mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 04:31:29 +00:00
9ca4041ec1
again. Here are the items which were merged: ------------------------------------------------------------------------ r13971 | jah | 2009-06-29 14:30:27 -0700 (Mon, 29 Jun 2009) | 2 lines Improved a pattern for matching HTTP status-line, tidy away some variables and fix a typo. ------------------------------------------------------------------------ r13967 | daniel | 2009-06-29 13:47:04 -0700 (Mon, 29 Jun 2009) | 5 lines o Added a convenience top-level BSD makefile redirecting BSD make to GNU make on BSD systems. This should help prevent bogus error reports when users run "make" instead of "gmake" on BSD systems. [Daniel Roethlisberger] ------------------------------------------------------------------------ r13965 | batrick | 2009-06-29 06:50:11 -0700 (Mon, 29 Jun 2009) | 14 lines [NSE] The NSE Nsock Library binding no longer relies on garbage collection to monitor the use of socket "slots". A thread (script) attempting to connect must first obtain one of a limited number of available socket locks (usually 10 or --max-parallelism). The binding would use garbage collection of sockets to determine when a thread has finished using its allocated sockets. This is unfortunately slow and requires us to constantly run the garbage collector to cause timely reallocation. I have changed the binding to now regularly inspect allocated sockets in the nsock_loop function. Available sockets slots are now immediately reallocated and done with far less execution time. See [1] for benchmarks and further explanation. [1] http://seclists.org/nmap-dev/2009/q2/0624.html ------------------------------------------------------------------------ r13964 | batrick | 2009-06-29 06:37:49 -0700 (Mon, 29 Jun 2009) | 10 lines [NSE] Fixed a rare (and usually undetectable) bug that can cause a SEGFAULT. The NSE nsock library binding may attempt to push values on the stack of a thread that ended due to an error. It is possible that the internal Lua stack was completely full and any further pushed values would result in a segmentation memory violation. This bug is very hard to reproduce with a SEGFAULT but is usually visible when Lua assertion checks are turned on. A socket handler routine must be called AFTER a thread has ended in error. ------------------------------------------------------------------------ r13963 | batrick | 2009-06-29 05:51:20 -0700 (Mon, 29 Jun 2009) | 3 lines Fixed some global scoped variables to be local. This caused a many scripts to overwrite each others' sockets, options, etc. ------------------------------------------------------------------------ r13939 | joao | 2009-06-27 16:07:35 -0700 (Sat, 27 Jun 2009) | 2 lines Fixed port rule to include ssl pop3 port, now that pop3.lua supports SSL connections in function capabilities ------------------------------------------------------------------------ r13938 | joao | 2009-06-27 16:06:28 -0700 (Sat, 27 Jun 2009) | 2 lines Added transparent SSL support using comm.tryssl ------------------------------------------------------------------------ r13937 | joao | 2009-06-27 16:05:19 -0700 (Sat, 27 Jun 2009) | 2 lines Added transparent SSL support using comm.tryssl ------------------------------------------------------------------------ r13936 | joao | 2009-06-27 16:03:50 -0700 (Sat, 27 Jun 2009) | 2 lines Added SSL transparent support using comm.tryssl ------------------------------------------------------------------------ r13935 | joao | 2009-06-27 16:02:39 -0700 (Sat, 27 Jun 2009) | 2 lines Added SSL transparent support using comm.tryssl ------------------------------------------------------------------------ r13934 | joao | 2009-06-27 16:01:38 -0700 (Sat, 27 Jun 2009) | 2 lines Added SSL transparent support using comm.tryssl ------------------------------------------------------------------------ r13933 | joao | 2009-06-27 16:00:27 -0700 (Sat, 27 Jun 2009) | 2 lines SSL transparent support using comm.tryssl ------------------------------------------------------------------------ r13932 | joao | 2009-06-27 15:19:58 -0700 (Sat, 27 Jun 2009) | 2 lines Included transparent ssl support to function pop3.capabilities using comm.tryssl ------------------------------------------------------------------------ r13931 | joao | 2009-06-27 15:19:06 -0700 (Sat, 27 Jun 2009) | 3 lines New version of comm.lua with function tryssl, that transparently adds support to ssl connections ------------------------------------------------------------------------ r13930 | joao | 2009-06-27 14:50:38 -0700 (Sat, 27 Jun 2009) | 6 lines Fixed buffering problem