From f62d39f801833a2340358246da5868c86f4e9125 Mon Sep 17 00:00:00 2001 From: dmiller Date: Thu, 6 Sep 2018 16:00:46 +0000 Subject: [PATCH] Convert more bin.lua packings --- nselib/membase.lua | 8 ++++---- nselib/msrpcperformance.lua | 5 ++--- nselib/proxy.lua | 33 +++++---------------------------- nselib/sip.lua | 7 +++---- nselib/socks.lua | 15 ++++++--------- scripts/allseeingeye-info.nse | 33 ++++++++++++++++----------------- scripts/bacnet-info.nse | 23 ++++++++++------------- 7 files changed, 46 insertions(+), 78 deletions(-) diff --git a/nselib/membase.lua b/nselib/membase.lua index 37a13945e..9b721a635 100644 --- a/nselib/membase.lua +++ b/nselib/membase.lua @@ -10,11 +10,11 @@ -- -local bin = require "bin" local match = require "match" local nmap = require "nmap" local sasl = require "sasl" local stdnse = require "stdnse" +local string = require "string" local table = require "table" _ENV = stdnse.module("membase", stdnse.seeall) @@ -66,7 +66,7 @@ TAP = { -- Converts the header to string -- @return string containing the Header as string __tostring = function(self) - return bin.pack(">CCSCCSIIL", self.magic, self.opcode, self.keylen, + return string.pack(">BB I2 BB I2 I4 I4 I8", self.magic, self.opcode, self.keylen, self.extlen, self.data_type, self.vbucket, self.total_body, self.opaque, self.CAS) end, @@ -172,9 +172,9 @@ TAP = { return false, "Packet to short" end local pos - pos, self.magic, self.opcode, self.keylen, self.extlen, + self.magic, self.opcode, self.keylen, self.extlen, self.data_type, self.status, self.total_body, self.opaque, - self.CAS = bin.unpack(">CCSCCSIIL", self.data) + self.BAI2 , pos = string.unpack(">BB I2 BB I2 I4 I4 I8", self.data) return true end diff --git a/nselib/msrpcperformance.lua b/nselib/msrpcperformance.lua index 0ee8116f1..0656888ec 100644 --- a/nselib/msrpcperformance.lua +++ b/nselib/msrpcperformance.lua @@ -17,10 +17,10 @@ --@copyright Same as Nmap--See https://nmap.org/book/man-legal.html ----------------------------------------------------------------------- -local bin = require "bin" local msrpc = require "msrpc" local msrpctypes = require "msrpctypes" local stdnse = require "stdnse" +local string = require "string" _ENV = stdnse.module("msrpcperformance", stdnse.seeall) ---Parses the title database, which is a series of null-terminated string pairs. @@ -35,7 +35,7 @@ local function parse_perf_title_database(data, pos) repeat local number, name - pos, number, name = bin.unpack(" -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -local bin = require "bin" local dns = require "dns" local ipOps = require "ipOps" local nmap = require "nmap" @@ -141,25 +140,6 @@ function test_connect(host, port, proxyType, hostname) return test(socket, req, false) end ---- Function that resolves IP address for hostname and ---- returns it as hex values ---@param hostname Hostname to resolve ---@return Ip address of hostname in hex -function hex_resolve(hostname) - local a, b, c, d; - local dns_status, ip = dns.query(hostname) - if not dns_status then - return false - end - local t, err = ipOps.get_parts_as_number(ip) - if t and not err - then a, b, c, d = table.unpack(t) - else return false - end - local sip = string.format("%.2x ", a) .. string.format("%.2x ", b) .. string.format("%.2x ", c) .. string.format("%.2x ",d) - return true, sip -end - --- Checks if any parameter was used in old or new syntax -- and return the parameters -- @return url the proxy.url parameter @@ -211,14 +191,12 @@ end -- @return socket A socket with the handshake already done, or an error if -- status is false function socksHandshake(socket, version, hostname) - local resolve, sip, paystring, payload - resolve, sip = hex_resolve(hostname) - if not resolve then + local status, ip = dns.query(hostname) + if not status then return false, "Unable to resolve hostname" end if version == 4 then - paystring = '04 01 00 50 ' .. sip .. ' 6e 6d 61 70 00' - payload = bin.pack("H",paystring) + local payload = '\x04\x01\x00\x50' .. ipOps.ip_to_str(ip) .. '\x6e\x6d\x61\x70\x00' local status, response = socket:send(payload) if not status then socket:close() @@ -250,7 +228,7 @@ function socksHandshake(socket, version, hostname) return false, err end if version == 5 then - local payload = bin.pack("H",'05 