PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

Replace chained concatenation reassignment with simple concatenation

Browse Source 
Example:

x = y
x = x .. z

Fixed:

x = y
.. z

This simple fix would save 1 string creation/deletion. Most changes
involve many more than this.
This commit is contained in:
dmiller
2015-03-02 13:47:42 +00:00
parent 3025022f98
commit ea58c6bebb
12 changed files with 235 additions and 260 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nselib/afp.lua
View File

@@ -1065,7 +1065,7 @@ Proto = {
local response,records = {}, {}
local data = bin.pack( "CC>S>I>S>S", COMMAND.FPEnumerateExt2, pad, volume_id, did, file_bitmap, dir_bitmap )
data = data .. bin.pack( ">S>I>ICCA", req_count, start_index, reply_size, path.type, path.len, path.name )
.. bin.pack( ">S>I>ICCA", req_count, start_index, reply_size, path.type, path.len, path.name )
packet = self:create_fp_packet( REQUEST.Command, data_offset, data )
self:send_fp_packet( packet )

298
nselib/msrpc.lua
View File

@@ -259,9 +259,7 @@ function bind(smbstate, interface_uuid, interface_version, transfer_syntax)
0x00, -- Padding/alignment
0x00, -- Padding/alignment
0x00 -- Padding/alignment
)
data = data .. bin.pack("<SCCASSAI",
) .. bin.pack("<SCCASSAI",
0x0000, -- Context ID
0x01, -- Number of transaction items. */
0x00, -- Padding/alignment
@@ -606,17 +604,17 @@ function srvsvc_netshareenumall(smbstate, server)
arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
-- [in,out] uint32 level
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in,out,switch_is(level)] srvsvc_NetShareCtr ctr
arguments = arguments .. msrpctypes.marshall_srvsvc_NetShareCtr(0, {array=nil})
.. msrpctypes.marshall_srvsvc_NetShareCtr(0, {array=nil})
-- [in] uint32 max_buffer,
arguments = arguments .. msrpctypes.marshall_int32(4096)
.. msrpctypes.marshall_int32(4096)
-- [out] uint32 totalentries
-- [in,out] uint32 *resume_handle*
arguments = arguments .. msrpctypes.marshall_int32_ptr(0)
.. msrpctypes.marshall_int32_ptr(0)
-- Do the call
@@ -676,10 +674,10 @@ function srvsvc_netsharegetinfo(smbstate, server, share, level)
arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
-- [in] [string,charset(UTF16)] uint16 share_name[],
arguments = arguments .. msrpctypes.marshall_unicode(share, true)
.. msrpctypes.marshall_unicode(share, true)
-- [in] uint32 level,
arguments = arguments .. msrpctypes.marshall_int32(level)
.. msrpctypes.marshall_int32(level)
-- [out,switch_is(level)] srvsvc_NetShareInfo info
@@ -737,23 +735,23 @@ function srvsvc_netsessenum(smbstate, server)
arguments = msrpctypes.marshall_unicode_ptr(server, true)
-- [in] [string,charset(UTF16)] uint16 *client,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
.. msrpctypes.marshall_unicode_ptr(nil)
-- [in] [string,charset(UTF16)] uint16 *user,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
.. msrpctypes.marshall_unicode_ptr(nil)
-- [in,out] uint32 level,
arguments = arguments .. msrpctypes.marshall_int32(10) -- 10 seems to be the only useful one allowed anonymously
.. msrpctypes.marshall_int32(10) -- 10 seems to be the only useful one allowed anonymously
-- [in,out,switch_is(level)] srvsvc_NetSessCtr ctr,
arguments = arguments .. msrpctypes.marshall_srvsvc_NetSessCtr(10, {array=nil})
.. msrpctypes.marshall_srvsvc_NetSessCtr(10, {array=nil})
-- [in] uint32 max_buffer,
arguments = arguments .. msrpctypes.marshall_int32(0xFFFFFFFF)
.. msrpctypes.marshall_int32(0xFFFFFFFF)
-- [out] uint32 totalentries,
-- [in,out] uint32 *resume_handle
arguments = arguments .. msrpctypes.marshall_int32_ptr(0)
.. msrpctypes.marshall_int32_ptr(0)
-- Do the call
@@ -844,13 +842,13 @@ function srvsvc_netservergetstatistics(smbstate, server)
arguments = msrpctypes.marshall_unicode_ptr(server, true)
-- [in] [string,charset(UTF16)] uint16 *service,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(service, true)
.. msrpctypes.marshall_unicode_ptr(service, true)
-- [in] uint32 level,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] uint32 options,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [out] srvsvc_Statistics stat
@@ -915,16 +913,16 @@ function srvsvc_netpathcompare(smbstate, server, path1, path2, pathtype, pathfla
arguments = msrpctypes.marshall_unicode_ptr(server, true)
-- [in] [string,charset(UTF16)] uint16 path1[],
arguments = arguments .. msrpctypes.marshall_unicode(path1, true)
.. msrpctypes.marshall_unicode(path1, true)
-- [in] [string,charset(UTF16)] uint16 path2[],
arguments = arguments .. msrpctypes.marshall_unicode(path2, true)
.. msrpctypes.marshall_unicode(path2, true)
-- [in] uint32 pathtype,
arguments = arguments .. msrpctypes.marshall_int32(pathtype)
.. msrpctypes.marshall_int32(pathtype)
-- [in] uint32 pathflags
arguments = arguments .. msrpctypes.marshall_int32(pathflags)
.. msrpctypes.marshall_int32(pathflags)
-- Do the call
status, result = call_function(smbstate, 0x20, arguments)
@@ -977,18 +975,18 @@ function srvsvc_netpathcanonicalize(smbstate, server, path)
-- [in] [string,charset(UTF16)] uint16 *server_unc,
arguments = msrpctypes.marshall_unicode_ptr(server, true)
-- [in] [string,charset(UTF16)] uint16 path[],
arguments = arguments .. msrpctypes.marshall_unicode(path, true)
.. msrpctypes.marshall_unicode(path, true)
-- [out] [size_is(maxbuf)] uint8 can_path[],
-- [in] uint32 maxbuf,
arguments = arguments .. msrpctypes.marshall_int32(2)
.. msrpctypes.marshall_int32(2)
-- [in] [string,charset(UTF16)] uint16 prefix[],
arguments = arguments .. msrpctypes.marshall_unicode("\\", true)
.. msrpctypes.marshall_unicode("\\", true)
-- [in,out] uint32 pathtype,
arguments = arguments .. msrpctypes.marshall_int32(1)
.. msrpctypes.marshall_int32(1)
-- [in] uint32 pathflags
arguments = arguments .. msrpctypes.marshall_int32(1)
