DIR_BITMAP.UnixPrivileges ) == DIR_BITMAP.UnixPrivileges ) then
if ( ( bitmap & DIR_BITMAP.UnixPrivileges ) == DIR_BITMAP.UnixPrivileges ) then
local unixprivs = {}
pos, unixprivs.uid, unixprivs.gid,

49
nselib/coap.lua
View File

@@ -1,5 +1,4 @@
local bin = require "bin"
local bit = require "bit"
local comm = require "comm"
local json = require "json"
local lpeg = require "lpeg"
@@ -332,10 +331,10 @@ COAP.header.build = function(options)
-- Build the fixed portion of the header.
local pkt = ""
ver = bit.lshift(ver, 6)
mtype = bit.lshift(mtype, 4)
ver = ver << 6
mtype = mtype << 4
pkt = pkt .. bin.pack("C", bit.bor(bit.bor(ver, mtype), tkl))
pkt = pkt .. bin.pack("C", ver | mtype | tkl)
pkt = pkt .. code
pkt = pkt .. bin.pack(">S", id)
pkt = pkt .. token
@@ -384,11 +383,11 @@ COAP.header.parse = function(buf, pos)
-- Parse the fixed header.
local hdr = {}
local ver = bit.rshift(ver_type_tkl, 6)
local ver = ver_type_tkl >> 6
hdr.version = ver
local mtype = bit.rshift(ver_type_tkl, 4)
mtype = bit.band(mtype, 0x3)
local mtype = ver_type_tkl >> 4
mtype = mtype & 0x3
hdr.type = ("(unrecognized: %d)"):format(mtype)
for key, val in pairs(COAP.header.types) do
@@ -398,7 +397,7 @@ COAP.header.parse = function(buf, pos)
end
end
local tkl = bit.band(ver_type_tkl, 0xF)
local tkl = ver_type_tkl & 0xF
if tkl < 0 or tkl > 8 then
return false, ("Token length was %d, but must be 0 through 8."):format(tkl)
end
@@ -485,9 +484,9 @@ COAP.header.codes.build = function(name)
local class = id[1]
local detail = id[2]
class = bit.lshift(class, 5)
class = class << 5
return bin.pack("C", bit.bor(class, detail))
return bin.pack("C", class | detail)
end
--- Parses a CoAP request or response code.
@@ -517,8 +516,8 @@ COAP.header.codes.parse = function(buf, pos)
return false, id
end
local class = bit.rshift(id, 5)
local detail = bit.band(id, 0x1F)
local class = id >> 5
local detail = id & 0x1F
for key, val in pairs(COAP.header.codes.ids) do
if val[1] == class and val[2] == detail then
@@ -1254,15 +1253,15 @@ COAP.header.options.value.block.build = function(val)
assert(val.number >= 0)
assert(val.number <= 1048575)
num = bit.lshift(num, 1)
num = num << 1
local mf = val.more
assert(type(mf) == "boolean")
if mf then
num = bit.bor(num, 0x1)
num = num | 0x1
end
num = bit.lshift(num, 3)
num = num << 3
local length = val.length
assert(type(length) == "number")
@@ -1273,7 +1272,7 @@ COAP.header.options.value.block.build = function(val)
local szx = map[length]
assert(szx)
num = bit.bor(num, szx)
num = num | szx
-- The final number that results from combining all the fields
-- should fit within 3 bytes when built.
@@ -1332,7 +1331,7 @@ COAP.header.options.value.block.parse = function(buf)
-- Note that this field could have a value as high as 7, it is only
-- allowed to go up to 6. This prevents the option's value from
-- being misinterpreted as the payload marker.
local szx = bit.band(num, 0x7)
local szx = num & 0x7
if szx == 7 then
szx = 6
end
@@ -1341,13 +1340,13 @@ COAP.header.options.value.block.parse = function(buf)
assert(length >= 16)
assert(length <= 1024)
num = bit.rshift(num, 3)
num = num >> 3
-- Extract more flag which indicates whether this is the last block.
local mf = (bit.band(num, 0x1) == 0x1)
local mf = ((num & 0x1) == 0x1)
assert(type(mf) == "boolean")
num = bit.rshift(num, 1)
num = num >> 1
-- The remainder of the number is the block number in sequence.
assert(num >= 0)
@@ -1577,10 +1576,10 @@ COAP.header.options.delta_length.build = function(delta, length)
local d1, d2 = build(delta)
local l1, l2 = build(length)
d1 = bit.lshift(d1, 4)
bin.pack("C", bit.bor(d1, l1))
d1 = d1 << 4
bin.pack("C", d1 | l1)
return bin.pack("C", bit.bor(d1, l1)) .. d2 .. l2
return bin.pack("C", d1 | l1) .. d2 .. l2
end
--- Parse the variable-length option delta and length field.
@@ -1618,8 +1617,8 @@ COAP.header.options.delta_length.parse = function(buf, pos)
if not pos then
return false, nil, nil, delta_and_length
end
local delta = bit.rshift(delta_and_length, 4)
local length = bit.band(delta_and_length, 0x0F)
local delta = delta_and_length >> 4
local length = delta_and_length & 0x0F
-- Sanity check the first byte's value.
if delta == 15 then

