Nmap Development mailing list archives
Re: Sending HEX to a socket in a NSE script
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 10 Jun 2008 18:46:19 -0500
Eddie Bell wrote:
Lua doesn't natively support hex strings but you could send it in decimal form FF FF FF would be '\255\255\255' - eddie 2008/6/6 Tom Sellers <nmap () fadedcode net>:I am working on writing two NSE scripts to detect the versions of DB2 and Oracle. As I cannot seem to find decent documentation for either I have been working with packet captures. While I am familiar with send hex within normal nmap probe, I am not so sure when it comes to lua. Does anyone have any pointers on this? I am not looking for anything detailed, just one or two lines sending something as simple as FF FF FF. Thanks much, Tom
Thanks much for the responses Kris and Eddie. As it turns out I was sending the data correctly, I just needed to handle the response in a different way. The response string was being truncated when printed via stdnse.print_debug and it seems that tossing certain values into variables after processing them with string.char does not work. 0x04 (End of Transmission) is one of these and just happens to lead off the data portion of some DB2 responses. Fortunately I woke up and checked the host responses using WireShark (which I had be using the whole time to watch traffic from different utilities) and found that the data was actually making it back to my scanning box. Couple of things.. *** I was able to take the hex as it was found in the packets and send it by using the following syntax: local strPayload = string.char(0x00, 0x53, 0x55) socket:send (strPayload) I had seen this in netbios-smb-os-discovery.nse but figured I was doing something wrong. *** In Wireshark if you right click on a packet, choose follow a stream and select the C Arrays view the resulting data is perfectly formatted for shoving into a variable via string.char. *** I expect to have a working nmap-services-probes entry for DB2 within a day or so. Right now it works against DB2 7 and 8, I am working on getting it to work against 5 and 9. I am at pretty much the same place with a NSE script that determines the version and dumps a list of information including database names and local file paths. I intend to try to use the nmap.verbosity to limit the output. Tom _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Terminating active scan Prototypes Jurand Nogiec (Jun 05)
- Re: Terminating active scan Prototypes jah (Jun 06)
- Re: Terminating active scan Prototypes David Fifield (Jun 08)
- Sending HEX to a socket in a NSE script Tom Sellers (Jun 06)
- Re: Sending HEX to a socket in a NSE script Kris Katterjohn (Jun 06)
- Re: Sending HEX to a socket in a NSE script Eddie Bell (Jun 06)
- Re: Sending HEX to a socket in a NSE script Tom Sellers (Jun 10)
- Re: Terminating active scan Prototypes jah (Jun 06)