.. msrpctypes.marshall_int32(1)
-- Do the call
@@ -1042,30 +1040,28 @@ function spoolss_open_printer(smbstate,printer)
local user = msrpctypes.marshall_unicode_ptr("",true)
local arguments = msrpctypes.marshall_unicode_ptr(printer,true)
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
--devmod container
arguments = arguments .. msrpctypes.marshall_int32(0)
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
--access we require
arguments = arguments .. msrpctypes.marshall_int32(0x02020000)
.. msrpctypes.marshall_int32(0x02020000)
-- spool client container
arguments = arguments .. msrpctypes.marshall_int32(1)
arguments = arguments .. msrpctypes.marshall_int32(1)
arguments = arguments .. msrpctypes.marshall_int32(12345135)
.. msrpctypes.marshall_int32(1)
.. msrpctypes.marshall_int32(1)
.. msrpctypes.marshall_int32(12345135)
local arguments2 = string.sub(machine,1,4)
arguments2 = arguments2 .. string.sub(user,1,4)
arguments2 = arguments2 .. msrpctypes.marshall_int32(7600)
arguments2 = arguments2 .. msrpctypes.marshall_int32(3)
arguments2 = arguments2 .. msrpctypes.marshall_int32(0)
arguments2 = arguments2 .. msrpctypes.marshall_int32(9)
arguments2 = arguments2 .. string.sub(machine,5,#machine)
arguments2 = arguments2 .. string.sub(user,5,#user)
.. string.sub(user,1,4)
.. msrpctypes.marshall_int32(7600)
.. msrpctypes.marshall_int32(3)
.. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(9)
.. string.sub(machine,5,#machine)
.. string.sub(user,5,#user)
arguments2 = msrpctypes.marshall_int32(#arguments2+4) .. arguments2
arguments = arguments .. arguments2
local status, result = call_function(smbstate, 69, arguments)
local status, result = call_function(smbstate, 69, arguments .. arguments2)
if not status then
stdnse.debug1("MSRPC spoolss_open_printer(): %s ",result)
end
@@ -1081,25 +1077,22 @@ end
--@param filename Name of the file to print to
--@return (status, result) If status is false, result is an error message. Otherwise, result is a print job id.
function spoolss_start_doc_printer(smbstate,printer_handle,filename)
local arguments = printer_handle
local document_name = msrpctypes.marshall_unicode_ptr("nmap_test",true)
local fname = msrpctypes.marshall_unicode_ptr(filename,true)
local dtype = msrpctypes.marshall_int32(0)
local arguments = printer_handle .. msrpctypes.marshall_int32(1)
local document_container = msrpctypes.marshall_int32(1)
.. msrpctypes.marshall_int32(12332131)
.. string.sub(document_name,1,4)
.. string.sub(fname,1,4)
.. string.sub(dtype,1,4)
.. string.sub(document_name,5,#document_name)
.. string.sub(fname,5,#fname)
.. string.sub(dtype,5,#dtype)
arguments = arguments .. msrpctypes.marshall_int32(1)
document_container = document_container .. msrpctypes.marshall_int32(12332131)
document_container = document_container .. string.sub(document_name,1,4)
document_container = document_container .. string.sub(fname,1,4)
document_container = document_container .. string.sub(dtype,1,4)
document_container = document_container .. string.sub(document_name,5,#document_name)
document_container = document_container .. string.sub(fname,5,#fname)
document_container = document_container .. string.sub(dtype,5,#dtype)
arguments = arguments .. document_container
local status, result = call_function(smbstate, 17, arguments)
local status, result = call_function(smbstate, 17, arguments .. document_container)
if not status then
stdnse.debug1("MSRPC spoolss_start_doc_printer(): %s",result)
end
@@ -1114,17 +1107,16 @@ end
--@param data Actual data to write to a file
--@return (status, result) If status is false, result is an error message. Otherwise, result is number of bytes written.
function spoolss_write_printer(smbstate,printer_handle,data)
stdnse.debug1("len %d", #data)
local padding_len = 4 - math.fmod(#data,4)
local data_padding = nil
if not (padding_len == 4) then
data_padding = string.rep(bin.pack("H","00"),padding_len)
end
local arguments = printer_handle .. msrpctypes.marshall_int32(#data)
--arguments = arguments .. msrpctypes.marshall_int32(#data)
arguments = arguments .. data
if data_padding then arguments = arguments .. data_padding end
arguments = arguments .. msrpctypes.marshall_int32(#data)
--.. msrpctypes.marshall_int32(#data)
.. data
.. (data_padding or "")
.. msrpctypes.marshall_int32(#data)
local status,result = call_function(smbstate, 19, arguments)
if not status then
stdnse.debug1("MSRPC spoolss_write_printer(): %s",result)
@@ -1213,7 +1205,7 @@ function epmapper_lookup(smbstate,handle)
-- [out] error_status_t *status
-- );
local params = msrpctypes.marshall_int32(0) .. msrpctypes.marshall_int32(0) .. msrpctypes.marshall_int32(0) .. msrpctypes.marshall_int32(0)
params = params .. handle .. msrpctypes.marshall_int32(1)
.. handle .. msrpctypes.marshall_int32(1)
local status,result = call_function(smbstate,2,params)
if not status then
@@ -1352,10 +1344,10 @@ function samr_connect4(smbstate, server)
arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. server, true)
-- [in] uint32 unknown,
arguments = arguments .. msrpctypes.marshall_int32(0x02)
.. msrpctypes.marshall_int32(0x02)
-- [in] samr_ConnectAccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_samr_ConnectAccessMask("SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN")
.. msrpctypes.marshall_samr_ConnectAccessMask("SAMR_ACCESS_ENUM_DOMAINS|SAMR_ACCESS_OPEN_DOMAIN")
-- [out,ref] policy_handle *connect_handle
@@ -1406,10 +1398,10 @@ function samr_enumdomains(smbstate, connect_handle)
arguments = msrpctypes.marshall_policy_handle(connect_handle)
-- [in,out,ref] uint32 *resume_handle,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] uint32 buf_size,
arguments = arguments .. msrpctypes.marshall_int32(0x2000)
.. msrpctypes.marshall_int32(0x2000)
-- [out] samr_SamArray *sam,
