PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 05:01:29 +00:00
Code Issues Projects Releases Wiki Activity
12,365 Commits 2 Branches 0 Tags
d4bf034df909723f36763ca4e90946b00a9eacab
Commit Graph

54 Commits

Author SHA1 Message Date
dmiller
d4bf034df9 Fix TDS7/mssql login packet for non-ascii usernames. See #2056 2021-02-08 22:49:19 +00:00
nnposter
a0172dff48 MS SQL build map true-up 2020-12-04 03:16:33 +00:00
dmiller
b9bb2ec387 Fix (again) the Windows date representation problem. 2020-10-10 13:37:03 +00:00
dmiller
50bef20b92 Handle date formatting for Windows for years earlier than 1970. See #2136 2020-10-08 23:09:21 +00:00
nnposter
5ff407be40 Increases SQL Server version resolution 2020-07-28 01:07:35 +00:00
dmiller
a87b0ca133 Add version info for MS SQL 2017 and 2019 2020-01-06 18:39:54 +00:00
nnposter
dd75a8fec6 Refreshed service pack versions; added MS SQL 2017. Fixes #1411 2018-12-13 21:47:15 +00:00
dmiller
0500811f5a Move string utility functions to stringaux.lua 2018-10-18 01:08:19 +00:00
dmiller
867e9b3fec Remove bin.lua from mssql.lua 2018-09-19 05:16:45 +00:00
dmiller
b5ab73d44d Replace a couple of conversion functions with transcoders from unicode.lua 2018-09-19 04:09:54 +00:00
dmiller
f540c58e3f Remove last uses of 'H' bin packing format, equivalent to stdnse.tohex/fromhex 2018-09-17 15:29:57 +00:00
dmiller
d84ddbe3fd Remove bit library from a few more libs 2018-08-28 03:52:55 +00:00
nnposter
9e77964022 Removes redundant error check 2018-08-20 01:10:32 +00:00
nnposter
0500b2ce42 Converts FromBytes routine from bin.unpack to string.unpack for internal consistency 2018-08-20 01:08:55 +00:00
nnposter
19693c334c More string.sub vs. string.byte optimizations 2018-08-19 01:49:08 +00:00
dmiller
edfc5e3835 Remove useless bin.pack('A') calls (equivalent to tostring) 2017-03-14 02:51:06 +00:00
dmiller
cc0661fb34 Fix more non-explicit endianness things 2017-02-14 05:46:40 +00:00
dmiller
f20589ca09 Use explicit endianness in pack/unpack. 2017-02-14 03:47:49 +00:00
dmiller
81c9062d61 Update mssql.lua with latest service packs and SQL Server 2016 2016-12-18 03:47:34 +00:00
dmiller
cb4b46bd53 Canonicalize authors as tables instead of comma-separated strings 2016-06-09 22:46:42 +00:00
robert
ea7c0bd92b Added SQL Server 2012 SP3 version number and updated SQL Server 2012 SP1 version from the original 4050 release that was pulled and replaced by 4100. 2016-04-02 18:24:39 +00:00
dmiller
f4619edece Update http urls for nmap.org to https 2015-11-05 20:41:05 +00:00
robert
fe63fe2662 Added support for SQL Server 2014, and added version numbers for service packs from the last couple of years. 2015-06-02 09:43:34 +00:00
dmiller
ea58c6bebb Replace chained concatenation reassignment with simple concatenation 
Example:

x = y
x = x .. z

Fixed:

x = y
.. z

This simple fix would save 1 string creation/deletion. Most changes
involve many more than this.
 2015-03-02 13:47:42 +00:00
dmiller
0e74dd7a35 Replace some string.char and bin.pack calls with literals 2015-02-27 19:42:56 +00:00
dmiller
e275a96c72 Use string.gsub instead of looped concat to modify strings 2015-02-27 14:55:29 +00:00
dmiller
40f36a4e3e Some string optimizations in NSE 
Changes fall into these categories:

1. Avoid pathological string building. Loops over x = x .. "foo" can
become very slow. Instead, use strbuf.lua, table.concat, or just one
continuous concatenation; a = x .. y .. z is one operation, better than
a = x .. y; a = a .. z

2. Use hex-escaped strings instead of string.char. I find this more
readable in many cases, and it avoids a table lookup and function call.

3. Don't duplicate code. A few libraries and scripts had re-implemented
stdnse.generate_random_string or openssl.rand_bytes.
 2014-09-03 04:49:54 +00:00
batrick
ee6622aea4 nselib stdnse.print_debug -> stdnse.debug 
$ f() { find -name \*.lua -exec /bin/echo sed -i "$1" {} \; ; }
$ f 's/stdnse.print_debug( *\([0-9]*\) *, */stdnse.debug\1(/'
$ f 's/stdnse.print_debug( *"\(.*\))/stdnse.debug1("\1)/'
 2014-08-03 00:56:45 +00:00
dmiller
17c3e9755e NSEdoc cleanup. 
1. The first paragraph of a function's NSEdoc is used as a short
summary. Some of these were very long, so I split off a shorter summary.

