PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity
Files
c0628fd141744c4f73fcc6d5ab40348b51e6ca46
nmap/scripts/x11-access.nse
dmiller fb67a6717e Re-indent some libs and scripts, change 4 to 2-space indent 
Mostly found with:

    for i in nselib/*.lua scripts/*.nse; do
      echo $(perl -lne 'BEGIN{$a=$p=0}next unless $_;/^(\s*)/;' \
        -e '$l=length$1;next if$l==$p;$a+=(abs($l-$p)-$a)/$.;' \
        -e '$p=$l;END{print$a}' $i) $i
    done | sort -nr

And indented with: https://gist.github.com/bonsaiviking/8845871

whois-ip.nse was particularly mangled (probably my fault due to using
vim's built-in indentation script, but it could be structured better)
2014-02-06 23:25:28 +00:00

75 lines
2.2 KiB
Lua
Raw Blame History

local nmap = require "nmap"
local string = require "string"
-- NSE x11-access v1.3
description = [[
Checks if you're allowed to connect to the X server.
If the X server is listening on TCP port 6000+n (where n is the display
number), it is possible to check if you're able to get connected to the
remote display by sending a X11 initial connection request.
In reply, the success byte (0x00 or 0x01) will determine if you are in
the <code>xhost +</code> list. In this case, script will display the message:
<code>X server access is granted</code>.
]]
---
-- @output
-- Host script results:
-- |_ x11-access: X server access is granted
--
-- @xmloutput
-- true
author = "vladz"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "safe", "auth"}
portrule = function(host, port)
return ((port.number >= 6000 and port.number <= 6009)
or (port.service and string.match(port.service, "^X11")))
-- If port.version.product is not equal to nil, version
-- detection "-sV" has already done this X server test.
and port.version.product == nil
end
action = function(host, port)
local result, socket, try, catch
socket = nmap.new_socket()
catch = function()
socket:close()
end
try = nmap.new_try(catch)
try(socket:connect(host, port))
-- Sending the network dump of a x11 connection request (captured
-- from the XOpenDisplay() function):
--
-- 0x6c 0x00 0x0b 0x00 0x00 0x00 0x00
-- 0x00 0x00 0x00 0x00 0x00 0x00
try(socket:send("\108\000\011\000\000\000\000\000\000\000\000\000"))
-- According to the XOpenDisplay() sources, server answer is
-- stored in a xConnSetupPrefix structure [1]. The function
-- returns NULL if it does not succeed, and more precisely: When
-- the success field of this structure (stored on 1 byte) is not
-- equal to xTrue [2]. For more information, see the Xlib
-- programming Manual [3].
--
-- [1] xConnSetupPrefix structure is defined in X11/Xproto.h.
-- [2] xTrue = 0x01 according to X11/Xproto.h.
-- [3] http://www.sbin.org/doc/Xlib
result = try(socket:receive_bytes(1))
socket:close()
-- Check if first byte received is 0x01 (xTrue: succeed).
if string.match(result, "^\001") then
return true, "X server access is granted"
end
end
Reference in New Issue View Git Blame Copy Permalink