commit e5cb0a18d5474730310f1797016e1106c33ca059
Author: Patrik Karlsson <patrik@cqure.net>
Date: Sun Oct 7 10:47:35 2012 +0200
compatibility fixes to spnego authentication in smb and smbauth libraries
the spnego authentication blob now decodes properly in wireshark
fixes in spnego authentication for both Window 2003 and Windows 7
commit 5de9e4fa623f88a9b48ef0704244ff843005573a
Author: Patrik Karlsson <patrik@cqure.net>
Date: Sat Oct 6 21:19:08 2012 +0200
Applied patch from Dhiru Kholia adding oracle-brute-stealth and needed changes
reworked the patch slightly and added;
- support for specifying account on command line
- johnfile argument for writing hashes directly to file
rpc.Comm.Connect was trying to bind to 424 reserved ports, which is
overkill. Since nsock doesn't do an actual bind(2) call until
socket:connect for TCP, that meant up to 424 connect calls, each of
which is currently leaking a socket. This commit contains 3 fixes:
1. Add nmap.new_socket calls for non-privileged code path that were
moved inside the privileged loop to originally address the leak.
2. Check for TIMEOUT on each of the TCP connect calls and abandon the
Connect, avoiding many timeouts.
3. Try 10 random reserved ports (from 1 to 1024) instead of 400+.
Should be good odds of finding one unused, even when lots of threads are
trying (though empirical results would be helpful). Also, this should
reduce load since thread n won't need to fail n-1 bind attempts.
It appears that connecting more than one with the same nse_nsock socket
leaks socket descriptor. For example,
local s = nmap.new_socket()
s:connect(host, port) --> TIMEOUT
s:connect(host, port) --> TIMEOUT
s:close()
leaks a socket descriptor, the one used in the first connect. Nsock
should really take care of this, but let's do this workaround because
rpc-grind has been causing problems due to using the above pattern:
http://seclists.org/nmap-dev/2012/q3/864http://seclists.org/nmap-dev/2012/q3/872http://seclists.org/nmap-dev/2012/q3/949
The difficulty is that the rpc library will tolerate around 400 of those
timeouts per RPC connection, which leads to rapidly running out of
descriptors.
There was a reverse table that was meant to map keys to their position
in the order table, to make it easy to table.remove an entry from order.
But removing something from order would shift the indices of all
following elements by 1, and those elements were not updated
correspondingly in the reverse table. Instead, do a linear lookup for
the the element to remove from order, after checking that the element
exists at all.
http://seclists.org/nmap-dev/2012/q3/905
Previously we always took the destination address from the packet
buffer, which failed for IPv6 link-local addresses because the packet
buffer does not contain the scope id.
This takes a broken-down date table, as produced by os.date("*t"), and
converts it into an integer number of seconds since the epoch UTC,
interpreting it as a time in a given time zone. Simply passing a date
table to os.time is not good enough, because os.time always assumes the
date table represents a local time; i.e., you will get different results
from running os.time({year=2012,month=1,day=1,hour=12,min=0,sec=0})
depending on what time zone you run it in.
NSE: rpc-grind Connect(): RPC library does not support: nil protocol
NSE: rpc-grind Connect(): RPC library does not support: rpcbind version
81578896
These errors caused by ChkProgram and ChkVersion called from
rpc.Comm.Connect. Added a dummy program in rpc-grind and a check for
self.checkprogver in ChkVersion, and everything works great.
Also fixed portrule to only fail if the non-rpcbind service name was not
the result of table lookup. Was failing on port 2049 (in nmap-services
as "nfs") without -sV.
Was throwing an exception when parsing a packet with a source IP that
had a fourth octet greater than 127, since the %d format specifier used
in the dups check is for signed integers, and the IP is little-endian.
Switched to %u (unsigned int) and it works great.
Scripts may now return a key–value table, or such a table in addition to
a string. The table will be automatically formatted for normal output
and will appear as a hierarchy of elements in XML output.
Some history and discussion of this development can be found at
https://secwiki.org/w/Nmap/Structured_Script_Output.
This is a merge of r29484:29569 from /nmap-exp/david/xml-output.
commit 7c26e4de2ab365a30fe6e91f3a531eb38c8dfdba
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Tue Aug 7 16:36:54 2012 -0500
Fix indentation on netbios.lua (no code change)
commit 47dc3e32e6b47bd80620cfbc54e7590193dd0c1a
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Tue Jul 31 16:42:27 2012 -0500
Make smbauth.lua use host, not nmap, registry
commit 3738f8e6d551a1260463609d8cda86918843a372
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Tue Jul 31 16:35:45 2012 -0500
Make netbios.lua use host registry. Functions now can take host table or IP
commit 031cadb9d407ab7fd43aaddffda1a89c24cbdd45
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Tue Jul 31 15:54:12 2012 -0500
Remove mac-geolocation info from snmp-interfaces
commit 2218dbaf8ffd4a33de2bc028def9be7301dfb3a2
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Tue Jul 31 15:52:36 2012 -0500
Make path-mtu.nse use host, not nmap, registry
commit 5a3d006bdb9cd3e981a8e753c92b5ade5059a29b
Author: Daniel Miller <bonsaiviking@gmail.com>
Date: Tue Jul 31 15:51:53 2012 -0500
Make cvs-* scripts use host, not nmap, registry
