Nmap Development mailing list archives
Re: Updated DHCP scripts
From: Patrik Karlsson <patrik () cqure net>
Date: Fri, 27 Aug 2010 23:40:10 +0200
On 27 aug 2010, at 22.47, Ron wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 16 Aug 2010 10:20:05 -0600 David Fifield <david () bamsoftware com> wrote:You need to make dhcp.lua into a proper module so it doesn't just store everything globally. I think you just have to add the line module(... or "dhcp", package.seeall) at the top. Then in the script you need to change everything like dhcp_make_request(host.ip, host.interface, request_type, "0.0.0.0", mac_addr) to dhcp.dhcp_make_request(host.ip, host.interface, request_type, "0.0.0.0", mac_addr) In fact, I would get rid of the "dhcp_" prefix on exported names, because they will already be qualified by "dhcp.". David FifieldThanks, that was a pretty boneheaded mistake. :) Attached is the new patch. I also resolved a conflict that was introduced by a change to the connect() function. I have the 'prerule' mode prepared for whenever we figure out how to do broadcasts (I don't believe the issues that Patrik was investigating were resolved?)
I've made a few changes to the patches I submitted earlier in order to be able to do some more testing. Broadcasting is interesting from more than the prerule perspective I think. There are a lot of scripts that could benefit from it. While testing the patch I've adapted a few of the scripts so that they can be used when using broadcast. The patch allows the scripts to send a single packet to the broadcast/multicast address and receive responses from multiple hosts. As the approach is a little different I've moved some chunks of code around in some of the scripts to accomplish my tasks. The patches are quick-n-dirty and meant to get stuff running, so please see them that way for now and not as a suggestion for permanent change. When doing broadcast one packet is sent to the broadcast address and one or more packets are then received as response. This means that we need to loop over the socket:receive call and also resolve the ip from which the response was received. I've changed my previous patch that broke sending on the same socket after the first response was received. Each script supporting broadcast basically needs to do this: socket:send( nifty_packet ) while(true) do local status, response = socket:receive_bytes(1) if ( not(status) ) then break end local status, _, _, peer_ip, peer_port = socket:get_info() result_part = parse_response(response) result_part.name = peer_ip table.insert( result, result_part ) end return stdnse.format_output( true, result ) As we can receive multiple responses most of the changes I've made stuff the response in a table and add the ip as "name". The response from each host is then stuffed into the another table and returned using stdnse.format_output at the end. I've attached the patches if someone want's to try them out. Here are a few examples on how to run them: sudo ./nmap -n -p 1900 -sU 239.255.255.250 --script upnp-info -d sudo ./nmap -n -p 5353 -sU 255.255.255.255 --script dns-service-discovery -d The same principle applies for the rest of the scripts. Oh, and yes the dhcp-discover script also seemed to work. In addition to the patches I'm also attaching a new script, db2-discover, that detects db2 servers using broadcast.
Attachment:
dns-broadcast.patch
Description:
Attachment:
db2-discover.nse
Description:
Attachment:
nmap-broadcast.patch
Description:
Attachment:
dns-service-discovery-bcast.patch
Description:
Attachment:
upnp-info-bcast.patch
Description:
Attachment:
ms-sql-info-bcast.patch
Description:
//Patrik
- -- Ron Bowes Blog: http://www.skullsecurity.org Twitter: https://twitter.com/iagox86 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAkx4JFMACgkQ2t2zxlt4g/QmqwCghCEoXmFfrTH5LyWPhoJfPZUa k08An3LdohJk1HTmx7T1Lbvk9wgO95da =9lin -----END PGP SIGNATURE----- <dhcp_library_v2.patch>_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
-- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Updated DHCP scripts Ron (Aug 13)
- Re: Updated DHCP scripts David Fifield (Aug 16)
- Re: Updated DHCP scripts Ron (Aug 27)
- Re: Updated DHCP scripts David Fifield (Aug 27)
- Re: Updated DHCP scripts Patrik Karlsson (Aug 27)
- Re: Updated DHCP scripts Ron (Aug 27)
- Re: Updated DHCP scripts Ron (Aug 27)
- Re: Updated DHCP scripts David Fifield (Aug 16)
- Re: Updated DHCP scripts Ron (Aug 28)
- Re: Updated DHCP scripts David Fifield (Sep 27)