exposed by david on nmap-dev list. The problem was solved using a buffer to receive the data, making the script work fine in cases where the ssh packets are fragmented. A very similar solution was applied to ssh1.lua. ------------------------------------------------------------------------ r13928 | batrick | 2009-06-27 04:43:12 -0700 (Sat, 27 Jun 2009) | 18 lines [NSE] We now propogate a NSE initiated yield on a script through all user coroutines so that NSE may resume control. Previously, scripts that would yield in a child coroutine (e.g. a script's child coroutine generated by Lua's coroutine.create function) would give control back to the script. A script would yield in this way by making a blocking socket operation. NSE would be unable to correctly resume child coroutine when the socket operation is finished processing. By yielding the chain of coroutines a script has operating, we allow to NSE to handle the socket operation properly. NSE would then resume the entire chain so execution may correctly resume at the coroutine which initiated the socket operation. This restores the "illusion" that a script executes without interruption. See [1] for more information, further explanation, and some use cases. [1] http://seclists.org/nmap-dev/2009/q2/0586.html ------------------------------------------------------------------------ r13817 | david | 2009-06-18 15:57:29 -0700 (Thu, 18 Jun 2009) | 3 lines Improve an OS fingerprint with a model number and broader matching. Based on a follow-up report from a submitter. ------------------------------------------------------------------------ r13814 | josh | 2009-06-17 21:34:15 -0700 (Wed, 17 Jun 2009) | 3 lines [zenmap] Added support to zenmap for the new SCTP options: -PY, -sY and -sZ ------------------------------------------------------------------------ r13797 | ron | 2009-06-17 11:02:18 -0700 (Wed, 17 Jun 2009) | 1 line Applied a patch from Mak Kolibabi that enhances the output of smb-enum-processes. The output is now modeled after the output of the 'ps' tool for higher verbosity levels. ------------------------------------------------------------------------ r13795 | david | 2009-06-17 09:05:21 -0700 (Wed, 17 Jun 2009) | 6 lines The configure script now allows cross-compiling by assuming that libpcap is recent enough. Previously it would quit because a test program could not be run. libpcap will always be recent enough when the included copy is used. The patch was contributed by Mike Frysinger.
236 lines
8.2 KiB
Lua
236 lines
8.2 KiB
Lua
--- Functions for the SSH-2 protocol.
|
|
-- @author Sven Klemm <sven@c3d2.de>
|
|
-- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
|
|
|
|
module(... or "ssh2",package.seeall)
|
|
|
|
require "bin"
|
|
require "base64"
|
|
require "openssl"
|
|
require "stdnse"
|
|
|
|
-- table holding transport layer functions
|
|
transport = {}
|
|
|
|
-- table of SSH-2 constants
|
|
local SSH2
|
|
|
|
--- Retrieve the size of the packet that is being received
|
|
-- and checks if it is fully received
|
|
--
|
|
-- This function is very similar to the function generated
|
|
-- with match.numbytes(num) function, except that this one
|
|
-- will check for the number of bytes on-the-fly, based on
|
|
-- the written on the SSH packet.
|
|
--
|
|
-- @param buffer The receive buffer
|
|
-- @return packet_length, packet_length or nil
|
|
-- the return is similar to the lua function string:find()
|
|
check_packet_length = function( buffer )
|
|
local packet_length, offset
|
|
offset, packet_length = bin.unpack( ">I", buffer )
|
|
assert(packet_length)
|
|
if packet_length + 4 > buffer:len() then return nil end
|
|
return packet_length, packet_length
|
|
end
|
|
|
|
--- Receives a complete SSH packet, even if fragmented
|
|
-- this function is an abstraction layer to deal with
|
|
-- checking the packet size to know if there is any more
|
|
-- data to receive.
|
|
--
|
|
-- @param socket The socket used to receive the data
|
|
-- @return status True or false
|
|
-- @return packet The packet received
|
|
transport.receive_packet = function( socket )
|
|
status, packet = socket:receive_buf(check_packet_length)
|
|
return status, packet
|
|
end
|
|
|
|
--- Pack a multiprecision integer for sending.
|
|
-- @param bn <code>openssl</code> bignum.
|
|
-- @return Packed multiprecision integer.
|
|
transport.pack_mpint = function( bn )
|
|
local bytes, packed
|
|
bytes = bn:num_bytes()
|
|
packed = bn:tobin()
|
|
if bytes % 8 == 0 then
|
|
bytes = bytes + 1
|
|
packed = string.char(0) .. packed
|
|
end
|
|
return bin.pack( ">IA", bytes, packed )
|
|
end
|
|
|
|
--- Build an SSH-2 packet.
