the code just took each value mod 256 and stored it as a single byte.
The OID 1.3.1000.5 would encode as follows
tag len 1.3 1000%256 5
06 03 2b e8 05
What you're supposed to do is break each value into 7-bit chunks, and
set the high bit in every octet but the last. Now it is correctly
encoded as
tag len 1.3 1000 5
06 04 2b 8768 05
The length also would not have been correct for lengths over 127, and
that is fixed also.
1) I wrote a function that formats output from scripts in a consistent way. Although we haven't really come to a concensus on how it should look yet, it's easy to change when we do.
2) New script: smb-enum-groups.nse. Enumerate the local groups on a system and their membership.
now a script is limited in parallelism to working on one socket at any
time. A script can now create a worker thread that will be capable of
doing work on sockets in parallel with the parent script. See [1] for
more information.
This patch also comes with condition variables that are similar to
POSIX condition variables. They are used in the same fashion as
NSE's mutexes (nmap.mutex).
[1] http://seclists.org/nmap-dev/2009/q4/294
* Updated the way authentication works on smb -- it's significantly cleaner now
* smb-enum-shares.nse gives significantly better output now (it checks if shares are writable)
* Added a script that checks if smbv2 is enabled on a server
* Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc)
* Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua.
* Lots of random code cleanups in the smb-* scripts/libraries
to reconnect a socket with SSL because the initial communication on the socket
is done without SSL. See this thread [1] for more details.
[1] http://seclists.org/nmap-dev/2009/q4/3
isChunked now checks for transfer-encoding: identity instead of transfer-encoding: chunked. If transfer encoding is present and it is not identity, chunked encoding is considered. Also rfc2616, section 4.4 (item 2)
a) Lowercase path (a login page)
b) Paths containing uppercase (becomes a '400 Unknown Error' that indicates a corrupt harddrive)
c) Paths containing a path and no uppercase (the same login page as (a) is displayed, except the font changes colour
The server itself returns that it's 'ACOS HTTPD/1.1.4', and the telnet port says it's 'Lingo VoIP config telnetd'. OS guesses seem to indicate a Telephony device of some sort. In any case, this patch detects these conditions and doesn't bother checking the device if it cannot tell these errors apart
http.head (in revision . Because many scripts tend to request the same object,
this helps to prevent sending duplicate requests that consume network
resources needlessly.
The cache is transparent to the script writer in that it will return a cached
result if present when http.get/http.head is called. How the cache is used may
be controlled by options table (described in [1]) passed to the http functions.
Three new boolean values are present:
o bypass_cache -- The contents of the cache is ignored for the request
(method == "GET" or "HEAD")
o no_cache -- The result of the request is not saved in the cache
(method == "GET" or "HEAD")
o no_cache_body -- The body of the request is not saved in the cache
(method == "GET" or "HEAD")
The size of the cache is by default 1 MB. The size can be changed using the
script arg (--script-args) http-max-cache-size (e.g. --script-args
http-max-cache-size=1e8).
[1] http://nmap.org/nsedoc/lib/http.html#request
