Nmap Development mailing list archives
Re: [RFC] NSE pack/unpack library
From: "Philip Pickering" <pgpickering () gmail com>
Date: Fri, 4 Jul 2008 23:06:42 +0200
hi, I've attached a patch against nmap 4.68 with my version of the binlib. Please test and send comments. It works as promised: - bin.pack(fmt, p1, p2, ...) returns packed string example: bindata = bin.pack("HCHC", "30 06 02 01", 42, "02 01", 21) -- encodes two bytes into an asn.1 integer sequence - bin.unpack(fmt, bindata, [init]) returns last unpacked postion and the unpacked data example: pos, type, len = bin.unpack("H1C", bindata) if (type == '04') then _, str = bin.unpack("A" .. len, bindata, pos) end -- unpacks a asn.1 encoded string using the pos-parameter -- (_, type, str = bin.unpack("H1p", bindata) would have done the same, -- but without checking the type) I already used it for my snmp-lib (see next mail). (that's also the reason for all the ASN.1 examples) As David asked me, I provided some examples of other scripts, comparing the original mechanism to encode with the binlib's: -- MSSQLm.nse: -- build a TDS packet - type 0x12 -- copied from packet capture of osql connection payload = "" payload = payload .. "\018\001\000\047\000\000\001\000\000\000" payload = payload .. "\026\000\006\001\000\032\000\001\002\000" payload = payload .. "\033\000\001\003\000\034\000\004\004\000" payload = payload .. "\038\000\001\255\009\000\011\226\000\000" payload = payload .. "\000\000\120\023\000\000\000" local pay2 = bin.pack("H", "12 01 00 2F 00 00 01 00 00 00" .. "1A 00 06 01 00 20 00 01 02 00" .. "21 00 01 03 00 22 00 04 04 00" .. "26 00 01 FF 09 00 0B E2 00 00" .. "00 00 78 17 00 00 00") -- generate dns query, Transaction-ID 0xdead, www.wikipedia.org (type A, class IN) local request = string.char(0xde, 0xad, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03) .. "www" .. string.char(0x09) .. "wikipedia" .. string.char(0x03) .. "org" .. string.char(0x00, 0x00, 0x01, 0x00, 0x01) local req2 = bin.pack("HAHAHAH", "DE AD 01 00 00" .. "01 00 00 00 00" .. "00 00 03", "www", "09", "wikipedia", "03", "org", "00 00 01 00 01") -- netbios-smb-os-discovery.nse: local WildCard = string.char(0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x43, 0x4b, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x21, 0x00, 0x00) local wc2 = bin.pack("HAH", "00 01 00 00 00 01 00 00" .. "00 00 00 00 20 43 4B", string.rep(bin.pack("H", "41"), 30), "00 00 21 00 00") I'll provide some more examples soon, since these are only hex examples (which will probably be the feature used most of the time). Philip
Attachment:
nsebinlib.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [RFC] NSE pack/unpack library Philip Pickering (Jul 04)
- <Possible follow-ups>
- Re: [RFC] NSE pack/unpack library Sven Klemm (Aug 03)