63
nselib/ipmi.lua
View File

@@ -6,7 +6,6 @@
-- @name ipmi
-- @author "Claudiu Perta <claudiu.perta@gmail.com>"
local bin = require "bin"
local bit = require "bit"
local stdnse = require "stdnse"
local string = require "string"
@@ -185,8 +184,8 @@ parse_channel_auth_reply = function(reply)
pos, data["rmcp_sequence"] = bin.unpack("<C", reply, pos)
pos, value = bin.unpack("C", reply, pos)
data["rmcp_mtype"] = (bit.band(value, 0x80) ~= 0)
data["rmcp_class"] = bit.band(value, 0x7F)
data["rmcp_mtype"] = ((value & 0x80) ~= 0)
data["rmcp_class"] = (value & 0x7F)
pos, data["session_auth_type"] = bin.unpack("C", reply, pos)
pos, data["session_sequence"] = bin.unpack("<I", reply, pos)
@@ -202,32 +201,32 @@ parse_channel_auth_reply = function(reply)
pos, data["ipmi_channel"] = bin.unpack("C", reply, pos)
pos, value = bin.unpack("C", reply, pos)
data["ipmi_compat_20"] = (bit.band(value, 0x80) ~= 0)
data["ipmi_compat_reserved1"] = (bit.band(value, 0x40) ~= 0)
data["ipmi_compat_oem_auth"] = (bit.band(value, 0x20) ~= 0)
data["ipmi_compat_password"] = (bit.band(value, 0x10) ~= 0)
data["ipmi_compat_reserved2"] = (bit.band(value, 0x08) ~= 0)
data["ipmi_compat_md5"] = (bit.band(value, 0x04) ~= 0)
data["ipmi_compat_md2"] = (bit.band(value, 0x02) ~= 0)
data["ipmi_compat_none"] = (bit.band(value, 0x01) ~= 0)
data["ipmi_compat_20"] = ((value & 0x80) ~= 0)
data["ipmi_compat_reserved1"] = ((value & 0x40) ~= 0)
data["ipmi_compat_oem_auth"] = ((value & 0x20) ~= 0)
data["ipmi_compat_password"] = ((value & 0x10) ~= 0)
data["ipmi_compat_reserved2"] = ((value & 0x08) ~= 0)
data["ipmi_compat_md5"] = ((value & 0x04) ~= 0)
data["ipmi_compat_md2"] = ((value & 0x02) ~= 0)
data["ipmi_compat_none"] = ((value & 0x01) ~= 0)
pos, value = bin.unpack("C", reply, pos)
data["ipmi_user_reserved1"] = bit.band(bit.rshift(value, 6), 0x03)
data["ipmi_user_kg"] = (bit.band(value, 0x20) ~= 0)
data["ipmi_user_disable_message_auth"] = (bit.band(value, 0x10) ~= 0)
data["ipmi_user_disable_user_auth"] = (bit.band(value, 0x08) ~= 0)
data["ipmi_user_non_null"] = (bit.band(value, 0x04) ~= 0)
data["ipmi_user_null"] = (bit.band(value, 0x02) ~= 0)
data["ipmi_user_anonymous"] = (bit.band(value, 0x01) ~= 0)
data["ipmi_user_reserved1"] = ((value >> 6) & 0x03)
data["ipmi_user_kg"] = ((value & 0x20) ~= 0)
data["ipmi_user_disable_message_auth"] = ((value & 0x10) ~= 0)
data["ipmi_user_disable_user_auth"] = ((value & 0x08) ~= 0)
data["ipmi_user_non_null"] = ((value & 0x04) ~= 0)
data["ipmi_user_null"] = ((value & 0x02) ~= 0)
data["ipmi_user_anonymous"] = ((value & 0x01) ~= 0)
pos, value = bin.unpack("C", reply, pos)
data["ipmi_conn_reserved1"] = bit.band(bit.rshift(value, 2), 0x3F)
data["ipmi_conn_20"] = (bit.band(value, 0x02) ~= 0)
data["ipmi_conn_15"] = (bit.band(value, 0x01) ~= 0)
data["ipmi_conn_reserved1"] = ((value >> 2) & 0x3F)
data["ipmi_conn_20"] = ((value & 0x02) ~= 0)
data["ipmi_conn_15"] = ((value & 0x01) ~= 0)
-- 24 bits OEMID, unpack an int and shift 1 byte to the right
pos, value = bin.unpack("<I", reply, pos)
data["ipmi_oem_id"] = bit.rshift(value, 8)
data["ipmi_oem_id"] = value >> 8
-- restore one byte position
pos = pos - 1
pos, data["ipmi_oem_data"] = bin.unpack("A", reply, pos)
@@ -247,19 +246,19 @@ parse_open_session_reply = function(reply)
pos, value = bin.unpack("C", reply, pos)
-- bit 1
data["rmcp_mtype"] = (bit.band(value, 0x80) ~= 0)
data["rmcp_mtype"] = ((value & 0x80) ~= 0)
-- bit [2:8]
data["rmcp_class"] = bit.band(value, 0x7F)
data["rmcp_class"] = (value & 0x7F)
pos, data["session_auth_type"] = bin.unpack("C", reply, pos)
pos, value = bin.unpack("C", reply, pos)
-- bit 1
data["session_payload_encrypted"] = (bit.band(value, 0x80) ~= 0)
data["session_payload_encrypted"] = ((value & 0x80) ~= 0)
-- bit 2
data["session_payload_authenticated"] = (bit.band(value, 0x40) ~= 0)
data["session_payload_authenticated"] = ((value & 0x40) ~= 0)
-- bit [3:8]
data["session_payload_type"] = bit.band(value, 0x3F)
data["session_payload_type"] = (value & 0x3F)
pos, data["session_id"] = bin.unpack("<I", reply, pos)
pos, data["session_sequence"] = bin.unpack("<I", reply, pos)
@@ -285,19 +284,19 @@ parse_rakp_1_reply = function(reply)
pos, value = bin.unpack("C", reply, pos)
-- bit 1
data["rmcp_mtype"] = (bit.band(value, 0x80) ~= 0)
data["rmcp_mtype"] = ((value & 0x80) ~= 0)
-- bit [2:8]
data["rmcp_class"] = bit.band(value, 0x7F)
data["rmcp_class"] = (value & 0x7F)
pos, data["session_auth_type"] = bin.unpack("C", reply, pos)
pos, value = bin.unpack("C", reply, pos)
-- bit 1
data["session_payload_encrypted"] = (bit.band(value, 0x80) ~= 0)
data["session_payload_encrypted"] = ((value & 0x80) ~= 0)
-- bit 2
data["session_payload_authenticated"] = (bit.band(value, 0x40) ~= 0)
data["session_payload_authenticated"] = ((value & 0x40) ~= 0)
-- bit [3:8]
data["session_payload_type"] = bit.band(value, 0x3F)
data["session_payload_type"] = (value & 0x3F)
pos, data["session_id"] = bin.unpack("<I", reply, pos)
pos, data["session_sequence"] = bin.unpack("<I", reply, pos)