01 00') + local payload = '\x05\x01\x00' local status, err = socket:send(payload) if not status then socket:close() @@ -267,8 +245,7 @@ function socksHandshake(socket, version, hostname) -- If no Auth is required, try to establish connection stdnse.debug1("Socks5: No authentication required") -- Socks5 second payload: Version, Command, Null, Address type, Ip-Address, Port number - paystring = '05 01 00 01 ' .. sip .. '00 50' - payload = bin.pack("H",paystring) + payload = '\x05\x01\x00\x01' .. ipOps.ip_to_str(ip) .. '\x00\x50' status, err = socket:send(payload) if not status then socket:close() diff --git a/nselib/sip.lua b/nselib/sip.lua index 73bb66dac..4de78ea5e 100644 --- a/nselib/sip.lua +++ b/nselib/sip.lua @@ -36,7 +36,6 @@ -- Version 0.1 -- Created 2011/03/30 - v0.1 - created by Patrik Karlsson -local bin = require "bin" local nmap = require "nmap" local os = require "os" local stdnse = require "stdnse" @@ -805,11 +804,11 @@ SipAuth = { local result if ( self.algorithm:upper() == "MD5" ) then - local HA1 = select(2, bin.unpack("H16", openssl.md5(self.username .. ":" .. self.realm .. ":" .. self.password))) - local HA2 = select(2, bin.unpack("H16", openssl.md5(self.method .. ":" .. self.uri))) + local HA1 = stdnse.tohex(openssl.md5(self.username .. ":" .. self.realm .. ":" .. self.password)) + local HA2 = stdnse.tohex(openssl.md5(self.method .. ":" .. self.uri)) result = openssl.md5(HA1:lower() .. ":" .. self.nonce ..":" .. HA2:lower()) end - return select(2, bin.unpack("H16", result)):lower() + return stdnse.tohex(result):lower() end, --- Creates the complete authentication response diff --git a/nselib/socks.lua b/nselib/socks.lua index 37c601715..fdf588f40 100644 --- a/nselib/socks.lua +++ b/nselib/socks.lua @@ -4,11 +4,11 @@ -- @author Patrik Karlsson -- -local bin = require "bin" local match = require "match" local nmap = require "nmap" local stdnse = require "stdnse" local string = require "string" +local table = require "table" _ENV = stdnse.module("socks", stdnse.seeall) -- SOCKS Authentication methods @@ -40,11 +40,8 @@ Request = { -- server. -- @return string containing the raw request __tostring = function(self) - local methods = "" - for _, m in ipairs(self.auth_method) do - methods = methods .. string.char(m) - end - return bin.pack("Cp", self.version, methods) + return string.pack("Bs1", self.version, + string.pack(("B"):rep(#self.auth_method), table.unpack(self.auth_method))) end, }, @@ -85,7 +82,7 @@ Request = { username = (username == "") and "\0" or username password = (password == "") and "\0" or password - return bin.pack("Cpp", version, username, password) + return string.pack("Bs1s1", version, username, password) end end, @@ -117,7 +114,7 @@ Response = { return end local pos - pos, self.version, self.method = bin.unpack("CC", self.data) + self.version, self.method, pos = string.unpack("BB", self.data) return true end @@ -151,7 +148,7 @@ Response = { return end local pos - pos, self.version, self.status = bin.unpack("CC", self.data) + self.version, self.status, pos = string.unpack("BB", self.data) return true end, diff --git a/scripts/allseeingeye-info.nse b/scripts/allseeingeye-info.nse index f49eaa3ba..170687332 100644 --- a/scripts/allseeingeye-info.nse +++ b/scripts/allseeingeye-info.nse @@ -2,7 +2,6 @@ local comm = require "comm" local nmap = require "nmap" local shortport = require "shortport" local string = require "string" -local bin = require "bin" local stdnse = require "stdnse" description = [[ @@ -151,22 +150,22 @@ action = function(host, port) local o = stdnse.output_table() local pos = 5 - pos, o["game"] = bin.unpack("p", data, pos) - pos, o["port"] = bin.unpack("p", data, pos) - pos, o["server name"] = bin.unpack("p", data, pos) - pos, o["game type"] = bin.unpack("p", data, pos) - pos, o["map"] = bin.unpack("p", data, pos) - pos, o["version"] = bin.unpack("p", data, pos) - pos, o["passworded"] = bin.unpack("p", data, pos) - pos, o["num players"] = bin.unpack("p", data, pos) - pos, o["max players"] = bin.unpack("p", data, pos) + o["game"], + o["port"], + o["server name"], + o["game type"], + o["map"], + o["version"], + o["passworded"], + o["num players"], + o["max players"], pos = string.unpack(("s1"):rep(9), data, pos) -- extract the key-value