-- [out] uint32 num_entries
@@ -1469,7 +1461,7 @@ function samr_lookupdomain(smbstate, connect_handle, domain)
arguments = msrpctypes.marshall_policy_handle(connect_handle)
-- [in,ref] lsa_String *domain_name,
arguments = arguments .. msrpctypes.marshall_lsa_String(domain)
.. msrpctypes.marshall_lsa_String(domain)
-- [out] dom_sid2 *sid
@@ -1522,10 +1514,10 @@ function samr_opendomain(smbstate, connect_handle, sid)
arguments = msrpctypes.marshall_policy_handle(connect_handle)
-- [in] samr_DomainAccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_samr_DomainAccessMask("DOMAIN_ACCESS_LOOKUP_INFO_1|DOMAIN_ACCESS_LOOKUP_INFO_2|DOMAIN_ACCESS_ENUM_ACCOUNTS|DOMAIN_ACCESS_OPEN_ACCOUNT")
.. msrpctypes.marshall_samr_DomainAccessMask("DOMAIN_ACCESS_LOOKUP_INFO_1|DOMAIN_ACCESS_LOOKUP_INFO_2|DOMAIN_ACCESS_ENUM_ACCOUNTS|DOMAIN_ACCESS_OPEN_ACCOUNT")
-- [in,ref] dom_sid2 *sid,
arguments = arguments .. msrpctypes.marshall_dom_sid2(sid)
.. msrpctypes.marshall_dom_sid2(sid)
-- [out,ref] policy_handle *domain_handle
@@ -1578,13 +1570,13 @@ function samr_enumdomainusers(smbstate, domain_handle)
arguments = msrpctypes.marshall_policy_handle(domain_handle)
-- [in,out,ref] uint32 *resume_handle,
arguments = arguments .. msrpctypes.marshall_int32_ptr(nil)
.. msrpctypes.marshall_int32_ptr(nil)
-- [in] samr_AcctFlags acct_flags,
arguments = arguments .. msrpctypes.marshall_samr_AcctFlags("ACB_NONE")
.. msrpctypes.marshall_samr_AcctFlags("ACB_NONE")
-- [in] uint32 max_size,
arguments = arguments .. msrpctypes.marshall_int32(0x0400)
.. msrpctypes.marshall_int32(0x0400)
-- [out] samr_SamArray *sam,
-- [out] uint32 num_entries
@@ -1659,16 +1651,16 @@ function samr_querydisplayinfo(smbstate, domain_handle, index, count)
arguments = msrpctypes.marshall_policy_handle(domain_handle)
-- [in] uint16 level,
arguments = arguments .. msrpctypes.marshall_int16(1) -- Level (1 = users, 3 = groups, 4 = usernames only)
.. msrpctypes.marshall_int16(1) -- Level (1 = users, 3 = groups, 4 = usernames only)
-- [in] uint32 start_idx,
arguments = arguments .. msrpctypes.marshall_int32(index)
.. msrpctypes.marshall_int32(index)
-- [in] uint32 max_entries,
arguments = arguments .. msrpctypes.marshall_int32(count)
.. msrpctypes.marshall_int32(count)
-- [in] uint32 buf_size,
arguments = arguments .. msrpctypes.marshall_int32(0x7FFFFFFF)
.. msrpctypes.marshall_int32(0x7FFFFFFF)
-- [out] uint32 total_size,
-- [out] uint32 returned_size,
@@ -1749,7 +1741,7 @@ function samr_querydomaininfo2(smbstate, domain_handle, level)
arguments = msrpctypes.marshall_policy_handle(domain_handle)
-- [in] uint16 level,
arguments = arguments .. msrpctypes.marshall_int32(level)
.. msrpctypes.marshall_int32(level)
-- [out,switch_is(level)] samr_DomainInfo *info
@@ -1798,14 +1790,14 @@ function samr_enumdomainaliases(smbstate, domain_handle)
arguments = ''
-- [in] policy_handle *domain_handle,
arguments = arguments .. msrpctypes.marshall_policy_handle(domain_handle)
.. msrpctypes.marshall_policy_handle(domain_handle)
-- [in,out,ref] uint32 *resume_handle,
arguments = arguments .. msrpctypes.marshall_int32_ptr(nil)
.. msrpctypes.marshall_int32_ptr(nil)
-- [out,ref] samr_SamArray **sam,
-- [in] uint32 max_size, (note: Wireshark says this is flags. Either way..)
arguments = arguments .. msrpctypes.marshall_int32(0x400)
.. msrpctypes.marshall_int32(0x400)
-- [out,ref] uint32 *num_entries
@@ -1856,13 +1848,13 @@ function samr_lookupnames(smbstate, domain_handle, names)
arguments = ''
-- [in,ref] policy_handle *domain_handle,
arguments = arguments .. msrpctypes.marshall_policy_handle(domain_handle)
.. msrpctypes.marshall_policy_handle(domain_handle)
-- [in,range(0,1000)] uint32 num_names,
arguments = arguments .. msrpctypes.marshall_int32(#names)
.. msrpctypes.marshall_int32(#names)
-- [in,size_is(1000),length_is(num_names)] lsa_String names[],
arguments = arguments .. msrpctypes.marshall_lsa_String_array2(names)
.. msrpctypes.marshall_lsa_String_array2(names)
-- [out,ref] samr_Ids *rids,
-- [out,ref] samr_Ids *types
@@ -1917,13 +1909,13 @@ function samr_openalias(smbstate, domain_handle, rid)
arguments = ''
-- [in,ref] policy_handle *domain_handle,
arguments = arguments .. msrpctypes.marshall_policy_handle(domain_handle)
.. msrpctypes.marshall_policy_handle(domain_handle)
-- [in] samr_AliasAccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_int32(0x0002000c) -- Full read permission
.. msrpctypes.marshall_int32(0x0002000c) -- Full read permission
-- [in] uint32 rid,
arguments = arguments .. msrpctypes.marshall_int32(rid)
.. msrpctypes.marshall_int32(rid)
-- [out,ref] policy_handle *alias_handle
@@ -1964,11 +1956,7 @@ end
--@return (status, result) If status is false, result is an error message. Otherwise, result is a table of values.
function samr_getaliasmembership(smbstate, alias_handle,args)
local status, result
local arguments
arguments = ''
arguments = arguments .. alias_handle .. args
local arguments = alias_handle .. args
-- Do the call
status, result = call_function(smbstate, 0x10, arguments)
if(status ~= true) then
@@ -1993,7 +1981,7 @@ function samr_getmembersinalias(smbstate, alias_handle)
arguments = ''
-- [in,ref] policy_handle *alias_handle,
arguments = arguments .. msrpctypes.marshall_policy_handle(alias_handle)
.. msrpctypes.marshall_policy_handle(alias_handle)
-- [out,ref] lsa_SidArray *sids
@@ -2143,10 +2131,10 @@ function lsa_openpolicy2(smbstate, server)
arguments = msrpctypes.marshall_unicode_ptr(server, true)
-- [in] lsa_ObjectAttribute *attr,
arguments = arguments .. msrpctypes.marshall_lsa_ObjectAttribute()
.. msrpctypes.marshall_lsa_ObjectAttribute()
-- [in] uint32 access_mask,
arguments = arguments .. msrpctypes.marshall_int32(0x00000800)
.. msrpctypes.marshall_int32(0x00000800)
-- [out] policy_handle *handle
