PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Remove some more bin.lua packings

Browse Source
This commit is contained in:
dmiller
2018-09-21 18:36:58 +00:00
parent 03dfeaf4e3
commit e9addd756f
3 changed files with 102 additions and 142 deletions
Download Patch File Download Diff File Expand all files Collapse all files

142
nselib/eigrp.lua
View File

@@ -5,10 +5,10 @@
-- Version 0.1
-- 19/07/2012 - First version.
local bin = require "bin"
local table = require "table"
local stdnse = require "stdnse"
local strbuf = require "strbuf"
local string = require "string"
local ipOps = require "ipOps"
local packet = require "packet"
_ENV = stdnse.module("eigrp", stdnse.seeall)
@@ -104,53 +104,53 @@ EIGRP = {
local tlv
local eigrp_packet = {}
local index = 1
index, eigrp_packet.ver = bin.unpack(">C", eigrp_raw, index)
index, eigrp_packet.opcode = bin.unpack(">C", eigrp_raw, index)
index, eigrp_packet.checksum = bin.unpack(">S", eigrp_raw, index)
index, eigrp_packet.flags = bin.unpack(">I", eigrp_raw, index)
index, eigrp_packet.seq = bin.unpack(">I", eigrp_raw, index)
index, eigrp_packet.ack = bin.unpack(">I", eigrp_raw, index)
index, eigrp_packet.routerid = bin.unpack(">S", eigrp_raw, index)
index, eigrp_packet.as = bin.unpack(">S", eigrp_raw, index)
eigrp_packet.ver,
eigrp_packet.opcode,
eigrp_packet.checksum,
eigrp_packet.flags,
eigrp_packet.seq,
eigrp_packet.ack,
eigrp_packet.routerid,
eigrp_packet.as, index = string.unpack(">BBI2I4I4I4I2I2", eigrp_raw, index)
eigrp_packet.tlvs = {}
while index < #eigrp_raw do
tlv = {}
index, tlv.type = bin.unpack(">S", eigrp_raw, index)
index, tlv.length = bin.unpack(">S", eigrp_raw, index)
tlv.type, tlv.length, index = string.unpack(">I2I2", eigrp_raw, index)
if tlv.length == 0x00 then
-- In case someone wants to DoS us :)
stdnse.debug1("eigrp.lua: stopped parsing due to null TLV length.")
break
end
-- TODO: These padding calculations seem suspect, especially the ones
-- that assume a static length for a variable-length field like TLV.SEQ
if tlv.type == TLV.PARAM then
-- Parameters
local k = {}
index, k[1], k[2], k[3], k[4], k[5], k[6] = bin.unpack(">CCCCCC", eigrp_raw, index)
index, tlv.htime = bin.unpack(">S", eigrp_raw, index)
k[1], k[2], k[3], k[4], k[5], k[6], tlv.htime, index = string.unpack(">BBBBBBI2", eigrp_raw, index)
tlv.k = k
index = index + tlv.length - 12
elseif tlv.type == TLV.AUTH then
index, tlv.authtype = bin.unpack(">S", eigrp_raw, index)
index, tlv.authlen = bin.unpack(">S", eigrp_raw, index)
index, tlv.keyid = bin.unpack(">I", eigrp_raw, index)
index, tlv.keyseq = bin.unpack(">I", eigrp_raw, index)
tlv.authtype,
tlv.authlen,
tlv.keyid,
tlv.keyseq, index = string.unpack(">I2I2I4I4", eigrp_raw, index)
-- Null pad == tlv.length - What was already parsed - authlen
index, tlv.digest = bin.unpack(">S", eigrp_raw, index + (tlv.length - tlv.authlen - index + 1))
tlv.digest, index = string.unpack(">I2", eigrp_raw, index + (tlv.length - tlv.authlen - index + 1))
elseif tlv.type == TLV.SEQ then
-- Sequence
index, tlv.addlen = bin.unpack(">S", eigrp_raw, index)
index, tlv.address = bin.unpack("A".. tlv.addlen, eigrp_raw, index)
tlv.address, index = string.unpack(">s2", eigrp_raw, index)
tlv.address = ipOps.str_to_ip(tlv.address)
index = index + tlv.length - 7
elseif tlv.type == TLV.SWVER then
-- Software version
index, tlv.majv = bin.unpack(">C", eigrp_raw, index)
index, tlv.minv = bin.unpack(">C", eigrp_raw, index)
index, tlv.majtlv = bin.unpack(">C", eigrp_raw, index)
index, tlv.mintlv = bin.unpack(">C", eigrp_raw, index)
tlv.majv,
tlv.minv,
