Nmap Development mailing list archives
[PATCH] NSE "Comm" library + 18 shortened scripts
From: Kris Katterjohn <katterjohn () gmail com>
Date: Sat, 12 Apr 2008 21:47:12 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey everyone, I've attached a new NSE "Comm" library. Standing for something like "COMMon COMMunications," this NSElib adds two functions: get_banner() and exchange(). Obviously the specialized http library and any other protocol-specific libraries created will be more useful in some circumstances, but as you'll see below, this library consolidates code in a lot of separate scripts into these functions. Maybe any other libraries could use this one as a back-end. The top comment in comm.lua goes into some more detail about the usage, but here's the gist: comm.get_banner(host, port, [opts]) comm.exchange(host, port, data, [opts]) get_banner() does just what it sounds like it does: connects to the host, reads whatever it gives us, and then returns it. connect -> read -> close -> return exchange() connects to the host, sends the requested data, reads whatever it gives us, and then returns it. connect -> send -> read -> close -> return The functions are designed to be used with exception handling via nmap.new_try(). An optional table can be passed to these functions, allowing for additional options. The table can have the following keys: bytes - The minimum amount of bytes to receive lines - The minimum amount of lines to receive proto - Protocol to connect() with; defaults to "tcp" timeout - Socket timeout A whole lot of scripts did the same basic thing: open a socket, possibly set a timeout, possibly send some data, and then (possibly looping to) read all of the data. Now all of that can be done with a single function call. I've attached a patch updating 18 scripts to use this library. This stripped some of them down to almost nothing. I haven't been able to test all of the scripts, so I need somebody else to verify that they work correctly. Here's a list so far: Tested - ------ HTTPtrace nbstat ripeQuery rpcinfo echoTest chargenTest daytimeTest dns-test-open-recursion showSMTPVersion finger Untested - -------- MySQLinfo HTTP_open_proxy PPTPversion kibuvDetection ircZombieTest iax2Detect skype_v2-version mswindowShell Of course if you could also test the ones I've already done, that'd be great. Even just giving a quick look-over the library or patch for any possible mistakes would be helpful as well. So: o Is the interface good? I think "get_banner" and "exchange" are simple and concise, but any suggestions for better names are welcome. o Are there any other options that should be added to the table? Thanks, Kris Katterjohn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIVAwUBSAFz7P9K37xXYl36AQKecw/+NHmP47qZ7SM1Nodu8XFWquFnArPPAegj s69Ea36vBATn3IoDI/qpZV6S+WSc4MYAfiQnU7Tv9sKTPzzrcO+SUjDRi6u6JGDv V4JM9ToB9JdXWNOFfP+9OzttRFwgQRav//xCkNOYXLjztUn4Nd+KKovDzKGZQlqb mK7BpujOiyu7kIZKQI6N1hCShv6IqwJAAZXBLmXvBJzeJWDL887luNeUztEt2Eqs kTEU3Aoey71KmGxXb5pwJQH5R5kPio9EyhFYNCGNM3blCaHAha1IOHbDTicHf4cV jiLFMTu5/cCoV8SxbqsXVlQBzMeXVW441Ak3tP1/IR/tNa5OdYmCSiS3EsLIDg8k kBqOdfInDiPNDqBcN671tbCr8czkYMYbOciCh2X5pYdd4I9ixaHJjlMKzYjAxs4N FEAy4X+gkxVjcOnqCongtFl0WYIylxMsNxcJf5LUO7B64RANXzyAL/ITyicMCRCw 9b5ppcMLGYzcnxk72DOweUYjnL8VfTH6CtLlCQUBo+LYTTlfHV3vP/VmN1jdIQ2E WWU+uHTvEci2uUCOITU+qGlsDej9sPjlCXqoDpj9RCij3cM1p6ZzQyamlRBK6cOl nOtEuMrsoSND0a9k5eAdUUqTS1CFKUOT+rdv4+IL0A82D9bA93oI6gnE+LQeuOYS c6pTHHRzTuw= =Uy5U -----END PGP SIGNATURE-----
-- Kris Katterjohn 04/2008 module(..., package.seeall) ------ -- -- The Functions: -- -- get_banner(host, port, [opts]) -- exchange(host, port, data, [opts]) -- -- get_banner() does just what it sounds like it does: connects to the -- host, reads whatever it gives us, and then returns it. -- -- exchange() connects to the host, sends the requested data, reads -- whatever it gives us, and then returns it. -- -- Both of these functions return multiple values so that they can be -- used with exception handling via nmap.new_try(). The second value -- they return is either the response from the host, or the error message -- from one of the previous calls (connect, send, receive*). -- -- These functions can be passed a table of options with the following keys: -- -- bytes: Specifies the