@@ -2202,26 +2190,26 @@ function lsa_lookupnames2(smbstate, policy_handle, names)
arguments = msrpctypes.marshall_policy_handle(policy_handle)
-- [in,range(0,1000)] uint32 num_names,
arguments = arguments .. msrpctypes.marshall_int32(#names)
.. msrpctypes.marshall_int32(#names)
-- [in,size_is(num_names)] lsa_String names[],
arguments = arguments .. msrpctypes.marshall_lsa_String_array(names)
.. msrpctypes.marshall_lsa_String_array(names)
-- [out,unique] lsa_RefDomainList *domains,
-- [in,out] lsa_TransSidArray2 *sids,
arguments = arguments .. msrpctypes.marshall_lsa_TransSidArray2({nil})
.. msrpctypes.marshall_lsa_TransSidArray2({nil})
-- [in] lsa_LookupNamesLevel level,
arguments = arguments .. msrpctypes.marshall_lsa_LookupNamesLevel("LOOKUP_NAMES_ALL")
.. msrpctypes.marshall_lsa_LookupNamesLevel("LOOKUP_NAMES_ALL")
-- [in,out] uint32 *count,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] uint32 unknown1,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] uint32 unknown2
arguments = arguments .. msrpctypes.marshall_int32(2)
.. msrpctypes.marshall_int32(2)
@@ -2293,23 +2281,23 @@ function lsa_lookupsids2(smbstate, policy_handle, sids)
arguments = msrpctypes.marshall_policy_handle(policy_handle)
-- [in] lsa_SidArray *sids,
arguments = arguments .. msrpctypes.marshall_lsa_SidArray(sids)
.. msrpctypes.marshall_lsa_SidArray(sids)
-- [out,unique] lsa_RefDomainList *domains,
-- [in,out] lsa_TransNameArray2 *names,
arguments = arguments .. msrpctypes.marshall_lsa_TransNameArray2(nil)
.. msrpctypes.marshall_lsa_TransNameArray2(nil)
-- [in] uint16 level,
arguments = arguments .. msrpctypes.marshall_int16(1)
.. msrpctypes.marshall_int16(1)
-- [in,out] uint32 *count,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] uint32 unknown1,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] uint32 unknown2
arguments = arguments .. msrpctypes.marshall_int32(2)
.. msrpctypes.marshall_int32(2)
-- Do the call
@@ -2421,7 +2409,7 @@ function winreg_openhku(smbstate)
arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
-- [in] winreg_AccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
.. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
-- [out,ref] policy_handle *handle
@@ -2471,7 +2459,7 @@ function winreg_openhklm(smbstate)
arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
-- [in] winreg_AccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
.. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
-- [out,ref] policy_handle *handle
@@ -2520,7 +2508,7 @@ function winreg_openhkpd(smbstate)
arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
-- [in] winreg_AccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
.. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
-- [out,ref] policy_handle *handle
@@ -2569,7 +2557,7 @@ function winreg_openhkcu(smbstate)
arguments = msrpctypes.marshall_int16_ptr(0x1337, true)
-- [in] winreg_AccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
.. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
-- [out,ref] policy_handle *handle
@@ -2627,18 +2615,18 @@ function winreg_enumkey(smbstate, handle, index, name)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] uint32 enum_index,
arguments = arguments .. msrpctypes.marshall_int32(index)
.. msrpctypes.marshall_int32(index)
-- [in,out,ref] winreg_StringBuf *name,
-- NOTE: if the 'name' parameter here is set to 'nil', the service on a fully patched Windows 2000 system
-- may crash.
arguments = arguments .. msrpctypes.marshall_winreg_StringBuf({name=""}, 520)
.. msrpctypes.marshall_winreg_StringBuf({name=""}, 520)
-- [in,out,unique] winreg_StringBuf *keyclass,
arguments = arguments .. msrpctypes.marshall_winreg_StringBuf_ptr({name=nil})
.. msrpctypes.marshall_winreg_StringBuf_ptr({name=nil})
-- [in,out,unique] NTTIME *last_changed_time
arguments = arguments .. msrpctypes.marshall_NTTIME_ptr(0)
.. msrpctypes.marshall_NTTIME_ptr(0)
-- Do the call
status, result = call_function(smbstate, 0x09, arguments)
@@ -2697,13 +2685,13 @@ function winreg_openkey(smbstate, handle, keyname)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] winreg_String keyname,
arguments = arguments .. msrpctypes.marshall_winreg_String({name=keyname})
.. msrpctypes.marshall_winreg_String({name=keyname})
-- [in] uint32 unknown,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] winreg_AccessMask access_mask,
arguments = arguments .. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
.. msrpctypes.marshall_winreg_AccessMask('MAXIMUM_ALLOWED_ACCESS')
-- [out,ref] policy_handle *handle
@@ -2757,7 +2745,7 @@ function winreg_queryinfokey(smbstate, handle)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in,out,ref] winreg_String *classname,
arguments = arguments .. msrpctypes.marshall_winreg_String({name=""}, 2048)
.. msrpctypes.marshall_winreg_String({name=""}, 2048)
-- [out,ref] uint32 *num_subkeys,
-- [out,ref] uint32 *max_subkeylen,
@@ -2843,19 +2831,19 @@ function winreg_queryvalue(smbstate, handle, value)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] winreg_String value_name,
arguments = arguments .. msrpctypes.marshall_winreg_String({name=value})
.. msrpctypes.marshall_winreg_String({name=value})
-- [in,out] winreg_Type *type,
arguments = arguments .. msrpctypes.marshall_winreg_Type_ptr("REG_NONE")
.. msrpctypes.marshall_winreg_Type_ptr("REG_NONE")
-- [in,out,size_is(*size),length_is(*length)] uint8 *data,
arguments = arguments .. msrpctypes.marshall_int8_array_ptr("", 1000000)
.. msrpctypes.marshall_int8_array_ptr("", 1000000)
-- [in,out] uint32 *size,
arguments = arguments .. msrpctypes.marshall_int32_ptr(1000000)
.. msrpctypes.marshall_int32_ptr(1000000)
-- [in,out] uint32 *length
arguments = arguments .. msrpctypes.marshall_int32_ptr(0)
.. msrpctypes.marshall_int32_ptr(0)