tlv.majtlv,
tlv.mintlv, index = string.unpack(">BBBB", eigrp_raw, index)
index = index + tlv.length - 8
elseif tlv.type == TLV.MSEQ then
-- Next Multicast Sequence
index, tlv.mseq = bin.unpack(">I", eigrp_raw, index)
tlv.mseq, index = string.unpack(">I4", eigrp_raw, index)
index = index + tlv.length - 8
elseif tlv.type == TLV.STUB then
-- TODO
@@ -170,50 +170,44 @@ EIGRP = {
index = index + tlv.length - 4
elseif tlv.type == TLV.INT then
-- Internal Route
index, tlv.nexth = bin.unpack(">I", eigrp_raw, index)
tlv.nexth, index = string.unpack(">I4", eigrp_raw, index)
tlv.nexth = ipOps.fromdword(tlv.nexth)
index, tlv.mask = bin.unpack(">S", eigrp_raw, index + 15)
tlv.mask, index = string.unpack(">I2", eigrp_raw, index + 15)
-- Destination varies in length
-- e.g trailing 0's are omitted
-- if length = 29 => destination is 4 bytes
-- if length = 28 => destination is 3 bytes
-- if length = 27 => destination is 2 bytes
-- if length = 26 => destination is 1 byte
local dst = {}
index, dst[1], dst[2], dst[3], dst[4] = bin.unpack(">C" .. 4 + tlv.length - 29, eigrp_raw, index)
for i=2,4 do
if not dst[i] then
dst[i] = '0'
end
local dst = {0,0,0,0}
for i = 1, (4 + tlv.length - 29) do
dst[i], index = string.unpack("B", eigrp_raw, index)
end
tlv.dst = dst[1] .. '.' .. dst[2] .. '.' .. dst[3] .. '.' .. dst[4]
tlv.dst = table.concat(dst, '.')
elseif tlv.type == TLV.EXT then
-- External Route
index, tlv.nexth = bin.unpack(">I", eigrp_raw, index)
tlv.nexth = ipOps.fromdword(tlv.nexth)
index, tlv.orouterid = bin.unpack(">I", eigrp_raw, index)
tlv.orouterid = ipOps.fromdword(tlv.orouterid)
index, tlv.oas = bin.unpack(">I", eigrp_raw, index)
index, tlv.tag = bin.unpack(">I", eigrp_raw, index)
index, tlv.emetric = bin.unpack(">I", eigrp_raw, index)
tlv.nexth,
tlv.orouterid,
tlv.oas,
tlv.tag,
tlv.emetric,
-- Skip 2 reserved bytes
index, tlv.eproto = bin.unpack(">C", eigrp_raw, index + 2)
index, tlv.eflags = bin.unpack(">C", eigrp_raw, index)
index, tlv.lmetrics = bin.unpack(">L"..2, eigrp_raw, index)
index, tlv.mask = bin.unpack(">C", eigrp_raw, index)
tlv.eproto,
tlv.eflags,
tlv.lmetrics,
tlv.mask, index = string.unpack(">I4I4I4I4I4xxBBc16B", eigrp_raw, index)
tlv.nexth = ipOps.fromdword(tlv.nexth)
tlv.orouterid = ipOps.fromdword(tlv.orouterid)
-- Destination varies in length
-- if length = 49 => destination is 4 bytes
-- if length = 48 => destination is 3 bytes
-- if length = 47 => destination is 2 bytes
-- if length = 46 => destination is 1 byte
local dst = {}
index, dst[1], dst[2], dst[3], dst[4] = bin.unpack(">C" .. 4 + tlv.length - 49, eigrp_raw, index)
for i=2,4 do
if not dst[i] then
dst[i] = '0'
end
local dst = {0,0,0,0}
for i = 1, (4 + tlv.length - 49) do
dst[i], index = string.unpack("B", eigrp_raw, index)
end
tlv.dst = dst[1] .. '.' .. dst[2] .. '.' .. dst[3] .. '.' .. dst[4]
tlv.dst = table.concat(dst, '.')
elseif tlv.type == TLV.COM then
-- TODO
stdnse.debug1("eigrp.lua: TLV type %d skipped due to no parser.", tlv.type)
@@ -310,28 +304,23 @@ EIGRP = {
-- @return data string containing the complete request to send over the socket
__tostring = function(self)
local data = strbuf.new()
data = data .. bin.pack(">C", self.ver) -- Version 2
data = data .. bin.pack(">C", self.opcode) -- Opcode: Hello
data = data .. string.pack(">BBI2I4I4I4I2I2",
self.ver, -- Version 2
self.opcode, -- Opcode: Hello
self.checksum or 0, -- Calculated later.
self.flags, -- Flags
self.seq, -- Sequence 0
self.ack, -- Acknowledge 0
self.routerid, -- Virtual Router ID 0
self.as) -- Autonomous system
-- If checksum not manually.