minimum amount of bytes to be read from the host -- lines: Specifies the minimum amount of lines to be read from the host -- proto: Specifies the protocol to use. Defaults to "tcp" -- timeout: Sets the socket's timeout with nmap.set_timeout() -- -- If neither lines nor bytes are specified, the calls read as many lines -- as possible. If only bytes if specified, then it only tries to read that -- many bytes. Likewise, it only lines if specified, then it only tries to -- read that many lines. If they're both specified, the lines value is used. -- ------ -- Makes sure that opts exists and the default proto is there local initopts = function(opts) if not opts then opts = {} end if not opts.proto then opts.proto = "tcp" end return opts end -- Sets up the socket and connects to host:port local setup_connect = function(host, port, opts) if type(host) ~= "table" then host = {ip = host} end local target = host.targetname or host.ip or host.name if type(port) ~= "table" then port = {number = port} end local sock = nmap.new_socket() if opts.timeout then sock:set_timeout(opts.timeout) end local status, err = sock:connect(target, port.number, opts.proto) if not status then return status, err end return true, sock end local read = function(sock, opts) if opts.lines then return sock:receive_lines(opts.lines) elseif opts.bytes then return sock:receive_bytes(opts.bytes) end local response = "" while true do local status, line = sock:receive_lines(1) if not status then break end response = response .. line end return true, response end get_banner = function(host, port, opts) opts = initopts(opts) local status, sock = setup_connect(host, port, opts) local ret if not status then -- sock is an error message in this case return status, sock end status, ret = read(sock, opts) sock:close() return status, ret end exchange = function(host, port, data, opts) opts = initopts(opts) local status, sock = setup_connect(host, port, opts) local ret if not status then -- sock is an error message in this case return status, sock end status, ret = sock:send(data) if not status then sock:close() return status, ret end status, ret = read(sock, opts) sock:close() return status, ret end
Index: scripts/daytimeTest.nse =================================================================== --- scripts/daytimeTest.nse (revision 7153) +++ scripts/daytimeTest.nse (working copy) @@ -8,16 +8,13 @@ categories = {"demo"} +require "comm" require "shortport" portrule = shortport.port_or_service(13, "daytime", "udp") action = function(host, port) - local socket = nmap.new_socket() - socket:connect(host.ip, port.number, "udp") - socket:send("dummy") - local status, result = socket:receive_lines(1); - socket:close() + local status, result = comm.exchange(host, port, "dummy", {lines=1, proto="udp"}) if (result ~= nil) then return "Daytime: " .. result Index: scripts/HTTPtrace.nse =================================================================== --- scripts/HTTPtrace.nse (revision 7153) +++ scripts/HTTPtrace.nse (working copy) @@ -18,6 +18,7 @@ categories = {"discovery"} +require "comm" require "shortport" require "stdnse" @@ -76,31 +77,14 @@ portrule = shortport.port_or_service({80, 8080}, "http") action = function(host, port) - local cmd, response - local socket + local cmd = "TRACE / HTTP/1.0\r\n\r\n" - socket = nmap.new_socket() + local status, response = comm.exchange(host, port, cmd, {timeout=5000}) - socket:connect(host.ip, port.number) - - cmd = "TRACE / HTTP/1.0\r\n\r\n" - - socket:send(cmd) - - response = "" - - while true do - local status, lines = socket:receive_lines(1) - - if not status then - break - end - - response = response .. lines + if not status then + return end - socket:close() - return validate(response, cmd) end Index: scripts/dns-test-open-recursion.nse =================================================================== --- scripts/dns-test-open-recursion.nse (revision 7153) +++ scripts/dns-test-open-recursion.nse (working copy) @@ -9,6 +9,7 @@ categories = {"intrusive"} require "bit" +require "comm" require "shortport" portrule = shortport.portnumber(53, "udp") @@ -18,12 +19,11 @@ -- generate dns query, Transaction-ID 0xdead, isc.sans.org (type A, class IN) local request = string.char(0xde, 