|
|
-- @param payload Payload of the packet.
|
|
-- @return Packet to send on the wire.
|
|
transport.build = function( payload )
|
|
local packet_length, padding_length
|
|
padding_length = 8 - ( (payload:len() + 1 + 4 ) % 8 )
|
|
packet_length = payload:len() + padding_length + 1
|
|
return bin.pack( ">IcAA", packet_length, padding_length, payload, openssl.rand_pseudo_bytes( padding_length ) )
|
|
end
|
|
|
|
--- Extract the payload from a received SSH-2 packet.
|
|
-- @param packet Peceived SSH-2 packet.
|
|
-- @return Payload of the SSH-2 packet.
|
|
transport.payload = function( packet )
|
|
local packet_length, padding_length, payload_length, payload, offset
|
|
offset, packet_length, padding_length = bin.unpack( ">Ic", packet )
|
|
assert(packet_length and padding_length)
|
|
payload_length = packet_length - padding_length - 1
|
|
if packet_length ~= packet:len() then
|
|
stdnse.print_debug("SSH-2 packet doesn't match length: payload_length is %d but total length is only %d.", packet_length, packet:len())
|
|
return nil
|
|
end
|
|
offset, payload = bin.unpack( ">A" .. payload_length, packet, offset )
|
|
return payload
|
|
end
|
|
|
|
--- Build a <code>kexdh_init</code> packet.
|
|
transport.kexdh_init = function( e )
|
|
return bin.pack( ">cA", SSH2.SSH_MSG_KEXDH_INIT, transport.pack_mpint( e ) )
|
|
end
|
|
|
|
--- Build a <code>kex_init</code> packet.
|
|
transport.kex_init = function( cookie, options )
|
|
options = options or {}
|
|
kex_algorithms = "diffie-hellman-group1-sha1"
|
|
host_key_algorithms = options['host_key_algorithms'] or "ssh-dss,ssh-rsa"
|
|
encryption_algorithms = "aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr"
|
|
mac_algorithms = "hmac-md5,hmac-sha1,hmac-ripemd160"
|
|
compression_algorithms = "none"
|
|
languages = ""
|
|
|
|
local payload = bin.pack( ">cAaa", SSH2.SSH_MSG_KEXINIT, cookie, kex_algorithms, host_key_algorithms )
|
|
payload = payload .. bin.pack( ">aa", encryption_algorithms, encryption_algorithms )
|
|
payload = payload .. bin.pack( ">aa", mac_algorithms, mac_algorithms )
|
|
payload = payload .. bin.pack( ">aa", compression_algorithms, compression_algorithms )
|
|
payload = payload .. bin.pack( ">aa", languages, languages )
|
|
payload = payload .. bin.pack( ">cI", 0, 0 )
|
|
|
|
return payload
|
|
end
|
|
|
|
--- Parse a <code>kexinit</code> package.
|
|
--
|
|
-- Returns an empty table in case of an error
|
|
transport.parse_kex_init = function( payload )
|
|
local _, offset, msg_code, parsed, fields, fieldname
|
|
parsed = {}
|
|
|
|
-- check for proper msg code
|
|
offset, msg_code = bin.unpack( ">c", payload )
|
|
if msg_code ~= SSH2.SSH_MSG_KEXINIT then return {} end
|
|
|
|
offset, parsed.cookie = bin.unpack( ">A16", payload, offset )
|
|
|
|
fields = {'kex_algorithms','server_host_key_algorithms',
|
|
'encryption_algorithms_client_to_server','encryption_algorithms_server_to_client',
|
|
'mac_algorithms_client_to_server','mac_algorithms_server_to_client',
|
|
'compression_algorithms_client_to_server','compression_algorithms_server_to_client',
|
|
'languages_client_to_server','languages_server_to_client'}
|
|
for _, fieldname in pairs( fields ) do
|
|
offset, parsed[fieldname] = bin.unpack( ">a", payload, offset )
|
|
end
|
|
|
|
return parsed
|
|
end
|
|
|
|
|
|
--- Fetch an SSH-2 host key.
|
|
-- @param host Nmap host table.
|
|
-- @param port Nmap port table.
|
|
-- @param key_type key type to fetch.