33
nselib/iscsi.lua
View File

@@ -35,7 +35,6 @@
local bin = require "bin"
local bit = require "bit"
local ipOps = require "ipOps"
local match = require "match"
local nmap = require "nmap"
@@ -126,17 +125,17 @@ Packet = {
local pad = 4 - ((#kvps + 48) % 4)
pad = ( pad == 4 ) and 0 or pad
local len = bit.lshift( self.total_ahs_len, 24 ) + self.data_seg_len
local flags = bit.lshift( ( self.flags.transit or 0 ), 7 )
flags = flags + bit.lshift( ( self.flags.continue or 0 ), 6)
local len = ( self.total_ahs_len << 24 ) + self.data_seg_len
local flags = ( ( self.flags.transit or 0 ) << 7 )
flags = flags + ( ( self.flags.continue or 0 ) << 6)
flags = flags + ( self.flags.nsg or 0 )
flags = flags + bit.lshift( ( self.flags.csg or 0 ), 2 )
flags = flags + ( ( self.flags.csg or 0 ) << 2 )
local opcode = self.opcode + bit.lshift((self.immediate or 0), 6)
local opcode = self.opcode + ((self.immediate or 0) << 6)
local data = bin.pack(">CCCCICSCSSISSIILLAA", opcode,
flags, self.ver_max, self.ver_min, len,
bit.lshift( self.isid.t, 6 ) + bit.band( self.isid.a, 0x3f),
( self.isid.t << 6 ) + ( self.isid.a & 0x3f),
self.isid.b, self.isid.c, self.isid.d, self.tsih,
self.initiator_task_tag, self.cid, reserved, self.cmdsn,
self.expstatsn, reserved, reserved, kvps, string.rep('\0', pad) )
@@ -208,8 +207,8 @@ Packet = {
local resp = Packet.LoginResponse:new()
local pos, len = bin.unpack(">I", header, 5)
resp.total_ahs_len = bit.rshift(len, 24)
resp.data_seg_len = bit.band(len, 0x00ffffff)
resp.total_ahs_len = len >> 24
resp.data_seg_len = len & 0x00ffffff
pos, resp.status_code = bin.unpack(">S", header, 37)
local pad = ( 4 - ( resp.data_seg_len % 4 ) )
@@ -265,14 +264,14 @@ Packet = {
--
-- @return string containing the converted instance
__tostring = function(self)
local flags = bit.lshift( ( self.flags.final or 0 ), 7 )
flags = flags + bit.lshift( (self.flags.continue or 0), 6 )
local flags = ( self.flags.final or 0 ) << 7
flags = flags + ( (self.flags.continue or 0) << 6 )
local kvps = tostring(self.kvp)
kvps = kvps .. string.rep('\0', #kvps % 2)
self.data_seg_len = #kvps
local len = bit.lshift( self.total_ahs_len, 24 ) + self.data_seg_len
local len = ( self.total_ahs_len << 24 ) + self.data_seg_len
local reserved = 0
local data = bin.pack(">CCSILIIIILLA", self.opcode, flags, reserved,
len, self.lun, self.initiator_task_tag, self.target_trans_tag,
@@ -308,10 +307,10 @@ Packet = {
local status, header = s:receive_buf(match.numbytes(48), true)
if not status then return status, header end
local pos, _, flags, _, _, len = bin.unpack(">CCCCI", header)
local cont = ( bit.band(flags, 0x40) == 0x40 )
local cont = ( (flags & 0x40) == 0x40 )
resp.total_ahs_len = bit.rshift(len, 24)
resp.data_seg_len = bit.band(len, 0x00ffffff)
resp.total_ahs_len = len >> 24
resp.data_seg_len = len & 0x00ffffff
local data
status, data = s:receive_buf(match.numbytes(resp.data_seg_len), true)
@@ -381,9 +380,9 @@ Packet = {
--
-- @return string containing the converted instance
__tostring = function(self)
local opcode = self.opcode + bit.lshift((self.immediate or 0), 6)
local opcode = self.opcode + ((self.immediate or 0) << 6)
local reserved = 0
local len = bit.lshift( self.total_ahs_len, 24 ) + self.data_seg_len
local len = ( self.total_ahs_len << 24 ) + self.data_seg_len
local data = bin.pack(">CCSILISSIILL", opcode, (0x80 + self.reasoncode),
reserved, len, reserved,self.initiator_task_tag, self.cid,
reserved, self.cmdsn, self.expstatsn, reserved, reserved )