-- set to 0, then calculate it later
if self.checksum then
data = data .. bin.pack(">S", self.checksum)
else
data = data .. bin.pack(">S", 0x0000) -- Calculated later.
end
data = data .. bin.pack(">I", self.flags) -- Flags
data = data .. bin.pack(">I", self.seq) -- Sequence 0
data = data .. bin.pack(">I", self.ack) -- Acknowledge 0
data = data .. bin.pack(">S", self.routerid) -- Virtual Router ID 0
data = data .. bin.pack(">S", self.as) -- Autonomous system
for _, tlv in pairs(self.tlvs) do
if tlv.type == TLV.PARAM then
data = data .. bin.pack(">S", TLV.PARAM)
data = data .. bin.pack(">S", 0x000c) -- Length: 12
data = data .. bin.pack(">CCCCCC", tlv.k[1],tlv.k[2],tlv.k[3],
tlv.k[4],tlv.k[5],tlv.k[6])
data = data .. bin.pack(">S", tlv.htime)
data = data .. string.pack(">I2I2 BBBBBB I2",
TLV.PARAM,
12, -- Length
tlv.k[1], tlv.k[2], tlv.k[3], tlv.k[4], tlv.k[5], tlv.k[6],
tlv.htime)
elseif tlv.type == TLV.AUTH then
-- TODO
stdnse.debug1("eigrp.lua: TLV type %d skipped due to no parser.", tlv.type)
@@ -339,10 +328,11 @@ EIGRP = {
-- TODO
stdnse.debug1("eigrp.lua: TLV type %d skipped due to no parser.", tlv.type)
elseif tlv.type == TLV.SWVER then
data = data .. bin.pack(">S", TLV.SWVER)
data = data .. bin.pack(">S", 0x0008)
data = data .. bin.pack(">CC", tonumber(tlv.majv), tonumber(tlv.minv))
data = data .. bin.pack(">CC", tonumber(tlv.majtlv), tonumber(tlv.mintlv))
data = data .. string.pack(">I2I2 BB BB",
TLV.SWVER,
0x0008,
tonumber(tlv.majv), tonumber(tlv.minv),
tonumber(tlv.majtlv), tonumber(tlv.mintlv))
elseif tlv.type == TLV.MSEQ then
-- TODO
stdnse.debug1("eigrp.lua: TLV type %d skipped due to no parser.", tlv.type)
@@ -383,7 +373,7 @@ EIGRP = {
data = strbuf.dump(data)
-- In the end, correct the checksum if not manually set
if not self.checksum then
data = data:sub(1,2) .. bin.pack(">S", packet.in_cksum(data)) .. data:sub(5)
data = data:sub(1,2) .. string.pack(">I2", packet.in_cksum(data)) .. data:sub(5)
end
return data
end,

42
nselib/mongodb.lua
View File

@@ -9,7 +9,6 @@
-- Created 01/13/2010 - v0.1 - created by Martin Holst Swende <martin@swende.se>
-- Revised 01/03/2012 - v0.2 - added authentication support <patrik@cqure.net>
local bin = require "bin"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
@@ -51,7 +50,6 @@ local err =stdnse.debug1
-- Created 01/13/2010 - v0.1 - created by Martin Holst Swende <martin@swende.se>
--module("bson", package.seeall)
--require("bin")
local function dbg_err(str,...)
stdnse.debug1("Bson-ERR:"..str, ...)
