Probably only works for US-English, since it uses Code Page 437. Adding
support for other locales would require detecting or setting the locale
for the remote system, since SMB has no way to negotiate code page. In
other words, Windows systems with different locales will have different
LM hashes for the same password.
Also added some tests. Hashes confirmed by googling for them and finding
the correct plaintext.
http-xssed unconditionally used host.targetname, which is only set when
the target is specified as a name, not an IP address or range. Now we
prefer the targetname, but fall back to the reverse-dns name, and
finally to the IP address. Perhaps we should be more strict, if
xssed.com only allows domain names, for instance?
Check for error 71 (0x47), which means the server is simply not a master
or backup browser and will not respond.
Also teardown the SMB session as far as it has been established, to be
nice.
Windows uses UTF-16 little-endian. Since this is a common use case,
utility functions are provided such that this:
x = unicode.utf16to8(v)
is equivalent to this:
x = unicode.encode(unicode.decode(v, unicode.utf16_dec),
unicode.utf8_enc)
but faster (fewer intermediate tables)
Using this regular expression, '\(\w*\)\s*=\s*\1\s*\.\.', found and
replaced many string concatenation-reassignments. These can cause
performance issues, since a new string gets allocated for each
reassignment. In many cases, the replacement is simply a single string,
wrapped across lines with the '\z' escape, which consumes a newline and
whitespace following it. In other cases, a table is used to hold the
substrings until the final string is built with a single table.concat
operation (same technique used in stdnse.strbuf).
Also, some string-building loops of this form:
s = ""
for i = 1, 100, 1 do
s = s .. "\0"
end
were replaced with this much faster and cleaner version:
s = string.rep("\0", 100)
for lib in nselib/*.lua*; do l=${lib#*/}; l=${l%.lua*}; find . -name \
\*.lua -o -name \*.nse | xargs grep -l "require .$l\>" | xargs grep \
-c "\<$l\." | grep ':0$' | awk -F: '{print "'$l'", $1}'; done
Did not remove calls to stdnse.silent_require since these can be used to
abort script execution if OpenSSL is not included, even if the script
does not directly call openssl.* (perhaps it uses comm.tryssl instead,
for instance).
Also did not remove require "strict", since that library is special and
modifies the environment.