37
nselib/mqtt.lua
View File

@@ -1,5 +1,4 @@
local bin = require "bin"
local bit = require "bit"
local comm = require "comm"
local match = require "match"
local nmap = require "nmap"
@@ -322,8 +321,8 @@ Comm = {
pos = end_pos
-- Parse type and flags.
local type = bit.rshift(type_and_flags, 4)
local fhflags = bit.band(type_and_flags, 0x0F)
local type = type_and_flags >> 4
local fhflags = type_and_flags & 0x0F
-- Search for the definition of the packet type.
local def = nil
@@ -550,7 +549,7 @@ MQTT.packet["CONNECT"].build = function(options)
-- 3.1.2.4 Clean Session
if options.clean_session then
cflags = bit.bor(cflags, 0x02)
cflags = cflags | 0x02
end
-- 3.1.2.6 Will QoS
@@ -559,29 +558,29 @@ MQTT.packet["CONNECT"].build = function(options)
end
assert(options.will_qos >= 0)
assert(options.will_qos <= 2)
cflags = bit.bor(cflags, bit.lshift(options.will_qos, 3))
cflags = cflags | (options.will_qos << 3)
-- 3.1.2.7 Will Retain
if options.will_retain then
cflags = bit.bor(cflags, 0x20)
cflags = cflags | 0x20
end
-- 3.1.2.5 Will Flag
if options.will_topic and options.will_message then
cflags = bit.bor(cflags, 0x04)
cflags = cflags | 0x04
tail = tail .. MQTT.utf8_build(options.will_topic)
tail = tail .. MQTT.utf8_build(options.will_message)
end
-- 3.1.2.8 User Name Flag
if options.username then
cflags = bit.bor(cflags, 0x80)
cflags = cflags | 0x80
tail = tail .. MQTT.utf8_build(options.username)
end
-- 3.1.2.9 Password Flag
if options.password then
cflags = bit.bor(cflags, 0x40)
cflags = cflags | 0x40
tail = tail .. MQTT.utf8_build(options.password)
end
@@ -625,7 +624,7 @@ MQTT.packet["CONNACK"].parse = function(fhflags, buf)
local _, caflags, crcode = bin.unpack("CC", buf)
-- 3.2.2.2 Session Present
res.session_present = (bit.band(caflags, 0x01) == 1)
res.session_present = ((caflags & 0x01) == 1)
-- 3.2.2.3 Connect Return code
res.accepted = (crcode == 0x00)
@@ -749,11 +748,11 @@ MQTT.packet["PUBLISH"].parse = function(fhflags, buf)
local res = {["type"] = "PUBLISH"}
-- 3.3.1.1 DUP
local dup = (bit.band(fhflags, 0x8) == 0x8)
local dup = ((fhflags & 0x8) == 0x8)
res.dup = dup
-- 3.3.1.2 QoS
local qos = bit.rshift(bit.band(fhflags, 0x6), 1)
local qos = ((fhflags & 0x6) >> 1)
res.qos = qos
-- 3.3.1.3 RETAIN
@@ -809,10 +808,10 @@ MQTT.length_build = function(num)
local field = {}
repeat
local byte = bit.band(num, 0x7F)
num = bit.rshift(num, 7)
local byte = num & 0x7F
num = num >> 7
if num > 0 then
byte = bit.bor(byte, 0x80)
byte = byte | 0x80
end
field[#field+1] = bin.pack("C", byte)
until num == 0
@@ -855,13 +854,13 @@ MQTT.length_parse = function(buf, pos)
return false, "Reached end of buffer before variable-length numeric field was parsed."
end
pos, byte = bin.unpack("C", buf, pos)
num = num + bit.band(byte, 0x7F) * multiplier
num = num + (byte & 0x7F) * multiplier
if offset > 3 then
return false, "Buffer contained an invalid variable-length numeric field."
end
multiplier = bit.lshift(multiplier, 7)
multiplier = multiplier << 7
offset = offset + 1
until bit.band(byte, 0x80) == 0
until (byte & 0x80) == 0
-- This field represents a limited range of integers.
assert(num >= 0)
@@ -942,7 +941,7 @@ MQTT.fixed_header = function(num, flags, pkt)
-- Build the fixed header.
-- 2.2.1 MQTT Control Packet type
-- 2.2.2 Flags
local hdr = bit.bor(bit.lshift(num, 4), flags)
local hdr = (num << 4) | flags
return bin.pack("C", hdr) .. MQTT.length_build(#pkt) .. pkt
end

15
nselib/msrpc.lua
View File

@@ -51,7 +51,6 @@
-----------------------------------------------------------------------
local bin = require "bin"
local bit = require "bit"
local datetime = require "datetime"
local ipOps = require "ipOps"
local math = require "math"
@@ -300,7 +299,7 @@ function bind(smbstate, interface_uuid, interface_version, transfer_syntax)
return false, "Bind() returned a fault (packet type)"
end
-- Check if the flags indicate DID_NOT_EXECUTE
if(bit.band(result['packet_flags'], 0x20) == 0x20) then
if((result['packet_flags'] & 0x20) == 0x20) then
return false, "Bind() returned a fault (flags)"
end
-- Check if it requested authorization (I've never seen this, but wouldn't know how to handle it)
@@ -308,7 +307,7 @@ function bind(smbstate, interface_uuid, interface_version, transfer_syntax)
return false, "Bind() returned an 'auth length', which we don't know how to deal with"
end
-- Check if the packet was fragmented (I've never seen this, but wouldn't know how to handle it)
if(bit.band(result['packet_flags'], 0x03) ~= 0x03) then
if((result['packet_flags'] & 0x03) ~= 0x03) then
return false, "Bind() returned a fragmented packet, which we don't know how to handle"
end
-- Check if the wrong message type was returned
@@ -432,8 +431,8 @@ function call_function(smbstate, opnum, arguments)
end
-- Check if we're fragmented
is_first = (bit.band(result['packet_flags'], 0x01) == 0x01)
is_last = (bit.band(result['packet_flags'], 0x02) == 0x02)
is_first = ((result['packet_flags'] & 0x01) == 0x01)
is_last = ((result['packet_flags'] & 0x02) == 0x02)
-- We have a fragmented packet, make sure it's the first (if we're on the first)
if(first == true and is_first == false) then
@@ -449,7 +448,7 @@ function call_function(smbstate, opnum, arguments)
if(result['packet_type'] == 0x03) then -- MSRPC_FAULT
return false, "MSRPC call returned a fault (packet type)"
end
if(bit.band(result['packet_flags'], 0x20) == 0x20) then
if((result['packet_flags'] & 0x20) == 0x20) then
return false, "MSRPC call returned a fault (flags)"
end
if(result['auth_length'] ~= 0) then
@@ -4896,8 +4895,8 @@ function get_server_stats(host)
stats.period_str = datetime.format_time(stats.period)
-- Combine the 64-bit values
stats['bytessent'] = bit.bor(bit.lshift(stats['bytessent_high'], 32), stats['bytessent_low'])
stats['bytesrcvd'] = bit.bor(bit.lshift(stats['bytesrcvd_high'], 32), stats['bytesrcvd_low'])
stats['bytessent'] = ((stats['bytessent_high'] << 32) | stats['bytessent_low'])
stats['bytesrcvd'] = ((stats['bytesrcvd_high'] << 32) | stats['bytesrcvd_low'])
-- Sidestep divide-by-zero errors (probably won't come up, but I'd rather be safe)
if(stats['period'] == 0) then