end
@@ -75,10 +73,10 @@ local function _element_to_bson(key, value)
return false, ("key %r must not contain '.'"):format(tostring(key))
end
local name =bin.pack("z",key) -- null-terminated string
local name = string.pack("z", key) -- null-terminated string
if type(value) == 'string' then
local cstring = bin.pack("z",value) -- null-terminated string
local length = bin.pack("<i", cstring:len())
local cstring = string.pack("z", value) -- null-terminated string
local length = string.pack("<i4", cstring:len())
local op = "\x02"
return true, op .. name .. length .. cstring
elseif type(value) =='table' then
@@ -86,9 +84,7 @@ local function _element_to_bson(key, value)
elseif type(value)== 'boolean' then
return true, "\x08" .. name .. (value and '\x01' or '\0')
elseif type(value) == 'number' then
--return "\x10" .. name .. bin.pack("<i", value)
-- Use 01 - double for - works better than 10
return true, '\x01' .. name .. bin.pack("<d", value)
return true, '\x01' .. name .. string.pack("<d", value)
end
local _ = ("cannot convert value of type %s to bson"):format(type(value))
@@ -131,7 +127,7 @@ function toBson(dict)
end
dbg("Packet length is %d",length)
--Final pack
return true, bin.pack("<I", length) .. elements .. "\0"
return true, string.pack("<I4z", length, elements)
end
-- Reads a null-terminated string. If length is supplied, it is just cut
@@ -162,10 +158,11 @@ end
-- @return error string if error occurred
local function parse(code,data)
if 1 == code then -- double
return bin.unpack("<d", data)
local v, pos = string.unpack("<d", data)
return pos, v
elseif 2 == code then -- string
-- data length = first four bytes
local _,len = bin.unpack("<i",data)
local len = string.unpack("<i4",data)
-- string data = data[5] -->
local value = get_c_string(data:sub(5), len)
-- Count position as header (=4) + length of string (=len)+ null char (=1)
@@ -174,7 +171,7 @@ local function parse(code,data)
local object, err
-- Need to know the length, to return later
local _,obj_size = bin.unpack("<i", data)
local obj_size = string.unpack("<i4", data)
-- Now, get the data object
dbg("Recursing into bson array")
object, data, err = fromBson(data)
@@ -186,7 +183,8 @@ local function parse(code,data)
elseif 8 == code then -- Boolean
return 2, data:byte(1) == 1
elseif 9 == code then -- int64, UTC datetime
return bin.unpack("<l", data)
local v, pos = string.unpack("<i8", data)
return pos, v
elseif 10 == code then -- nullvalue
return 0,nil
--11= _get_regex
@@ -195,10 +193,12 @@ local function parse(code,data)
--14= _get_string, # symbol
--15= _get_code_w_scope
elseif 16 == code then -- 4 byte integer
return bin.unpack("<i", data)
local v, pos = string.unpack("<i4", data)
return pos, v
--17= _get_timestamp
elseif 18 == code then -- long
return bin.unpack("<l", data)
local v, pos = string.unpack("<i8", data)
return pos, v
end
local err = ("Getter for %d not implemented"):format(code)
return 0, data, err
@@ -257,7 +257,7 @@ function isPacketComplete(data)
return false
end
local _,obj_size = bin.unpack("<i", data)
local obj_size = string.unpack("<i4", data)
dbg("BSon packet size is %s", obj_size)
@@ -376,12 +376,12 @@ MongoData ={
--Adds unsigned int32 to the message body
--@param value the value to add
function MongoData:addUnsignedInt32(value)
self.valueString = self.valueString..bin.pack("<I",value)
self.valueString = self.valueString..string.pack("<I4",value)
end
-- Adds a string to the message body
--@param value the string to add
function MongoData:addString(value)
self.valueString = self.valueString..bin.pack('z',value)
self.valueString = self.valueString..string.pack('z',value)
end
-- Add a table as a BSon object to the body
--@param dict the table to be converted to BSon
@@ -478,11 +478,11 @@ end
--@return int32 value
--@return data unread
local function parseInt32(data)
local pos,val = bin.unpack("<i",data)
local val, pos = string.unpack("<i4", data)
return val, data:sub(pos)
end
local function parseInt64(data)
local pos,val = bin.unpack("<l",data)
local val, pos = string.unpack("<i8", data)
return val, data:sub(pos)
end
-- Parses response header
@@ -529,7 +529,7 @@ function isPacketComplete(data)
return false
end
local _,obj_size = bin.unpack("<i", data)