0xad, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03) .. "isc" .. string.char(0x04) .. "sans" .. string.char(0x03) .. "org" .. string.char(0x00, 0x00, 0x01, 0x00, 0x01) - local socket = nmap.new_socket() - socket:connect(host.ip, port.number, "udp") - socket:send(request) + local status, result = comm.exchange(host, port, request, {proto="udp"}) - local status, result = socket:receive(); - socket:close() + if not status or result == "" then + return + end -- parse response for dns flags if (bit.band(string.byte(result,3), 0x80) == 0x80 Index: scripts/chargenTest.nse =================================================================== --- scripts/chargenTest.nse (revision 7153) +++ scripts/chargenTest.nse (working copy) @@ -8,18 +8,15 @@ categories = {"demo"} +require "comm" require "shortport" portrule = shortport.port_or_service(19, "chargen", "udp") action = function(host, port) - local socket = nmap.new_socket() - socket:connect(host.ip, port.number, "udp") - socket:send("dummy") - local status, result = socket:receive_lines(1); - socket:close() + local status, result = comm.exchange(host, port, "dummy", {lines=1, proto="udp"}) - if (result ~= nil) then + if (result ~= "") then return "Chargen: success" else return "Chargen: something went wrong" Index: scripts/echoTest.nse =================================================================== --- scripts/echoTest.nse (revision 7153) +++ scripts/echoTest.nse (working copy) @@ -9,18 +9,16 @@ categories = {"demo"} +require "comm" require "shortport" portrule = shortport.port_or_service(7, "echo", "udp") action = function(host, port) local echostr = "hello there" - local socket = nmap.new_socket() - socket:connect(host.ip, port.number, "udp") - socket:send(echostr) - local status, result = socket:receive_lines(1); - socket:close() + local status, result = comm.exchange(host, port, echostr, {lines=1, proto="udp"}) + if (result == echostr) then return "UDP Echo: correct response" end Index: scripts/kibuvDetection.nse =================================================================== --- scripts/kibuvDetection.nse (revision 7153) +++ scripts/kibuvDetection.nse (working copy) @@ -16,16 +16,14 @@ categories = {"malware"} +require "comm" require "shortport" portrule = shortport.port_or_service({7955, 14920, 42260}, "ftp") action = function(host, port) - local socket = nmap.new_socket() + local status, s = comm.get_banner(host, port, {lines=1}) - socket:connect(host.ip, port.number) - local status, s = socket:receive_lines(1) - if string.match(s, "220 StnyFtpd 0wns j0") or string.match(s, "220 fuckFtpd 0wns j0") Index: scripts/MySQLinfo.nse =================================================================== --- scripts/MySQLinfo.nse (revision 7153) +++ scripts/MySQLinfo.nse (working copy) @@ -18,6 +18,7 @@ categories = { "discovery", "safe" } require 'bit' +require 'comm' -- Grabs NUL-terminated string local getstring = function(orig) @@ -114,28 +115,14 @@ end action = function(host, port) - local sock - local response = "" local output = "" - sock = nmap.new_socket() + local status, response = comm.get_banner(host, ip, {timeout=5000}) - sock:set_timeout(5000) - - sock:connect(host.ip, port.number) - - while true do - local status, line = sock:receive_lines(1) - - if not status then - break - end - - response = response .. line + if not status then + return end - sock:close() - local length = ntoh3(response:sub(1, 3)) if length ~= response:len() - 4 then Index: scripts/skype_v2-version.nse =================================================================== --- scripts/skype_v2-version.nse (revision 7153) +++ scripts/skype_v2-version.nse (working copy) @@ -3,6 +3,7 @@ author = "Brandon Enright <bmenrigh () ucsd edu>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"version"} +require "comm" portrule = function(host, port) if (port.number == 80 or @@ -22,42 +23,25 @@ end action = function(host, port) + local status, result = comm.exchange(host, port, "GET / HTTP/1.0\r\n\r\n", {bytes=26, proto=port.protocol}) - local socket = nmap.new_socket() - local result; - local status = true - - socket:connect(host.ip, port.number, port.protocol) - socket:send("GET / HTTP/1.0\r\n\r\n") - - status, result = socket:receive_bytes(26); - if (not status) then - socket:close() return end if (result ~= "HTTP/1.0 404 Not Found\r\n\r\n") then - socket:close() return end - socket:close(); - -- So far so good, now see if we get random data for another request - socket:connect(host.ip, port.number, port.protocol) - socket:send("random data\r\n\r\n") + status, result = comm.exchange(host, port, "random data\r\n\r\n", {bytes=15, proto=port.protocol}) - status, result = socket:receive_bytes(15); - if (not status) then - socket:close() return end if string.match(result, "[^%s!