77
nselib/packet.lua
View File

@@ -4,7 +4,6 @@
-- @author Marek Majkowski <majek04+nse@gmail.com>
-- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html
local bit = require "bit"
local ipOps = require "ipOps"
local nmap = require "nmap"
local stdnse = require "stdnse"
@@ -49,7 +48,7 @@ end
-- @param i Offset.
-- @param num Integer to store.
function set_u8(b, i, num)
local s = string.char(bit.band(num, 0xff))
local s = string.char(num & 0xff)
return b:sub(0+1, i+1-1) .. s .. b:sub(i+1+1)
end
--- Set a 16-bit integer at a 0-based byte offset in a byte string
@@ -58,7 +57,7 @@ end
-- @param i Offset.
-- @param num Integer to store.
function set_u16(b, i, num)
local s = string.char(bit.band(bit.rshift(num, 8), 0xff)) .. string.char(bit.band(num, 0xff))
local s = string.char((num >> 8) & 0xff) .. string.char(num & 0xff)
return b:sub(0+1, i+1-1) .. s .. b:sub(i+1+2)
end
--- Set a 32-bit integer at a 0-based byte offset in a byte string
@@ -67,10 +66,10 @@ end
-- @param i Offset.
-- @param num Integer to store.
function set_u32(b,i, num)
local s = string.char(bit.band(bit.rshift(num,24), 0xff)) ..
string.char(bit.band(bit.rshift(num,16), 0xff)) ..
string.char(bit.band(bit.rshift(num,8), 0xff)) ..
string.char(bit.band(num, 0xff))
local s = string.char((num >> 24) & 0xff) ..
string.char((num >>16) & 0xff) ..
string.char((num >> 8) & 0xff) ..
string.char(num & 0xff)
return b:sub(0+1, i+1-1) .. s .. b:sub(i+1+4)
end
--- Get a 1-byte string from a number.
@@ -108,10 +107,10 @@ function in_cksum(b)
sum = sum + u8(b, i) * 256
end
sum = bit.rshift(sum, 16) + bit.band(sum, 0xffff)
sum = sum + bit.rshift(sum, 16)
sum = bit.bnot(sum)
sum = bit.band(sum, 0xffff) -- truncate to 16 bits
sum = (sum >> 16) + (sum & 0xffff)
sum = sum + (sum >> 16)
sum = ~sum
sum = (sum & 0xffff) -- truncate to 16 bits
return sum
end
@@ -240,7 +239,7 @@ function Packet:new(packet, packet_len, force_continue)
end
o.buf = packet
o.packet_len = packet_len
o.ip_v = bit.rshift(string.byte(o.buf), 4)
o.ip_v = string.byte(o.buf) >> 4
if o.ip_v == 4 and not o:ip_parse(force_continue) then
return nil
elseif o.ip_v == 6 and not o:ip6_parse(force_continue) then
@@ -281,9 +280,9 @@ end
-- @param ip6_fl Number stands for Flow Label.
-- @return The first four-byte string of an IPv6 header.
function ipv6_hdr_pack_tc_fl(ip6_tc, ip6_fl)
local ver_tc_fl = bit.lshift(6, 28) +
bit.lshift(bit.band(ip6_tc, 0xFF), 20) +
bit.band(ip6_fl, 0xFFFFF)
local ver_tc_fl = (6 << 28) +
((ip6_tc & 0xFF) << 20) +
(ip6_fl & 0xFFFFF)
return numtostr32(ver_tc_fl)
end
--- Build an IPv6 packet.
@@ -416,7 +415,7 @@ function Packet:build_ip_packet(src, dst, payload, dsf, id, flags, off, ttl, pro
self.ip_off = off or self.ip_off or 0
self.ip_ttl = ttl or self.ip_ttl or 255
self.buf =
numtostr8(bit.lshift(self.ip_v,4) + 20 / 4) .. -- version and header length
numtostr8((self.ip_v << 4) + 20 / 4) .. -- version and header length
numtostr8(self.ip_dsf) ..
numtostr16(#self.l3_packet + 20) ..
numtostr16(self.ip_id) ..
@@ -501,7 +500,7 @@ function mac_to_lladdr(mac)
if not mac then
return nil, "MAC was not specified."
end
local interfier = string.char(bit.bor(string.byte(mac,1),0x02))..string.sub(mac,2,3).."\xff\xfe"..string.sub(mac,4,6)
local interfier = string.char((string.byte(mac,1) | 0x02))..string.sub(mac,2,3).."\xff\xfe"..string.sub(mac,4,6)
local ll_prefix = ipOps.ip_to_str("fe80::")
return string.sub(ll_prefix,1,8)..interfier
end
@@ -569,8 +568,8 @@ function Packet:ip_parse(force_continue)
print("too short")
return false
end
self.ip_v = bit.rshift(bit.band(self:u8(self.ip_offset + 0), 0xF0), 4)
self.ip_hl = bit.band(self:u8(self.ip_offset + 0), 0x0F) -- header_length or data_offset
self.ip_v = (self:u8(self.ip_offset + 0) & 0xF0) >> 4
self.ip_hl = (self:u8(self.ip_offset + 0) & 0x0F) -- header_length or data_offset
if self.ip_v ~= 4 then -- not ip
print("not v4")
return false
@@ -580,10 +579,10 @@ function Packet:ip_parse(force_continue)
self.ip_len = self:u16(self.ip_offset + 2)
self.ip_id = self:u16(self.ip_offset + 4)
self.ip_off = self:u16(self.ip_offset + 6)
self.ip_rf = bit.band(self.ip_off, 0x8000)~=0 -- true/false
self.ip_df = bit.band(self.ip_off, 0x4000)~=0
self.ip_mf = bit.band(self.ip_off, 0x2000)~=0
self.ip_off = bit.band(self.ip_off, 0x1FFF) -- fragment offset
self.ip_rf = (self.ip_off & 0x8000)~=0 -- true/false
self.ip_df = (self.ip_off & 0x4000)~=0
self.ip_mf = (self.ip_off & 0x2000)~=0
self.ip_off = (self.ip_off & 0x1FFF) -- fragment offset
self.ip_ttl = self:u8(self.ip_offset + 8)
self.ip_p = self:u8(self.ip_offset + 9)
self.ip_sum = self:u16(self.ip_offset + 10)
@@ -604,13 +603,13 @@ function Packet:ip6_parse(force_continue)
if #self.buf < 40 then -- too short
return false
end
self.ip_v = bit.rshift(bit.band(self:u8(self.ip6_offset + 0), 0xF0), 4)
self.ip_v = (self:u8(self.ip6_offset + 0) & 0xF0) >> 4
if self.ip_v ~= 6 then -- not ipv6
return false
end
self.ip6 = true
self.ip6_tc = bit.rshift(bit.band(self:u16(self.ip6_offset + 0), 0x0FF0), 4)
self.ip6_fl = bit.band(self:u8(self.ip6_offset + 1), 0x0F)*65536 + self:u16(self.ip6_offset + 2)
self.ip6_tc = (self:u16(self.ip6_offset + 0) & 0x0FF0) >> 4
self.ip6_fl = (self:u8(self.ip6_offset + 1) & 0x0F)*65536 + self:u16(self.ip6_offset + 2)
self.ip6_plen = self:u16(self.ip6_offset + 4)
self.ip6_nhdr = self:u8(self.ip6_offset + 6)
self.ip6_hlimt = self:u8(self.ip6_offset + 7)
@@ -638,9 +637,9 @@ function Packet:ip6_set_plen(plen)
end
--- Set the header length field.
function Packet:ip_set_hl(len)
self:set_u8(self.ip_offset + 0, bit.bor(bit.lshift(self.ip_v, 4), bit.band(len, 0x0F)))
self.ip_v = bit.rshift(bit.band(self:u8(self.ip_offset + 0), 0xF0), 4)
self.ip_hl = bit.band(self:u8(self.ip_offset + 0), 0x0F) -- header_length or data_offset
self:set_u8(self.ip_offset + 0, (self.ip_v << 4) | (len & 0x0F))
self.ip_v = (self:u8(self.ip_offset + 0) & 0xF0) >> 4
self.ip_hl = (self:u8(self.ip_offset + 0) & 0x0F) -- header_length or data_offset
end
--- Set the packet length field.
-- @param len Packet length.
@@ -833,17 +832,17 @@ function Packet:tcp_parse(force_continue)
end
self.tcp_seq = self:u32(self.tcp_offset + 4)
self.tcp_ack = self:u32(self.tcp_offset + 8)
self.tcp_hl = bit.rshift(bit.band(self:u8(self.tcp_offset+12), 0xF0), 4) -- header_length or data_offset
self.tcp_x2 = bit.band(self:u8(self.tcp_offset+12), 0x0F)
self.tcp_hl = (self:u8(self.tcp_offset+12) & 0xF0) >> 4 -- header_length or data_offset
self.tcp_x2 = (self:u8(self.tcp_offset+12) & 0x0F)
self.tcp_flags = self:u8(self.tcp_offset + 13)
self.tcp_th_fin = bit.band(self.tcp_flags, 0x01)~=0 -- true/false
self.tcp_th_syn = bit.band(self.tcp_flags, 0x02)~=0
self.tcp_th_rst = bit.band(self.tcp_flags, 0x04)~=0
self.tcp_th_push = bit.band(self.tcp_flags, 0x08)~=0
self.tcp_th_ack = bit.band(self.tcp_flags, 0x10)~=0
self.tcp_th_urg = bit.band(self.tcp_flags, 0x20)~=0
self.tcp_th_ece = bit.band(self.tcp_flags, 0x40)~=0
self.tcp_th_cwr = bit.band(self.tcp_flags, 0x80)~=0
self.tcp_th_fin = (self.tcp_flags & 0x01)~=0 -- true/false
self.tcp_th_syn = (self.tcp_flags & 0x02)~=0
self.tcp_th_rst = (self.tcp_flags & 0x04)~=0
self.tcp_th_push = (self.tcp_flags & 0x08)~=0
self.tcp_th_ack = (self.tcp_flags & 0x10)~=0
self.tcp_th_urg = (self.tcp_flags & 0x20)~=0
self.tcp_th_ece = (self.tcp_flags & 0x40)~=0
self.tcp_th_cwr = (self.tcp_flags & 0x80)~=0
self.tcp_win = self:u16(self.tcp_offset + 14)
self.tcp_sum = self:u16(self.tcp_offset + 16)
self.tcp_urp = self:u16(self.tcp_offset + 18)