-- Do the call
status, result = call_function(smbstate, 0x11, arguments)
@@ -2981,11 +2969,11 @@ function svcctl_openscmanagera(smbstate, machinename)
arguments = msrpctypes.marshall_ascii_ptr("\\\\" .. machinename)
-- [in] [string,charset(UTF16)] uint16 *DatabaseName,
arguments = arguments .. msrpctypes.marshall_ascii_ptr(nil)
.. msrpctypes.marshall_ascii_ptr(nil)
-- [in] uint32 access_mask,
-- arguments = arguments .. msrpctypes.marshall_int32(0x000f003f)
arguments = arguments .. msrpctypes.marshall_int32(0x00000002)
-- .. msrpctypes.marshall_int32(0x000f003f)
.. msrpctypes.marshall_int32(0x00000002)
-- [out,ref] policy_handle *handle
@@ -3042,11 +3030,11 @@ function svcctl_openscmanagerw(smbstate, machinename)
arguments = msrpctypes.marshall_unicode_ptr("\\\\" .. machinename, true)
-- [in] [string,charset(UTF16)] uint16 *DatabaseName,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil, true)
.. msrpctypes.marshall_unicode_ptr(nil, true)
-- [in] uint32 access_mask,
-- arguments = arguments .. msrpctypes.marshall_int32(0x000f003f)
arguments = arguments .. msrpctypes.marshall_int32(0x02000000)
-- .. msrpctypes.marshall_int32(0x000f003f)
.. msrpctypes.marshall_int32(0x02000000)
-- [out,ref] policy_handle *handle
@@ -3143,46 +3131,46 @@ function svcctl_createservicew(smbstate, handle, service_name, display_name, pat
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] [string,charset(UTF16)] uint16 ServiceName[],
arguments = arguments .. msrpctypes.marshall_unicode(service_name, true)
.. msrpctypes.marshall_unicode(service_name, true)
-- [in] [string,charset(UTF16)] uint16 *DisplayName,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(display_name, true)
.. msrpctypes.marshall_unicode_ptr(display_name, true)
-- [in] uint32 desired_access,
arguments = arguments .. msrpctypes.marshall_int32(0x000f01ff) -- Access: Max
.. msrpctypes.marshall_int32(0x000f01ff) -- Access: Max
-- [in] uint32 type,
arguments = arguments .. msrpctypes.marshall_int32(0x00000010) -- Type: own process
.. msrpctypes.marshall_int32(0x00000010) -- Type: own process
-- [in] uint32 start_type,
arguments = arguments .. msrpctypes.marshall_int32(0x00000003) -- Start: Demand
.. msrpctypes.marshall_int32(0x00000003) -- Start: Demand
-- [in] uint32 error_control,
arguments = arguments .. msrpctypes.marshall_int32(0x00000000) -- Error: Ignore
.. msrpctypes.marshall_int32(0x00000000) -- Error: Ignore
-- [in] [string,charset(UTF16)] uint16 binary_path[],
arguments = arguments .. msrpctypes.marshall_unicode(path, true)
.. msrpctypes.marshall_unicode(path, true)
-- [in] [string,charset(UTF16)] uint16 *LoadOrderGroupKey,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
.. msrpctypes.marshall_unicode_ptr(nil)
-- [in,out] uint32 *TagId,
arguments = arguments .. msrpctypes.marshall_int32_ptr(nil)
.. msrpctypes.marshall_int32_ptr(nil)
-- [in,size_is(dependencies_size)] uint8 *dependencies,
arguments = arguments .. msrpctypes.marshall_int8_ptr(nil)
.. msrpctypes.marshall_int8_ptr(nil)
-- [in] uint32 dependencies_size,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [in] [string,charset(UTF16)] uint16 *service_start_name,
arguments = arguments .. msrpctypes.marshall_unicode_ptr(nil)
.. msrpctypes.marshall_unicode_ptr(nil)
-- [in,size_is(password_size)] uint8 *password,
arguments = arguments .. msrpctypes.marshall_int8_ptr(nil)
.. msrpctypes.marshall_int8_ptr(nil)
-- [in] uint32 password_size,
arguments = arguments .. msrpctypes.marshall_int32(0)
.. msrpctypes.marshall_int32(0)
-- [out,ref] policy_handle *handle
@@ -3297,10 +3285,10 @@ function svcctl_openservicew(smbstate, handle, name)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] [string,charset(UTF16)] uint16 ServiceName[],
arguments = arguments .. msrpctypes.marshall_unicode(name, true)
.. msrpctypes.marshall_unicode(name, true)
-- [in] uint32 access_mask,
arguments = arguments .. msrpctypes.marshall_int32(0x000f01ff)
.. msrpctypes.marshall_int32(0x000f01ff)
-- [out,ref] policy_handle *handle
@@ -3352,14 +3340,10 @@ function svcctl_startservicew(smbstate, handle, args)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] uint32 NumArgs,
if(args == nil) then
arguments = arguments .. msrpctypes.marshall_int32(0)
else
arguments = arguments .. msrpctypes.marshall_int32(#args)
end
.. (args and msrpctypes.marshall_int32(#args) or msrpctypes.marshall_int32(0))
-- [in/*FIXME:,length_is(NumArgs)*/] [string,charset(UTF16)] uint16 *Arguments
arguments = arguments .. msrpctypes.marshall_unicode_array_ptr(args, true)
.. msrpctypes.marshall_unicode_array_ptr(args, true)
-- Do the call
status, result = call_function(smbstate, 0x13, arguments)
@@ -3408,7 +3392,7 @@ function svcctl_controlservice(smbstate, handle, control)
arguments = msrpctypes.marshall_policy_handle(handle)
-- [in] uint32 control,
arguments = arguments .. msrpctypes.marshall_svcctl_ControlCode(control)
.. msrpctypes.marshall_svcctl_ControlCode(control)
-- [out,ref] SERVICE_STATUS *service_status
@@ -3520,7 +3504,7 @@ function atsvc_jobadd(smbstate, server, command, time)
arguments = msrpctypes.marshall_unicode_ptr(server, true)
-- [in] atsvc_JobInfo *job_info,
arguments = arguments .. msrpctypes.marshall_atsvc_JobInfo(command, time)
.. msrpctypes.marshall_atsvc_JobInfo(command, time)
-- [out,ref] uint32 *job_id
@@ -4897,7 +4881,7 @@ function RRAS_SubmitRequest(smbstate, pReqBuffer, dwcbBufSize)
--[in, out, unique, size_is(dwcbBufSize) PBYTE pReqBuffer,
req_blob = bin.pack("<IIAA", 0x20000, dwcbBufSize, pReqBuffer, get_pad(pReqBuffer,4)) --unique pointer see samba:ndr_push_unique_ptr
--[in] DWORD dwcbBufSize
req_blob = req_blob .. msrpctypes.marshall_int32(dwcbBufSize)
.. msrpctypes.marshall_int32(dwcbBufSize)
--call the function
local status, result
stdnse.debug(

