Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RFC] NSE pack/unpack library

From: "Philip Pickering" <pgpickering () gmail com>
Date: Fri, 4 Jul 2008 23:06:42 +0200
hi,

I've attached a patch against nmap 4.68 with my version of the binlib.
Please test and send comments.

It works as promised:
- bin.pack(fmt, p1, p2, ...)
 returns packed string
 example:
   bindata = bin.pack("HCHC", "30 06 02 01", 42, "02 01", 21)
  -- encodes two bytes into an asn.1 integer sequence

- bin.unpack(fmt, bindata, [init])
 returns last unpacked postion and the unpacked data
 example:
  pos, type, len = bin.unpack("H1C", bindata)
  if (type == '04') then
    _, str = bin.unpack("A" .. len, bindata, pos)
  end
 -- unpacks a asn.1 encoded string using the pos-parameter
 -- (_, type, str = bin.unpack("H1p", bindata) would have done the same,
 -- but without checking the type)

I already used it for my snmp-lib (see next mail).
(that's also the reason for all the ASN.1 examples)


As David asked me, I provided some examples of other scripts,
comparing the original mechanism to encode with the binlib's:

-- MSSQLm.nse:
-- build a TDS packet - type 0x12
-- copied from packet capture of osql connection
payload = ""
payload = payload .. "\018\001\000\047\000\000\001\000\000\000"
payload = payload .. "\026\000\006\001\000\032\000\001\002\000"
payload = payload .. "\033\000\001\003\000\034\000\004\004\000"
payload = payload .. "\038\000\001\255\009\000\011\226\000\000"
payload = payload .. "\000\000\120\023\000\000\000"

local pay2 = bin.pack("H",
        "12 01 00 2F 00 00 01 00 00 00" ..
        "1A 00 06 01 00 20 00 01 02 00" ..
        "21 00 01 03 00 22 00 04 04 00" ..
        "26 00 01 FF 09 00 0B E2 00 00" ..
        "00 00 78 17 00 00 00")



-- generate dns query, Transaction-ID 0xdead, www.wikipedia.org (type
A, class IN)
local request = string.char(0xde, 0xad, 0x01, 0x00, 0x00, 0x01, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x03) ..  "www" .. string.char(0x09) ..
"wikipedia" .. string.char(0x03) ..  "org" .. string.char(0x00, 0x00,
0x01, 0x00, 0x01)

local req2 = bin.pack("HAHAHAH",
  "DE AD 01 00 00" ..
  "01 00 00 00 00" ..
  "00 00 03",
  "www", "09",
  "wikipedia", "03",
  "org",
  "00 00 01 00 01")



-- netbios-smb-os-discovery.nse:
local WildCard = string.char(0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00,
0x00, 0x00, 0x00,
                  0x00, 0x00, 0x20, 0x43, 0x4b, 0x41, 0x41, 0x41, 0x41, 0x41,
                  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
                  0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
                  0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x21, 0x00, 0x00)


local wc2 = bin.pack("HAH",
   "00 01 00 00 00 01 00 00" ..
   "00 00 00 00 20 43 4B",
   string.rep(bin.pack("H", "41"), 30),
   "00 00 21 00 00")


I'll provide some more examples soon, since these are only
hex examples (which will probably be the feature used most
of the time).


Philip

Attachment: nsebinlib.patch
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: