Nmap Development mailing list archives
Re: LDAP library and scripts
From: David Fifield <david () bamsoftware com>
Date: Sun, 14 Feb 2010 21:43:53 -0700
On Wed, Feb 03, 2010 at 12:18:52PM +0100, Patrik Karlsson wrote:
I've re-worked the ASN1 library a bit in order to get rid of that nasty design flaw with the global state. I kind of like the "one all-powerful asn1.encode function" approach so I've kept it that way. The new design splits encoding and decoding into two separate classes inside the asn1 library. Any library or script that needs to do ASN1 encoding or decoding can instantiate an encoder or decoder and the register any custom decoders or encoders for that instance only. Sequence tags are no longer handled as decoders and therefore need to be registered using the registerSeqTag function. So registering a sequence tag (31) and a decoder (13) would look like this: tagDecoder = {} tagDecoder["13"] = function( self, encStr, elen, pos ) return bin.unpack("A" .. elen, encStr, pos) end local decoder = asn1.ASN1Decoder:new() decoder:registerTagDecoders(tagDecoder) decoder:registerSeqTag("31")
I like the design of registering custom tag encoders and decoders per-object. Can you explain more about why sequences are handled specially? Will other collection types require other such separate functions? Functions like decode_oid_component, decodeOID, etc. should be either standalone functions or else class-level methods, not object-level methods. That is, they should not refer to "self". In Java these would be static methods. I think the "get" in each script name is unnecessary. I suggest renaming snmp-get-processes to snmp-processes and so on.
Decoding is done as usual (or almost): decoder:decode( data, pos ) I've tested the code using three small test scripts that run in a loop register overlapping decoders and decoding a fixed sequence of bytes. This would result in chaos with the previous design error but seems to work alright now. I've also tried to run my 2 ldap scripts and 6 snmp scripts in one go against a single server. This does also seem to work alright. But it's obvious that it needs further testing and review. I'm attaching the ASN1 library and the other two making use of it (ldap and snmp).
It would help me if you create a Subversion branch for these changes. It's hard keeping track between the mailing list and your web site which is the most recent version. Please do this: svn mkdir svn://svn.insecure.org/nmap-exp/patrik svn copy svn://svn.insecure.org/nmap/nselib svn://svn.insecure.org/nmap-exp/patrik/nselib-asn1 svn co svn://svn.insecure.org/nmap-exp/patrik/nselib-asn1 cd nselib-asn1 (Make your changes.) svn commit Now, here are the results of my running the scripts. I first had to allow SNMP through the Windows firewall, but one I did that, wow! what a lot of results there are. And fast, too. This is going to be somewhat trimmed for length. # Nmap 5.21 scan initiated Sun Feb 14 21:33:50 2010 as: ./nmap --datadir . --script=snmp-* -d -sU -p snmp -oN win-snmp.nmap 192.168.0.190 Scanned at 2010-02-14 21:33:50 MST for 2s PORT STATE SERVICE REASON 161/udp open snmp script-set |_snmp-brute: public | snmp-sysdescr: Hardware: x86 Family 6 Model 15 Stepping 2 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 (Build 2600 Multiprocessor Free) |_ System uptime: 3 days, 2:11:39.90 (26709990 timeticks) | snmp-get-windows-users: | AT&T | Administrator | Guest | HelpAssistant | Kurt G\xC3\xB6del | SUPPORT_388945a0 | david | jrandom |_ \xE6\x9C\xAC\xE5\x9B\xA0\xE5\x9D\x8A\xE7\xA7\x80\xE7\xAD\x96 | snmp-get-windows-shares: | david | C:\cygwin\home\david | Printer | Microsoft XPS Document Writer,LocalsplOnly | SharedDocs | C:\Documents and Settings\All Users\Documents | My Pictures |_ C:\Documents and Settings\DAVID\My Documents\My Pictures | snmp-get-netstat: | TCP 0.0.0.0:135 0.0.0.0:14403 | TCP 0.0.0.0:445 0.0.0.0:61 | TCP 0.0.0.0:5900 0.0.0.0:34887 | TCP 127.0.0.1:1027 0.0.0.0:57596 | TCP 127.0.0.1:1290 0.0.0.0:55408 | TCP 192.168.0.190:139 0.0.0.0:24596 | UDP 0.0.0.0:161 *:* | UDP 0.0.0.0:445 *:* | UDP 0.0.0.0:500 *:* | UDP 0.0.0.0:4500 *:* | UDP 127.0.0.1:123 *:* | UDP 127.0.0.1:1291 *:* | UDP 127.0.0.1:1900 *:* | UDP 192.168.0.190:123 *:* | UDP 192.168.0.190:137 *:* | UDP 192.168.0.190:138 *:* |_ UDP 192.168.0.190:1900 *:* | snmp-get-windows-services: | Apple OS Switch Manager | Apple Time Service | Application Layer Gateway Service | Automatic Updates | ... | snmp-get-processes: | System Idle Process | PID: 1 | System | PID: 4 | EXPLORER.EXE | Path: C:\WINDOWS\ | PID: 196 | WinVNC.exe | Path: C:\Program Files\TightVNC\ | Params: -service | PID: 280 | ... | snmp-get-windows-software: | 7-Zip 4.57; 2008-09-11 22:28:58 | Boot Camp Services; 2008-09-09 13:41:04 | Debugging Tools for Windows (x86); 2009-04-30 12:26:10 | Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595); 2009-04-28 19:28:32 |_ ... I'd like you to make a branch with the asn1/snmp/ldap changes, because they are all related. This is really good stuff, so I want to get it merged as soon as I'm satisfied with the interface for the asn1 library. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- LDAP library and scripts Patrik Karlsson (Jan 12)
- Re: LDAP library and scripts David Fifield (Jan 25)
- Re: LDAP library and scripts Patrik Karlsson (Jan 28)
- Re: LDAP library and scripts David Fifield (Feb 01)
- Re: LDAP library and scripts Patrik Karlsson (Feb 02)
- Re: LDAP library and scripts David Fifield (Feb 02)
- Re: LDAP library and scripts David Fifield (Feb 02)
- Re: LDAP library and scripts Patrik Karlsson (Feb 03)
- Re: LDAP library and scripts David Fifield (Feb 14)
- Re: LDAP library and scripts Patrik Karlsson (Jan 28)
- Re: LDAP library and scripts Patrik Karlsson (Feb 02)
- Re: LDAP library and scripts David Fifield (Jan 25)