31
nselib/smb.lua
View File

@@ -123,7 +123,6 @@
-----------------------------------------------------------------------
local asn1 = require "asn1"
local bin = require "bin"
local bit = require "bit"
local coroutine = require "coroutine"
local datetime = require "datetime"
local io = require "io"
@@ -651,19 +650,19 @@ function smb_encode_header(smb, command, overrides)
local sig = "\xFFSMB"
-- Pretty much every flags is deprecated. We set these two because they're required to be on.
local flags = bit.bor(0x10, 0x08) -- SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES
local flags = (0x10 | 0x08) -- SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES
-- These flags are less deprecated. We negotiate 32-bit status codes and long names. We also don't include Unicode, which tells
-- the server that we deal in ASCII.
local flags2 = bit.bor(0x4000, 0x2000, 0x0040, 0x0001) -- SMB_FLAGS2_32BIT_STATUS | SMB_FLAGS2_EXECUTE_ONLY_READS | SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAMES
local flags2 = (0x4000 | 0x2000 | 0x0040 | 0x0001) -- SMB_FLAGS2_32BIT_STATUS | SMB_FLAGS2_EXECUTE_ONLY_READS | SMB_FLAGS2_IS_LONG_NAME | SMB_FLAGS2_KNOWS_LONG_NAMES
-- Unless the user's disabled the security signature, add it
if(nmap.registry.args.smbsign ~= "disable") then
flags2 = bit.bor(flags2, 0x0004) -- SMB_FLAGS2_SECURITY_SIGNATURE
flags2 = (flags2 | 0x0004) -- SMB_FLAGS2_SECURITY_SIGNATURE
end
if(smb['extended_security'] == true) then
flags2 = bit.bor(flags2, 0x0800) -- SMB_EXTENDED_SECURITY
flags2 = (flags2 | 0x0800) -- SMB_EXTENDED_SECURITY
end
-- TreeID should never ever be 'nil', but it seems to happen once in awhile so print an error
@@ -767,7 +766,7 @@ local function message_check_signature(smb, body)
if(smb['mac_key'] == nil) then
stdnse.debug3("SMB: Not signing message (missing mac_key)")
return true
elseif(nmap.registry.args.smbsign ~= "force" and bit.band(smb['security_mode'], 0x0A) ~= 0) then
elseif(nmap.registry.args.smbsign ~= "force" and (smb['security_mode'] & 0x0A) ~= 0) then
stdnse.debug3("SMB: Not signing message (server doesn't support it -- default)")
return true
elseif(nmap.registry.args.smbsign == "disable" or nmap.registry.args.smbsign == "ignore") then
@@ -876,7 +875,7 @@ function smb_read(smb, read_data)
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [2]"
end
-- Make the length 24 bits
netbios_length = bit.band(netbios_length, 0x00FFFFFF)
netbios_length = (netbios_length & 0x00FFFFFF)
-- The total length is the netbios_length, plus 4 (for the length itself)
length = netbios_length + 4
@@ -1010,7 +1009,7 @@ function negotiate_v1(smb, overrides)
end
-- Since this is the first response seen, check any necessary flags here
if(bit.band(flags2, 0x0800) ~= 0x0800) then
if((flags2 & 0x0800) ~= 0x0800) then
smb['extended_security'] = false
end
@@ -1271,7 +1270,7 @@ local function start_session_basic(smb, log_errors, overrides)
-- Fill in the smb object and smb string
smb['uid'] = uid
smb['is_guest'] = bit.band(action, 1)
smb['is_guest'] = (action & 1)
smb['os'] = os
smb['lanmanager'] = lanmanager
@@ -1478,7 +1477,7 @@ local function start_session_extended(smb, log_errors, overrides)
if(andx_command == nil or security_blob_length == nil) then
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [18]"
end
smb['is_guest'] = bit.band(action, 1)
smb['is_guest'] = (action & 1)
-- Parse the data
pos, security_blob, os, lanmanager = bin.unpack(string.format("<A%dzz", security_blob_length), data)
@@ -1958,7 +1957,7 @@ function read_file(smb, offset, count, overrides)
end
response['remaining'] = remaining
response['data_length'] = bit.bor(data_length_low, bit.lshift(data_length_high, 16))
response['data_length'] = (data_length_low | (data_length_high << 16))
response['status'] = status
@@ -2521,7 +2520,7 @@ function file_upload(host, localfile, share, remotefile, overrides, encoded)
if(encoded) then
for j = 1, #data, 1 do
new_data[j] = string.char(bit.bxor(0xFF, string.byte(data, j)))
new_data[j] = string.char(0xFF ~ string.byte(data, j))
end
data = table.concat(new_data, "", 1, #data)
end
@@ -3484,10 +3483,10 @@ function get_uniqueish_name(host, extension, seed)
for i = 1, #str, 1 do
local chr = str:byte(i)
hash = bit.bxor(hash, chr)
hash = bit.bor(bit.lshift(hash, 3), bit.rshift(hash, 29))
hash = bit.bxor(hash, 3)
hash = bit.band(hash, 0xFFFFFFFF)
hash = hash ~ chr
hash = (hash << 3) | (hash >> 29)
hash = hash ~ 3
hash = hash & 0xFFFFFFFF
end
local response

