Nmap Development mailing list archives
Re: afp-serverinfo.nse script
From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Feb 2010 21:23:03 -0700
On Wed, Feb 10, 2010 at 04:46:01PM -0600, Andrew Orr wrote:
Good catch, thanks Matt. UTF8 Server Name and Server Signature are both optional fields, I've updated the script to check if those are included. If you run the updated script on that same machine it shouldn't output the utf8 server name anymore. I also fixed the null byte bug more properly and fixed a typo.
-- a null byte is added to the end of server_name if it doesn't end on an -- even boundary, so we check for that and skip it if necessary if bit.mod(pos, 2) == 0 then -- null byte detected! GET'M! pos = pos + 1 -- zap! end Can you attach a packet capture or something of this phenomenon? This way of handling it seems suspicious to me. -- For some reason which doesn't reveal itself to me, all the offsets are off. -- This was the source of much frustration when debugging and I'm simply -- fixing them here until I figure out why this is. offsets.machine_type = offsets.machine_type + 1 offsets.afp_version_count = offsets.afp_version_count + 1 offsets.uam_count = offsets.uam_count + 1 -- offsets.volume_icon_and_mask <-- this is deprecated so we don't bother -- not sure why but the offsets get even more off at this point offsets.server_signature = offsets.server_signature + 2 -- and go back down again o.O offsets.network_addresses_count = offsets.network_addresses_count + 1 offsets.directory_names_count = offsets.directory_names_count + 1 -- and back up! offsets.utf8_server_name = offsets.utf8_server_name + 2 This makes me nervous too. I'd like you to paste in hex packet contents of a packet showing these characteristics, and what the values are that you're reading. Off by one is easy to explain, because Lua strings are 1-indexed, but it shouldn't change to 2 like that. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- afp-serverinfo.nse script Andrew Orr (Feb 09)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 09)
- Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 10)
- Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
- Re: afp-serverinfo.nse script David Fifield (Feb 15)
- Re: afp-serverinfo.nse script David Fifield (Feb 15)
- Re: afp-serverinfo.nse script David Fifield (Feb 25)
- Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 09)
- Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)
- Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 29)
- Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)
- Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 30)
- Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 30)
- Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 30)