pairs local kv = stdnse.output_table() o["settings"] = kv while data:byte(pos) ~= 1 do local key, value - pos, key, value = bin.unpack("pp", data, pos) + key, value, pos = string.unpack("s1s1", data, pos) kv[key] = value end pos = pos + 1 @@ -181,22 +180,22 @@ action = function(host, port) local player = stdnse.output_table() if (flags & 1) ~= 0 then - pos, player.name = bin.unpack("p", data, pos) + player.name, pos = string.unpack("s1", data, pos) end if (flags & 2) ~= 0 then - pos, player.team = bin.unpack("p", data, pos) + player.team, pos = string.unpack("s1", data, pos) end if (flags & 4) ~= 0 then - pos, player.skin = bin.unpack("p", data, pos) + player.skin, pos = string.unpack("s1", data, pos) end if (flags & 8) ~= 0 then - pos, player.score = bin.unpack("p", data, pos) + player.score, pos = string.unpack("s1", data, pos) end if (flags & 16) ~= 0 then - pos, player.ping = bin.unpack("p", data, pos) + player.ping, pos = string.unpack("s1", data, pos) end if (flags & 32) ~= 0 then - pos, player.time = bin.unpack("p", data, pos) + player.time, pos = string.unpack("s1", data, pos) end players["player " .. playernum] = player diff --git a/scripts/bacnet-info.nse b/scripts/bacnet-info.nse index 8f14dfc13..a32820baa 100644 --- a/scripts/bacnet-info.nse +++ b/scripts/bacnet-info.nse @@ -1,4 +1,3 @@ -local bin = require "bin" local nmap = require "nmap" local shortport = require "shortport" local stdnse = require "stdnse" @@ -948,7 +947,7 @@ function field_size(packet) end -- unpack a string of length local charset, info - offset, charset, info = bin.unpack("CA" .. tostring(value), packet, offset) + charset, info, offset = string.unpack("Bc" .. tostring(value), packet, offset) -- return information that was found in the packet if charset == 0 then -- UTF-8 return info @@ -980,7 +979,7 @@ end --- Sends a query for Property Identifier id (a number) on socket local function send_query(socket, id) -- Wireshark dissection: - local query = bin.pack(">C2SC7ICC", + local query = string.pack(">BB I2 BBBBBBB I4 BB", 0x81, -- Type: BACnet/IP (Annex J) 0x0a, -- Function: Original-Unicast-NPDU 0x0011, -- BVLC-Length: 4 of 17 bytes @@ -1037,8 +1036,8 @@ function standard_query(socket, type) end -- validate valid BACNet Packet if( string.byte(response, 1) == 0x81 ) then - -- Lookup byte 7 (pakcet type) - local pos, value = bin.unpack("C", response, 7) + -- Lookup byte 7 (packet type) + local value = string.byte(response, 7) -- verify that the response packet was not an error packet if( value ~= 0x50) then --collect information by looping thru the packet @@ -1081,12 +1080,12 @@ function vendornum_query(socket) end -- validate valid BACNet Packet if( string.byte(response, 1) == 0x81 ) then - local pos, value = bin.unpack("C", response, 7) + local value = string.byte(response, 7) --if the vendor query resulted in an error if( value ~= 0x50) then -- read values for byte 18 in the packet data -- this value determines if vendor number is 1 or 2 bytes - pos, value = bin.unpack("C", response, 18) + value = string.byte(response, 18) else stdnse.debug1("Error receiving Vendor ID: BACNet Error") return nil @@ -1100,8 +1099,7 @@ function vendornum_query(socket) -- if value is 22 (byte 18) elseif( value == 0x22 ) then -- convert hex to decimal - local vendornum - pos, vendornum = bin.unpack(">S", response, 19) + local vendornum = string.unpack(">I2", response, 19) -- look up vendor name from table return vendor_lookup(vendornum) else @@ -1157,7 +1155,7 @@ action = function(host, port) -- if the response starts with 0x81 then its BACNet if( string.byte(response, 1) == 0x81 ) then - local pos, value = bin.unpack("C", response, 7) + local value = string.byte(response, 7) --if the first query resulted in an error -- if( value == 0x50) then @@ -1179,9 +1177,8 @@ action = function(host, port) to_return["Vendor Name"] = standard_query(sock, "vendor") -- Instance Number (object number) - local instance_upper, instance - pos, instance_upper, instance = bin.unpack("C>S", response, 20) - to_return["Object-identifier"] = instance_upper * 0x10000 + instance + local instance = string.unpack(">I3", response, 20) + to_return["Object-identifier"] = instance --Firmware Verson to_return["Firmware"] = standard_query(sock, "firmware")