71
nselib/msrpctypes.lua
View File

@@ -1034,15 +1034,13 @@ end
-- <code>data</code>.
--@return A string representing the marshalled data.
function marshall_int8_array(data, max_length)
local result = ""
stdnse.debug4("MSRPC: Entering marshall_int8_array()")
if(max_length == nil) then
max_length = #data
end
result = result .. bin.pack("<IIIA", max_length, 0, #data, data)
local result = bin.pack("<IIa", max_length, 0, data)
stdnse.debug4("MSRPC: Leaving marshall_int8_array()")
@@ -1797,8 +1795,8 @@ function marshall_lsa_String_array2(strings)
end
result = marshall_int32(1000) -- Max length
result = result .. marshall_int32(0) -- Offset
result = result .. marshall_array(array)
.. marshall_int32(0) -- Offset
.. marshall_array(array)
--require 'nsedebug'
--nsedebug.print_hex(result)
@@ -1977,10 +1975,10 @@ local function marshall_lsa_TranslatedSid2(location, sid_type, rid, sid_index, u
if(unknown == nil) then unknown = 0 end
if(location == HEAD or location == ALL) then
result = result .. marshall_lsa_SidType(sid_type)
result = result .. marshall_int32(rid)
result = result .. marshall_int32(sid_index)
result = result .. marshall_int32(unknown)
result = marshall_lsa_SidType(sid_type)
.. marshall_int32(rid)
.. marshall_int32(sid_index)
.. marshall_int32(unknown)
end
if(location == BODY or location == ALL) then
@@ -2062,10 +2060,10 @@ local function marshall_lsa_TranslatedName2(location, sid_type, name, sid_index,
if(unknown == nil) then unknown = 0 end
if(location == HEAD or location == ALL) then
result = result .. marshall_lsa_SidType(sid_type)
result = result .. marshall_lsa_String_internal(HEAD, name)
result = result .. marshall_int32(sid_index)
result = result .. marshall_int32(unknown)
result = marshall_lsa_SidType(sid_type)
.. marshall_lsa_String_internal(HEAD, name)
.. marshall_int32(sid_index)
.. marshall_int32(unknown)
end
if(location == BODY or location == ALL) then
@@ -2122,11 +2120,9 @@ end
--@param sids An array of SIDs to translate (as strings)
--@return A string representing the marshalled data.
function marshall_lsa_TransSidArray2(sids)
local result = ""
local array = {}
stdnse.debug4("MSRPC: Entering marshall_lsa_TransSidArray2()")
result = result .. marshall_int32(#sids)
for i = 1, #sids, 1 do
array[i] = {}
@@ -2134,7 +2130,8 @@ function marshall_lsa_TransSidArray2(sids)
array[i]['args'] = {sids[i]['sid_type'], sids[i]['rid'], sids[i]['sid_index'], sids[i]['unknown']}
end
result = result .. marshall_ptr(ALL, marshall_array, {array}, array)
local result = marshall_int32(#sids)
.. marshall_ptr(ALL, marshall_array, {array}, array)
stdnse.debug4("MSRPC: Leaving marshall_lsa_TransSidArray2()")
return result
@@ -2305,13 +2302,12 @@ end
--
--@return A string representing the marshalled data.
function marshall_lsa_QosInfo()
local result = ""
stdnse.debug4("MSRPC: Entering marshall_lsa_QosInfo()")
result = result .. marshall_int32(12)
result = result .. marshall_int16(2, false)
result = result .. marshall_int8(1, false)
result = result .. marshall_int8(0, false)
local result = marshall_int32(12)
.. marshall_int16(2, false)
.. marshall_int8(1, false)
.. marshall_int8(0, false)
stdnse.debug4("MSRPC: Leaving marshall_lsa_QosInfo()")
return result
@@ -2335,15 +2331,14 @@ end
--
--@return A string representing the marshalled data.
function marshall_lsa_ObjectAttribute()
local result = ""
stdnse.debug4("MSRPC: Entering marshall_lsa_ObjectAttribute()")
result = result .. marshall_int32(24)
result = result .. marshall_int32(0) -- Null'ing out these pointers for now. Maybe we'll need them in the future...
result = result .. marshall_int32(0)
result = result .. marshall_int32(0)
result = result .. marshall_int32(0)
result = result .. marshall_ptr(ALL, marshall_lsa_QosInfo, {})
local result = marshall_int32(24)
.. marshall_int32(0) -- Null'ing out these pointers for now. Maybe we'll need them in the future...
.. marshall_int32(0)
.. marshall_int32(0)
.. marshall_int32(0)
.. marshall_ptr(ALL, marshall_lsa_QosInfo, {})
stdnse.debug4("MSRPC: Leaving marshall_lsa_ObjectAttribute()")
return result
@@ -2385,18 +2380,16 @@ end
--@param sids The array of SIDs to marshall (as strings).
--@return A string representing the marshalled data.
function marshall_lsa_SidArray(sids)
local result = ""
local array = {}
result = result .. marshall_int32(#sids)
for i = 1, #sids, 1 do
array[i] = {}
array[i]['func'] = marshall_lsa_SidPtr
array[i]['args'] = {sids[i]}
end
result = result .. marshall_ptr(ALL, marshall_array, {array}, array)
local result = marshall_int32(#sids)
.. marshall_ptr(ALL, marshall_array, {array}, array)
return result
end
@@ -4653,14 +4646,12 @@ end
-- file.
--@param time The time at which to run the job, in milliseconds from midnight.
function marshall_atsvc_JobInfo(command, time)
local result = ""
result = result .. marshall_int32(time) -- Job time
result = result .. marshall_int32(0) -- Day of month
result = result .. marshall_int8(0, false) -- Day of week
result = result .. marshall_atsvc_Flags("JOB_NONINTERACTIVE") -- Flags
result = result .. marshall_int16(0, false) -- Padding
result = result .. marshall_unicode_ptr(command, true) -- Command
local result = marshall_int32(time) -- Job time
.. marshall_int32(0) -- Day of month
.. marshall_int8(0, false) -- Day of week
.. marshall_atsvc_Flags("JOB_NONINTERACTIVE") -- Flags
.. marshall_int16(0, false) -- Padding
.. marshall_unicode_ptr(command, true) -- Command
return result
end

