parsing mostly. Response parsing is centralized, and fewer operations
are done on raw HTTP data.
The biggest user-visible change is that http.request goes back to
returning a parsed result table, not raw HTTP data. I believe this is
how the function worked in the past; it's what the NSEDoc for the
function says. The only thing that used http.request was citrixxml.lua,
and this commit alters it to match the new expectations.
The other change is that the http.pipeline function no longer accepts
the "raw" option. The only script that used that was sql-injection.nse,
and this commit modifies that script as well.
HEAD request. This makes it look like the response to the HEAD request
has a body. As a result, http-enum can wrongly surmise that HEAD
requests don't work when it hits a cache entry while testing HEAD.
# nmap --script=http-date,http-enum -PN -p 80 -d2
NSE: NSE Script Threads (2) running:
NSE: Final http cache size (373 bytes) of max size of 1000000
NSE: HTTP: Host returns proper 404 result.
NSE: Final http cache size (1905 bytes) of max size of 1000000
NSE: Finished 'http-date' (thread: 0x8535a40).
NSE: HTTP: Warning: Host returned data when performing HEAD.
NSE: Checking if a GET request is going to work out
After this change:
NSE: NSE Script Threads (2) running:
NSE: Final http cache size (373 bytes) of max size of 1000000
NSE: HTTP: Host returns proper 404 result.
NSE: Final http cache size (1905 bytes) of max size of 1000000
NSE: Finished 'http-date' (thread: 0x8e75b00).
NSE: Final http cache size (1905 bytes) of max size of 1000000
NSE: HTTP: Host supports HEAD.
the code just took each value mod 256 and stored it as a single byte.
The OID 1.3.1000.5 would encode as follows
tag len 1.3 1000%256 5
06 03 2b e8 05
What you're supposed to do is break each value into 7-bit chunks, and
set the high bit in every octet but the last. Now it is correctly
encoded as
tag len 1.3 1000 5
06 04 2b 8768 05
The length also would not have been correct for lengths over 127, and
that is fixed also.
1) I wrote a function that formats output from scripts in a consistent way. Although we haven't really come to a concensus on how it should look yet, it's easy to change when we do.
2) New script: smb-enum-groups.nse. Enumerate the local groups on a system and their membership.
now a script is limited in parallelism to working on one socket at any
time. A script can now create a worker thread that will be capable of
doing work on sockets in parallel with the parent script. See [1] for
more information.
This patch also comes with condition variables that are similar to
POSIX condition variables. They are used in the same fashion as
NSE's mutexes (nmap.mutex).
[1] http://seclists.org/nmap-dev/2009/q4/294
* Updated the way authentication works on smb -- it's significantly cleaner now
* smb-enum-shares.nse gives significantly better output now (it checks if shares are writable)
* Added a script that checks if smbv2 is enabled on a server
* Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc)
* Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua.
* Lots of random code cleanups in the smb-* scripts/libraries
to reconnect a socket with SSL because the initial communication on the socket
is done without SSL. See this thread [1] for more details.
[1] http://seclists.org/nmap-dev/2009/q4/3
isChunked now checks for transfer-encoding: identity instead of transfer-encoding: chunked. If transfer encoding is present and it is not identity, chunked encoding is considered. Also rfc2616, section 4.4 (item 2)