-~].*[^%s!-~].*[^%s!-~].*[^%s!-~]") then - socket:close() port.version.name = "skype2" port.version.confidence = 10 port.version.fingerprint = nil @@ -66,7 +50,5 @@ -- return "Skype v2 server detected" end - socket:close(); - return end Index: scripts/showSMTPVersion.nse =================================================================== --- scripts/showSMTPVersion.nse (revision 7153) +++ scripts/showSMTPVersion.nse (working copy) @@ -8,20 +8,14 @@ categories = {"demo"} +require "comm" require "shortport" portrule = shortport.port_or_service(25, "smtp") action = function(host, port) - - local client = nmap.new_socket() + local status, result = comm.get_banner(host, port, {lines=1}) - client:connect(host.ip, port.number) - - local status, result = client:receive_lines(1); - - client:close() - if result ~= nil then result = string.gsub(result, "\n", "") end Index: scripts/nbstat.nse =================================================================== --- scripts/nbstat.nse (revision 7153) +++ scripts/nbstat.nse (working copy) @@ -11,6 +11,8 @@ categories = {"discovery", "safe"} +require "comm" + -- I have excluded the port function param because it doesn't make much sense -- for a hostrule. It works without warning. The NSE documentation is -- not explicit enough in this regard. @@ -49,46 +51,22 @@ -- Again, I have excluded the port param. Is this okay on a hostrule? action = function(host) - local socket = nmap.new_socket() - - socket:set_timeout(5000) - - local result - local status = true - - status, result = socket:connect(host.ip, 137, "udp") - - if (not status) then - -- Can a UDP connect ever fail? - return - end - -- This is the UDP NetBIOS request packet. I didn't feel like -- actually generating a new one each time so this has been shamelessly -- copied from a packet dump of nbtscan. -- See http://www.unixwiz.net/tools/nbtscan.html for code. -- The magic number in this code is \003\097. - status, result = socket:send( + local data = "\003\097\000\016\000\001\000\000" .. "\000\000\000\000\032\067\075\065" .. "\065\065\065\065\065\065\065\065" .. "\065\065\065\065\065\065\065\065" .. "\065\065\065\065\065\065\065\065" .. "\065\065\065\065\065\000\000\033" .. - "\000\001") + "\000\001" - if (not status) then - -- Can the first UDP send ever fail? - return - end + local status, result = comm.exchange(host, 137, data, {bytes=1, proto="udp", timeout=5000}) - -- this receive_bytes will consume all the input available - -- with a minimum of 1 byte. - status, result = socket:receive_bytes(1); - - -- We don't need this socket anymore - socket:close() - if (not status) then return end Index: scripts/iax2Detect.nse =================================================================== --- scripts/iax2Detect.nse (revision 7153) +++ scripts/iax2Detect.nse (working copy) @@ -9,43 +9,36 @@ categories = {"version"} +require "comm" require "shortport" portrule = shortport.portnumber(4569, "udp") action = function(host, port) - local soc = nmap.new_socket() - soc:set_timeout(10000) - local conn = soc:connect(host.ip, port.number, port.protocol) + -- see http://www.cornfed.com/iax.pdf for all options. + local poke = string.char(0x80, 0x00, 0x00, 0x00) + poke = poke .. string.char(0x00, 0x00, 0x00, 0x00) + poke = poke .. string.char(0x00, 0x00, 0x06, 0x1e) - if (conn) then - -- see http://www.cornfed.com/iax.pdf for all options. - local poke = string.char(0x80, 0x00, 0x00, 0x00) - poke = poke .. string.char(0x00, 0x00, 0x00, 0x00) - poke = poke .. string.char(0x00, 0x00, 0x06, 0x1e) - soc:send(poke) + local status, recv = comm.exchange(host, port, poke, {proto=port.protocol,timeout=10000}) - local status, recv - status, recv = soc:receive_bytes(1) - - if (string.len(recv)) == 12 then - local byte11 = string.format("%02X", string.byte(recv, 11)) - local byte12 = string.format("%02X", string.byte(recv, 