18
nselib/mssql.lua
View File

@@ -1903,15 +1903,15 @@ NTAuthenticationPacket = {
local sessionkey_offset = hostname_offset + #hostname
local data = bin.pack("<AISSI", ntlmssp, NTLMSSP_AUTH, #lm_response, #lm_response, lm_response_offset)
data = data .. bin.pack("<SSI", #ntlm_response, #ntlm_response, ntlm_response_offset)
data = data .. bin.pack("<SSI", #domain, #domain, domain_offset)
data = data .. bin.pack("<SSI", #user, #user, username_offset)
data = data .. bin.pack("<SSI", #hostname, #hostname, hostname_offset)
data = data .. bin.pack("<SSI", #sessionkey, #sessionkey, sessionkey_offset)
data = data .. bin.pack("<I", flags)
data = data .. bin.pack("A", domain)
data = data .. bin.pack("A", user )
data = data .. lm_response .. ntlm_response
.. bin.pack("<SSI", #ntlm_response, #ntlm_response, ntlm_response_offset)
.. bin.pack("<SSI", #domain, #domain, domain_offset)
.. bin.pack("<SSI", #user, #user, username_offset)
.. bin.pack("<SSI", #hostname, #hostname, hostname_offset)
.. bin.pack("<SSI", #sessionkey, #sessionkey, sessionkey_offset)
.. bin.pack("<I", flags)
.. bin.pack("A", domain)
.. bin.pack("A", user )
.. lm_response .. ntlm_response
return PacketType.NTAuthentication, data
end,

11
nselib/ncp.lua
View File

@@ -177,10 +177,9 @@ Packet = {
self.ncp_ip.length or 0, self.ncp_ip.version,
self.ncp_ip.replybuf, self.type, self.seqno,
self.conn, self.task, UNKNOWN, self.func )
if ( self.length ) then data = data .. bin.pack(">S", self.length) end
if ( self.subfunc ) then data = data .. bin.pack("C", self.subfunc) end
if ( self.data ) then data = data .. bin.pack("A", self.data) end
.. (self.length and bin.pack(">S", self.length) or "")
.. (self.subfunc and bin.pack("C", self.subfunc) or "")
.. (self.data or "")
return data
end,
@@ -944,10 +943,10 @@ NCP = {
unknown, iter_handle, entry.id, info_flags )
-- no name filter
data = data .. "\0\0\0\0"
.. "\0\0\0\0"
-- no class filter
data = data .. "\0\0\0\0"
.. "\0\0\0\0"
p:setData(data)
local status, entries = self:Exch( p )

12
nselib/ospf.lua
View File

@@ -98,15 +98,17 @@ OSPF = {
end,
__tostring = function(self)
local hdr = bin.pack(">CCS", self.ver, self.type, self.length )
hdr = hdr .. bin.pack(">IISS", ipOps.todword(self.router_id), self.area_id, self.chksum, self.auth_type)
local auth
if self.auth_type == 0x00 then
hdr = hdr .. bin.pack(">L", 0x00)
auth = bin.pack(">L", 0x00)
elseif self.auth_type == 0x01 then
hdr = hdr .. bin.pack(">A8", self.auth_data.password)
auth = bin.pack(">A8", self.auth_data.password)
elseif self.auth_type == 0x02 then
hdr = hdr .. bin.pack(">A".. self.auth_data.length, self.auth_data.hash)
auth = bin.pack(">A".. self.auth_data.length, self.auth_data.hash)
end
local hdr = bin.pack(">CCS", self.ver, self.type, self.length )
.. bin.pack(">IISS", ipOps.todword(self.router_id), self.area_id, self.chksum, self.auth_type)
.. auth
return hdr
end,