2. Use asterisks (*) to denote bulletted lists, not 'o'

3. Wrap lines at 80 columns

4. a couple other spelling and formatting fixes
 2014-03-10 19:01:19 +00:00
dmiller
1b71f75aad Spelling fixes for Lua files 
Mostly in documentation/comments, but a couple code bugs were caught,
including a call to stdnse.pirnt_debug and a mis-declared variable.
 2014-02-19 04:15:46 +00:00
dmiller
69e343f0aa Reindent the last of the NSE libraries. 
https://secwiki.org/w/Nmap/Code_Standards
 2014-02-04 19:47:26 +00:00
dmiller
620f9fdb34 Remove trailing whitespace in lua files 
Whitespace is not significant, so this should not be a problem.
https://secwiki.org/w/Nmap/Code_Standards
 2014-01-23 21:51:58 +00:00
robert
8430ba2792 Added support for SQL Server 2012 (tested against RTM and fully patched), and added version numbers for latest service packs on older versions of SQL Server (as they've not been updated for far too long). 2012-10-18 06:45:47 +00:00
patrik
6c97e0721d nse-check-globals cleanup 2012-08-29 05:42:27 +00:00
tomsellers
5ba2007d69 Added or enhanced support for the following data types: 
SQLTEXT       = 0x23 - text
GUIDTYPE      = 0x24 - uniqueidentifier
NTEXTTYPE     = 0x63 - unicode text (ntext)
BITNTYPE      = 0x68 - boolean
DECIMALNTYPE  = 0x6A - decimal
NUMERICNTYPE  = 0x6C - numeric
FLTNTYPE      = 0x6D - float/real/double
MONEYNTYPE    = 0x6E - money / smallmoeny
BIGBINARYTYPE = 0xAD - binary
BIGCHARTYPE   = 0xAF - char
SQLNCHAR      = 0xEF - unicode char (nchar)

Added detection and handling of null values when processing query responses from the server.
Added DoneProc response token support
Reordered ColumnData and ColumnInfo parsers by data type code to make updates easier.
 2012-08-24 10:32:44 +00:00
patrik
7e85545ea3 Fixed bug in return values for openssl pcall in libraries mssql and smbauth 2012-08-06 00:18:55 +00:00
patrik
6f43ac38b2 SSL overhaul fixing OpenSSL related problems when SSL has not been compiled in 
* replace require function calls with stndse.silent_require
* fixed a bug in nse_main that would fail creating scripts.db when a script
  fails to load
* reworked some code to provide limited functionality even though SSL is not
  present
 2012-08-05 12:05:07 +00:00
david
a2c2863531 Remove "hardmatched" argument from calls to nmap.set_port_version. 
This is the default and can be omitted. Seeing as the value of this
argument was "hardmatched" in 100% of cases, we're better off pretending
the parameter doesn't exist.
 2012-07-30 18:58:32 +00:00
patrik
9236196d42 o [NSE] Added ms-sql-dac script which queries the Microsoft SQL Browser service 
for the DAC (Dedicated Admin Connection) port. [Patrik Karlsson]
 2012-07-10 09:50:51 +00:00
david
aa6717eb1f Lua 5.2 fixed from Daniel Miller. 
http://seclists.org/nmap-dev/2012/q2/525
 2012-05-29 20:11:39 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
tomsellers
4cb024c21d Corrected a numeric type related to version detection against MS SQL 2008 R2 RTM. Added detection version number for MS SQL 2008 R2 SP1 2012-02-08 02:41:53 +00:00
patrik
188209bc62 o [NSE] Fixed an error in the mssql library that was causing the 
broadcast-ms-sql-discover script to fail when trying to update port version
  information. [Patrik]
 2011-10-24 16:42:02 +00:00
batrick
5a68e5f04a Set the math.randomseed value in nse_main.lua on behalf of scripts. 
Since Lua uses the C rand and srand functions, which have a static
seed for the entire program, we don't want scripts doing this themselves.
 2011-05-23 21:43:46 +00:00
david
72415c63c2 Remove Vim modeline from mssql.lua; was interfering with NSEDoc parsing. 2011-03-13 04:33:31 +00:00
patrik
58edddaedb o [NSE] Merged the ms-sql branch with several improvements and changes to the 
ms-sql scripts and library:
  - Improved version detection
  - Improved server discovery
  - Add support for named pipes
  - Add support for integrated authentication
  - Add support for connecting to instances by name or port
  - Improved script and library stability
  - Improved script and library documentation
 [Patrik Karlsson, Chris Woodbury]
 2011-02-26 22:41:10 +00:00
patrik
3b3ba286ff Applied patch to fix bug in discovery code reported by Chris Woodbury 
http://seclists.org/nmap-dev/2011/q1/228
[Patrik]
 2011-01-23 07:49:45 +00:00
patrik
f3641ee649 lowered the timeout from 30 seconds to 5 for new connections 
add new functionality for discovering servers using the MSSQL Browser service
add new functionality to decode version data received from the browser service
[Patrik]
 2010-11-20 18:54:50 +00:00
patrik
1aed246b69 fixed bug in authentication encryption function as reported by Sergey 
http://seclists.org/nmap-dev/2010/q4/83

changed the way the library reports "Must change password at next logon"
fixed bug in ms-sql-hasdbaccess that would occur if no rows were returned
[Patrik]
 2010-10-15 19:47:54 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00