|
|
-- @return A table with the following fields: <code>key</code>,
|
|
-- <code>key_type</code>, <code>fp_input</code>, <code>bits</code>,
|
|
-- <code>full_key</code>, <code>algorithm</code>, and <code>fingerprint</code>.
|
|
fetch_host_key = function( host, port, key_type )
|
|
local socket = nmap.new_socket()
|
|
local status
|
|
|
|
-- oakley group 2 prime taken from rfc 2409
|
|
local prime = "FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD129024E088A67CC74020BBEA63B139B22514A08798E3404DDEF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7EDEE386BFB5A899FA5AE9F24117C4B1FE649286651ECE65381FFFFFFFFFFFFFFFF"
|
|
|
|
status = socket:connect(host.ip, port.number)
|
|
if not status then return end
|
|
-- fetch banner
|
|
status = socket:receive_lines(1)
|
|
if not status then socket:close(); return end
|
|
-- send our banner
|
|
status = socket:send("SSH-2.0-Nmap-SSH2-Hostkey\r\n")
|
|
if not status then socket:close(); return end
|
|
|
|
local cookie = openssl.rand_bytes( 16 )
|
|
local packet = transport.build( transport.kex_init( cookie, {host_key_algorithms=key_type} ) )
|
|
status = socket:send( packet )
|
|
if not status then socket:close(); return end
|
|
|
|
local kex_init
|
|
status, kex_init = transport.receive_packet( socket )
|
|
if not status then socket:close(); return end
|
|
kex_init = transport.parse_kex_init( transport.payload( kex_init ) )
|
|
|
|
if not tostring(kex_init.server_host_key_algorithms):find( key_type, 1, true ) then
|
|
-- server does not support host key type
|
|
stdnse.print_debug( 2, "Hostkey type '%s' not supported by server.", key_type )
|
|
return
|
|
end
|
|
|
|
local e, g, x, p
|
|
-- e = g^x mod p
|
|
g = openssl.bignum_dec2bn( "2" )
|
|
p = openssl.bignum_hex2bn( prime )
|
|
x = openssl.bignum_pseudo_rand( 1024 )
|
|
e = openssl.bignum_mod_exp( g, x, p )
|
|
|
|
packet = transport.build( transport.kexdh_init( e ) )
|
|
status = socket:send( packet )
|
|
if not status then socket:close(); return end
|
|
|
|
local kexdh_reply
|
|
status, kexdh_reply = transport.receive_packet( socket )
|
|
kexdh_reply = transport.payload( kexdh_reply )
|
|
-- check for proper msg code
|
|
if kexdh_reply:byte(1) ~= SSH2.SSH_MSG_KEXDH_REPLY then
|
|
return
|
|
end
|
|
|
|
local _,public_host_key,bits,algorithm
|
|
_, _, public_host_key = bin.unpack( ">ca", kexdh_reply )
|
|
|
|
if key_type == 'ssh-dss' then
|
|
algorithm = "DSA"
|
|
local p
|
|
_, _, p = bin.unpack( ">aa", public_host_key )
|
|
bits = openssl.bignum_bin2bn( p ):num_bits()
|
|
elseif key_type == 'ssh-rsa' then
|
|
algorithm = "RSA"
|
|
local n
|
|
_, _, _, n = bin.unpack( ">aaa", public_host_key )
|
|
bits = openssl.bignum_bin2bn( n ):num_bits()
|
|
else
|
|
stdnse.print_debug( "Unsupported key type: %s", key_type )
|
|
end
|
|
|
|
return { key=public_host_key, key_type=key_type, fp_input=public_host_key, bits=bits,
|
|
full_key=('%s %s'):format(key_type,base64.enc(public_host_key)),
|
|
algorithm=algorithm, fingerprint=openssl.md5(public_host_key) }
|
|
end
|
|
|
|
-- constants
|
|
|
|
SSH2 = {
|
|
SSH_MSG_DISCONNECT = 1,
|
|
SSH_MSG_IGNORE = 2,
|
|
SSH_MSG_UNIMPLEMENTED = 3,
|
|
SSH_MSG_DEBUG = 4,
|
|
SSH_MSG_SERVICE_REQUEST = 5,
|
|
SSH_MSG_SERVICE_ACCEPT = 6,
|
|
SSH_MSG_KEXINIT = 20,
|
|
SSH_MSG_NEWKEYS = 21,
|
|
SSH_MSG_KEXDH_INIT = 30,
|
|
SSH_MSG_KEXDH_REPLY = 31,
|
|
}
|
|
|