16
nselib/sasl.lua
View File

@@ -143,14 +143,14 @@ if HAVE_SSL then
end
local response = "username=\"" .. self.username .. "\""
response = response .. (",%s=\"%s\""):format("realm", realm)
response = response .. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
response = response .. (",%s=\"%s\""):format("cnonce", cnonce)
response = response .. (",%s=%08d"):format("nc", self.nc)
response = response .. (",%s=%s"):format("qop", "auth")
response = response .. (",%s=\"%s\""):format("digest-uri", uri)
response = response .. (",%s=%s"):format("response", digest)
response = response .. (",%s=%s"):format("charset", "utf-8")
.. (",%s=\"%s\""):format("realm", realm)
.. (",%s=\"%s\""):format("nonce", self.challnvs.nonce)
.. (",%s=\"%s\""):format("cnonce", cnonce)
.. (",%s=%08d"):format("nc", self.nc)
.. (",%s=%s"):format("qop", "auth")
.. (",%s=\"%s\""):format("digest-uri", uri)
.. (",%s=%s"):format("response", digest)
.. (",%s=%s"):format("charset", "utf-8")
-- response_table is used in http library because the request should
-- be a little bit different then the string generated above

49
nselib/smb.lua
View File

@@ -2150,7 +2150,7 @@ local function send_transaction2(smb, sub_command, function_parameters, function
)
local data = "\0\0\0" .. (function_parameters or '')
data = data .. (function_data or '')
.. (function_data or '')
-- Send the transaction request
stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION2")
@@ -2262,8 +2262,23 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
data_size = #function_data
end
local setup
if(no_setup) then
setup = bin.pack("<CC",
0x00, -- Number of 'setup' words (none)
0x00 -- Reserved.
)
else
setup = bin.pack("<CCSS",
0x02, -- Number of 'setup' words
0x00, -- Reserved.
0x0026, -- Function to call.
smb['fid'] -- Handle to open file
)
end
-- Parameters are 0x20 bytes long.
parameters = bin.pack("<SSSSCCSISSSSS",
parameters = bin.pack("<SSSSCCSISSSSSA",
parameter_size, -- Total parameter count.
data_size, -- Total data count.
0x0008, -- Max parameter count.
@@ -2276,28 +2291,14 @@ function send_transaction_named_pipe(smb, function_parameters, function_data, pi
parameter_size, -- Parameter bytes.
parameter_offset, -- Parameter offset.
data_size, -- Data bytes.
data_offset -- Data offset.
data_offset, -- Data offset.
setup
)
if(no_setup) then
parameters = parameters .. bin.pack("<CC",
0x00, -- Number of 'setup' words (none)
0x00 -- Reserved.
)
else
parameters = parameters .. bin.pack("<CCSS",
0x02, -- Number of 'setup' words
0x00, -- Reserved.
0x0026, -- Function to call.
smb['fid'] -- Handle to open file
)
end
data = bin.pack("<z", pipe)
data = data .. bin.pack("<I", 0) -- Padding
data = data .. (function_parameters or '')
data = data .. (function_data or '')
.. bin.pack("<I", 0) -- Padding
.. (function_parameters or '')
.. (function_data or '')
-- Send the transaction request
stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION")
@@ -2715,13 +2716,11 @@ function find_files(smbstate, fname, options)
( options.srch_attrs.archive and 32 or 0 ))
if ( not(fname) ) then
fname = '\\*'
fname = '\\*\0'
elseif( fname:sub(1,1) ~= '\\' ) then
fname = '\\' .. fname
fname = '\\' .. fname .. '\0'
end
fname = fname .. '\0'
-- Sends the request and takes care of short/fragmented responses
local function send_and_receive_find_request(smbstate, trans_type, function_parameters)

10
nselib/ssh2.lua
View File

@@ -110,11 +110,11 @@ transport.kex_init = function( options )
local languages = options['languages'] or ""
local payload = bin.pack( ">cAaa", SSH2.SSH_MSG_KEXINIT, cookie, kex_algorithms, host_key_algorithms )
payload = payload .. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
payload = payload .. bin.pack( ">aa", mac_algorithms, mac_algorithms )
payload = payload .. bin.pack( ">aa", compression_algorithms, compression_algorithms )
payload = payload .. bin.pack( ">aa", languages, languages )
payload = payload .. bin.pack( ">cI", 0, 0 )
.. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
.. bin.pack( ">aa", mac_algorithms, mac_algorithms )
.. bin.pack( ">aa", compression_algorithms, compression_algorithms )
.. bin.pack( ">aa", languages, languages )
.. bin.pack( ">cI", 0, 0 )
return payload
end

2
nselib/url.lua
View File

@@ -81,7 +81,7 @@ end
local function absolute_path(base_path, relative_path)
if string.sub(relative_path, 1, 1) == "/" then return relative_path end
local path = string.gsub(base_path, "[^/]*$", "")
path = path .. relative_path
.. relative_path
path = string.gsub(path, "([^/]*%./)", function (s)
if s ~= "./" then return s else return "" end
end)

2
nselib/vuzedht.lua
View File

@@ -122,7 +122,7 @@ Request = {
-- Converts a FindNode Request to a string
__tostring = function(self)
local data = tostring(self.header)
data = data .. bin.pack(">CAII", self.id_length, self.node_id, self.status, self.dht_size)
.. bin.pack(">CAII", self.id_length, self.node_id, self.status, self.dht_size)
return data
end,
}

4
nselib/wsdd.lua
View File

@@ -165,9 +165,9 @@ Decoders = {
-- @return status true on success, false on failure
-- @return err string containing the error message
['error'] = function( data )
local response = "Failed to decode response from device: "
local err = data:match("<SOAP.-ENV:Reason><SOAP.-ENV:Text>(.-)<")
response = response .. (err or "Unknown error")
local response = "Failed to decode response from device: "
.. (err or "Unknown error")
return true, response
end,