12)) + if not status then + return + end - -- byte11 must be \x06 IAX Control Frame - -- and byte12 must be \x03 or \x04 - if ((byte11 == "06") and - (byte12 == ("03" or "04"))) - then - nmap.set_port_state(host, port, "open") - port.version.name = "iax2" - nmap.set_port_version(host, port, "hardmatched") - end - + if (string.len(recv)) == 12 then + local byte11 = string.format("%02X", string.byte(recv, 11)) + local byte12 = string.format("%02X", string.byte(recv, 12)) + + -- byte11 must be \x06 IAX Control Frame + -- and byte12 must be \x03 or \x04 + if ((byte11 == "06") and + (byte12 == ("03" or "04"))) + then + nmap.set_port_state(host, port, "open") + port.version.name = "iax2" + nmap.set_port_version(host, port, "hardmatched") end - soc:close() - end - end Index: scripts/rpcinfo.nse =================================================================== --- scripts/rpcinfo.nse (revision 7153) +++ scripts/rpcinfo.nse (working copy) @@ -5,6 +5,7 @@ license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"safe","discovery"} +require "comm" require "shortport" require "packet" require "datafiles" @@ -12,14 +13,12 @@ portrule = shortport.port_or_service(111, "rpcbind") action = function(host, port) - local try, catch + local try local transaction_id = "nmap" - local socket = nmap.new_socket() local result = " \n" local rpc_numbers - catch = function() socket:close() end - try = nmap.new_try( catch ) + try = nmap.new_try() rpc_numbers = try(datafiles.parse_rpc()) local request = string.char(0x80,0,0,40) -- fragment header @@ -29,16 +28,8 @@ request = request .. "\0\0\0\2\0\0\0\4" -- programm version (2) procedure dump(4) request = request .. "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"-- Credentials and verifier - socket:set_timeout(1000) - try( socket:connect(host.ip, port.number) ) - try( socket:send( request ) ) - local status, answer, answer_part - status, answer = socket:receive_bytes( 1 ) - while status do - status, answer_part = socket:receive_bytes( 1 ) - if status then answer = answer .. answer_part end - end - socket:close() + local answer = try(comm.exchange(host, port, request, {timeout=1000})) + local answer_part local fragment_length = answer:byte(4) + answer:byte(3) * 256 + answer:byte(2) * 65536 if answer:sub(5,8) == transaction_id and answer:byte(12) == 1 and answer:byte(16) == 0 and answer:byte(28) == 0 then Index: scripts/HTTP_open_proxy.nse =================================================================== --- scripts/HTTP_open_proxy.nse (revision 7153) +++ scripts/HTTP_open_proxy.nse (working copy) @@ -9,6 +9,8 @@ description="Test if a discovered proxy is open to us by connecting to www.google.com and checking for the 'Server: GWS/' header response." tags = {"intrusive"} +require 'comm' + -- I found a nice explode() function in lua-users' wiki. I had to fix it, though. -- http://lua-users.org/wiki/LuaRecipes function explode(d,p) @@ -39,22 +41,14 @@ end action = function(host, port) - local socket = nmap.new_socket() - local result - local status = true local response local i -- We will return this if we don't find "^Server: GWS" in response headers local retval - socket:set_timeout(10000); - socket:connect(host.ip, port.number, port.protocol) - -- Ask proxy to open www.google.com - socket:send("GET http://www.google.com HTTP/1.0\r\nHost: www.google.com\r\n\r\n") - --- read the response, if any - status, result = socket:receive_lines(1) + local req = "GET http://www.google.com HTTP/1.0\r\nHost: www.google.com\r\n\r\n" + local status, result = comm.exchange(host, port, req, {proto=port.protocol, timeout=10000}) -- Explode result into the response table if (status == false) or (result == "TIMEOUT") then @@ -74,7 +68,5 @@ end end --- close the socket and exit, returning the retval string. - socket:close() return retval end Index: scripts/finger.nse =================================================================== --- scripts/finger.nse (revision 7153) +++ scripts/finger.nse (working copy) @@ -8,29 +8,13 @@ categories = {"discovery"} +require "comm" require "shortport" portrule = shortport.port_or_service(79, "finger") action = function(host, port) - local socket = nmap.new_socket() - local results = "" - local status = true + local try = nmap.new_try() - local