local obj_size = string.unpack("<i4", data)
dbg("MongoDb Packet size is %s, (got %d)", obj_size,data:len())

60
nselib/srvloc.lua
View File

@@ -31,9 +31,9 @@
-- Version 0.1
-- Created 24/04/2011 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
local bin = require "bin"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("srvloc", stdnse.seeall)
@@ -62,28 +62,17 @@ Reply = {
-- @param data string containing the raw reply as read from the socket
parse = function(self, data)
local pos
local len_hi, len_lo
pos, self.version, self.func, len_hi, len_lo = bin.unpack(">CCCS", data)
self.len = (len_hi << 16) + len_lo
pos, self.flags = bin.unpack(">S", data, pos)
self.version, self.func, self.len, self.flags, pos = string.unpack(">BBI3I2", data)
local neo_hi, neo_lo
pos, neo_hi, neo_lo = bin.unpack(">CS", data, pos)
self.next_extension_offset = (neo_hi << 16) + neo_lo
local lang_tag_len
pos, self.xid, lang_tag_len = bin.unpack(">SS", data, pos)
pos, self.lang_tag = bin.unpack("A" .. lang_tag_len, data, pos)
self.next_extension_offset, self.xid, self.lang_tag, pos = string.unpack(">I3I2s2", data, pos)
local no_urls, reserved, url_len
pos, self.error_code, no_urls = bin.unpack(">SS", data, pos)
self.error_code, no_urls, pos = string.unpack(">I2I2", data, pos)
if ( no_urls > 0 ) then
pos, reserved, self.url_lifetime, url_len = bin.unpack(">CSS", data, pos)
local num_auths
pos, self.url, num_auths = bin.unpack("A" .. url_len .. "C", data, pos)
self.url_lifetime, self.url, num_auths, pos = string.unpack(">xI2s2C", data, pos)
end
end,
@@ -118,27 +107,12 @@ Reply = {
-- @param data string containing the raw reply as read from the socket
parse = function(self, data)
local pos
local len_hi, len_lo
pos, self.version, self.func, len_hi, len_lo = bin.unpack(">CCCS", data)
self.len = (len_hi << 16) + len_lo
pos, self.flags = bin.unpack(">S", data, pos)
local neo_hi, neo_lo
pos, neo_hi, neo_lo = bin.unpack(">CS", data, pos)
self.next_extension_offset = (neo_hi << 16) + neo_lo
local lang_tag_len
pos, self.xid, lang_tag_len = bin.unpack(">SS", data, pos)
pos, self.lang_tag = bin.unpack("A" .. lang_tag_len, data, pos)
local attrib_list_len
pos, self.error_code, attrib_list_len = bin.unpack(">SS", data, pos)
pos, self.attrib_list = bin.unpack("A"..attrib_list_len, data, pos)
self.version, self.func, self.len, pos = string.unpack(">BBI3", data)
self.next_extension_offset, self.xid, self.lang_tag, pos = string.unpack(">I3I2s2", data, pos)
local num_auths
pos, num_auths = bin.unpack("C", data, pos)
self.error_code, self.attrib_list, num_auths, pos = string.unpack(">I2s2B", data, pos)
end,
--- Attempts to create an instance by reading data off the socket
@@ -212,15 +186,11 @@ Request = {
local len = BASE_LEN + #self.lang_tag + self.prev_resp_list_len +
self.slp_spi_len + #self.service_type + #self.url +
#self.tag_list + #self.scope
local len_hi = ((len >> 16) & 0x00FF)
local len_lo = (len & 0xFFFF)
local neo_hi = ((self.next_extension_offset >> 16) & 0x00FF)
local neo_lo = (self.next_extension_offset & 0xFFFF)
local data = bin.pack(">CCCSSCSSSASSASASAS", self.version, self.func,
len_hi, len_lo, self.flags, neo_hi, neo_lo, self.xid, #self.lang_tag, self.lang_tag,
self.prev_resp_list_len, #self.url, self.url, #self.scope, self.scope,
#self.tag_list, self.tag_list, self.slp_spi_len)
local data = string.pack(">BBI3I2I3I2s2I2s2s2s2I2", self.version, self.func,
len, self.flags, self.next_extension_offset, self.xid, self.lang_tag,
self.prev_resp_list_len, self.url, self.scope,
self.tag_list, self.slp_spi_len)
return data
end
@@ -280,9 +250,9 @@ Request = {
local neo_hi = ((self.next_extension_offset >> 16) & 0x00FF)
local neo_lo = (self.next_extension_offset & 0xFFFF)
local data = bin.pack(">CCCSSCSSSASSASASS", self.version, self.func,
len_hi, len_lo, self.flags, neo_hi, neo_lo, self.xid, #self.lang_tag, self.lang_tag,
self.prev_resp_list_len, #self.service_type, self.service_type, #self.scope,
local data = string.pack(">BBI3I2I3I2s2I2s2s2I2I2", self.version, self.func,
len, self.flags, self.next_extension_offset, self.xid, self.lang_tag,
self.prev_resp_list_len, self.service_type,
self.scope, self.predicate_len, self.slp_spi_len)
return data