27
nselib/srvloc.lua
View File

@@ -32,7 +32,6 @@
-- Created 24/04/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
local bin = require "bin"
local bit = require "bit"
local nmap = require "nmap"
local stdnse = require "stdnse"
local table = require "table"
@@ -66,12 +65,12 @@ Reply = {
local len_hi, len_lo
pos, self.version, self.func, len_hi, len_lo = bin.unpack(">CCCS", data)
self.len = bit.lshift(len_hi, 16) + len_lo
self.len = (len_hi << 16) + len_lo
pos, self.flags = bin.unpack(">S", data, pos)
local neo_hi, neo_lo
pos, neo_hi, neo_lo = bin.unpack(">CS", data, pos)
self.next_extension_offset = bit.lshift(neo_hi, 16) + neo_lo
self.next_extension_offset = (neo_hi << 16) + neo_lo
local lang_tag_len
pos, self.xid, lang_tag_len = bin.unpack(">SS", data, pos)
@@ -122,12 +121,12 @@ Reply = {
local len_hi, len_lo
pos, self.version, self.func, len_hi, len_lo = bin.unpack(">CCCS", data)
self.len = bit.lshift(len_hi, 16) + len_lo
self.len = (len_hi << 16) + len_lo
pos, self.flags = bin.unpack(">S", data, pos)
local neo_hi, neo_lo
pos, neo_hi, neo_lo = bin.unpack(">CS", data, pos)
self.next_extension_offset = bit.lshift(neo_hi, 16) + neo_lo
self.next_extension_offset = (neo_hi << 16) + neo_lo
local lang_tag_len
pos, self.xid, lang_tag_len = bin.unpack(">SS", data, pos)
@@ -213,11 +212,10 @@ Request = {
local len = BASE_LEN + #self.lang_tag + self.prev_resp_list_len +
self.slp_spi_len + #self.service_type + #self.url +
#self.tag_list + #self.scope
local len_hi = bit.band(bit.rshift(len, 16), 0x00FF)
local len_lo = bit.band(len, 0xFFFF)
local neo_hi = bit.band(bit.rshift(self.next_extension_offset, 16),
0x00FF)
local neo_lo = bit.band(self.next_extension_offset, 0xFFFF)
local len_hi = ((len >> 16) & 0x00FF)
local len_lo = (len & 0xFFFF)
local neo_hi = ((self.next_extension_offset >> 16) & 0x00FF)
local neo_lo = (self.next_extension_offset & 0xFFFF)
local data = bin.pack(">CCCSSCSSSASSASASAS", self.version, self.func,
len_hi, len_lo, self.flags, neo_hi, neo_lo, self.xid, #self.lang_tag, self.lang_tag,
@@ -277,11 +275,10 @@ Request = {
local len = BASE_LEN + #self.lang_tag + self.prev_resp_list_len +
self.predicate_len + self.slp_spi_len + #self.service_type +
#self.scope
local len_hi = bit.band(bit.rshift(len, 16), 0x00FF)
local len_lo = bit.band(len, 0xFFFF)
local neo_hi = bit.band(bit.rshift(self.next_extension_offset, 16),
0x00FF)
local neo_lo = bit.band(self.next_extension_offset, 0xFFFF)
local len_hi = ((len >> 16) & 0x00FF)
local len_lo = (len & 0xFFFF)
local neo_hi = ((self.next_extension_offset >> 16) & 0x00FF)
local neo_lo = (self.next_extension_offset & 0xFFFF)
local data = bin.pack(">CCCSSCSSSASSASASS", self.version, self.func,
len_hi, len_lo, self.flags, neo_hi, neo_lo, self.xid, #self.lang_tag, self.lang_tag,

15
nselib/tns.lua
View File

@@ -110,7 +110,6 @@
--
local bin = require "bin"
local bit = require "bit"
local bits = require "bits"
local math = require "math"
local match = require "match"
@@ -164,17 +163,17 @@ DataTypeDecoders = {
local bytes = {}
for i=1, #val do bytes[i] = select(2, bin.unpack("C", val, i)) end
local positive = ( bit.band(bytes[1], 0x80) ~= 0 )
local positive = ( (bytes[1] & 0x80) ~= 0 )
local function convert_bytes(bytes, positive)
local ret_bytes = {}
local len = #bytes
if ( positive ) then
ret_bytes[1] = bit.band(bytes[1], 0x7F) - 65
ret_bytes[1] = (bytes[1] & 0x7F) - 65
for i=2, len do ret_bytes[i] = bytes[i] - 1 end
else
ret_bytes[1] = bit.band(bit.bxor(bytes[1], 0xFF), 0x7F) - 65
ret_bytes[1] = ((bytes[1] ~ 0xFF) & 0x7F) - 65
for i=2, len do ret_bytes[i] = 101 - bytes[i] end
end
@@ -1445,7 +1444,7 @@ Crypt = {
combined_sesskey = ""
for i=17, 40 do
combined_sesskey = combined_sesskey .. string.char( bit.bxor( string.byte(server_sesskey, i), string.byte(client_sesskey,i) ) )
combined_sesskey = combined_sesskey .. string.char( string.byte(server_sesskey, i) ~ string.byte(client_sesskey,i) )
end
combined_sesskey = ( openssl.md5( combined_sesskey:sub(1,16) ) .. openssl.md5( combined_sesskey:sub(17) ) ):sub(1, 24)
@@ -1481,7 +1480,7 @@ Crypt = {
local pass
for i=17, 32 do
combined_sesskey = combined_sesskey .. string.char( bit.bxor( string.byte(srv_sesskey, i), string.byte(cli_sesskey, i) ) )
combined_sesskey = combined_sesskey .. string.char( string.byte(srv_sesskey, i) ~ string.byte(cli_sesskey, i) )
end
combined_sesskey = openssl.md5( combined_sesskey )
@@ -1515,7 +1514,7 @@ Crypt = {
local auth_pass
for i=17, 32 do
combined_sesskey = combined_sesskey .. string.char( bit.bxor( string.byte(srv_sesskey, i), string.byte(cli_sesskey, i) ) )
combined_sesskey = combined_sesskey .. string.char( string.byte(srv_sesskey, i) ~ string.byte(cli_sesskey, i) )
end
combined_sesskey = openssl.md5( combined_sesskey )
auth_pass = openssl.encrypt("AES-128-CBC", combined_sesskey, nil, rnd .. pass, true )
@@ -1546,7 +1545,7 @@ Crypt = {
local data = ""
for i=17, 40 do
combined_sesskey = combined_sesskey .. string.char( bit.bxor( string.byte(srv_sesskey, i), string.byte(cli_sesskey, i) ) )
combined_sesskey = combined_sesskey .. string.char( string.byte(srv_sesskey, i) ~ string.byte(cli_sesskey, i) )
end
combined_sesskey = ( openssl.md5( combined_sesskey:sub(1,16) ) .. openssl.md5( combined_sesskey:sub(17) ) ):sub(1, 24)