err_catch = function() - socket:close() - end - - local try = nmap.new_try(err_catch()) - - socket:set_timeout(5000) - try(socket:connect(host.ip, port.number, port.protocol)) - try(socket:send("\r\n")) - - status, results = socket:receive_lines(100) - socket:close() - - if not(status) then - return results - end + return try(comm.exchange(host, port, "\r\n", {lines=100, proto=port.protocol, timeout=5000})) end Index: scripts/mswindowsShell.nse =================================================================== --- scripts/mswindowsShell.nse (revision 7153) +++ scripts/mswindowsShell.nse (working copy) @@ -9,22 +9,14 @@ categories = {"backdoor"} +require "comm" require "shortport" portrule = shortport.port_or_service(8888, "auth") action = function(host, port) - local status = 0 - local result = "" + local status, result = comm.get_banner(host, port, {bytes=4096}) - local client_ident = nmap.new_socket() - - client_ident:connect(host.ip, port.number) - - status, result = client_ident:receive_bytes(4096) - - client_ident:close() - if string.match(result, "Microsoft Windows") then return "Possible open windows shell found." end Index: scripts/ircZombieTest.nse =================================================================== --- scripts/ircZombieTest.nse (revision 7153) +++ scripts/ircZombieTest.nse (working copy) @@ -9,22 +9,14 @@ categories = {"malware"} +require "comm" require "shortport" portrule = shortport.port_or_service(113, "auth") action = function(host, port) - local status = 0 - local owner = "" + local status, owner = comm.get_banner(host, port, {lines=1}) - local client_ident = nmap.new_socket() - - client_ident:connect(host.ip, port.number) - - status, owner = client_ident:receive_lines(1) - - client_ident:close() - if owner == "TIMEOUT" then return end Index: scripts/ripeQuery.nse =================================================================== --- scripts/ripeQuery.nse (revision 7153) +++ scripts/ripeQuery.nse (working copy) @@ -1,3 +1,4 @@ +require "comm" require "ipOps" id = "RIPE query" @@ -12,25 +13,8 @@ end action = function(host, port) - local socket = nmap.new_socket() - local status, line - local result = "" + local status, result = comm.exchange("whois.ripe.net", 43, host.ip .. "\n") - socket:connect("whois.ripe.net", 43) --- socket:connect("193.0.0.135", 43) - socket:send(host.ip .. "\n") - - while true do - local status, lines = socket:receive_lines(1) - - if not status then - break - else - result = result .. lines - end - end - socket:close() - local value = string.match(result, "role:(.-)\n") if (value == "see http://www.iana.org.") then Index: scripts/PPTPversion.nse =================================================================== --- scripts/PPTPversion.nse (revision 7153) +++ scripts/PPTPversion.nse (working copy) @@ -11,6 +11,8 @@ categories = {"version"} +require "comm" + portrule = function(host, port) if port.number == 1723 @@ -24,23 +26,6 @@ end action = function(host, port) - - -- create the socket used for our connection - local socket = nmap.new_socket() - - -- set a reasonable timeout value - socket:set_timeout(5000) - - -- do some exception handling / cleanup - local catch = function() - socket:close() - end - - local try = nmap.new_try(catch) - - -- connect to the potential PPTP service - try(socket:connect(host.ip, port.number, "tcp")) - local payload -- build a PPTP Start-Control-Connection-Request packet @@ -67,24 +52,9 @@ payload = payload .. "\000\000\000\000\000\000\000\000" -- padding for vendor name payload = payload .. "\000\000\000\000" -- padding for vendor name - try(socket:send(payload)) - - local status - local response - - -- read in any response we might get - status, response = socket:receive_bytes(1) + local try = nmap.new_try() + local response = try(comm.exchange(host, port, payload, {bytes=1, timeout=5000})) - if (not status) then - return - end - - if (response == "TIMEOUT") then - return - end - - try(socket:close()) - local result -- check to see if the packet we got back matches the beginning of a PPTP Start-Control-Connection-Reply packet
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] NSE "Comm" library + 18 shortened scripts Kris Katterjohn (Apr 12)
- Re: [PATCH] NSE "Comm" library + 18 shortened scripts Fyodor (Jun 11)