Nmap Development mailing list archives
Re: [NSE] murmur-version Murmur server version detection script
From: Marin Maržić <marzic () gmail com>
Date: Tue, 18 Dec 2012 03:22:29 +0100
Hey, my non-ascii name in the author field seems to be messing up your website at http://nmap.org/nsedoc/scripts/murmur-version.html I'll sign off in an ascii way from now on, feel free to correct that in the script. Regards, Marin Marzic On 12/13/2012 12:42 AM, David Fifield wrote:
On Wed, Dec 12, 2012 at 08:40:32PM +0100, Marin Maržić wrote:Hey, The payload seems to be working: # Murmur 1.2.X (Mumble server) udp 64738 "\x00\x00\x00\x00abcdefgh" The recommended port is the default port that a lot of servers use and the program default, but it's common to see the server ran on other port numbers (guess that's the usual situation).Thanks, I've committed it.I had made a nmap-service-probes thing prior to going with NSE. Would a thing like the following match line somehow be possible? match murmur m|^\0(.)(.)(.)abcdefgh(.{4})(.{4})(.{4})$|s p/Murmur voice communication (Mumble server)/ v/$1.$2.$3/ i/#users: $4, #max users: $5, speech bandwidth: $6 bps/ The problem is the regex captured parts are binary 1byte and 4byte big endian ints, i.e. they aren't ascii. Can that somehow be converted to ascii with some helper function for output? Anyway, since I didn't know how to do output with that, I first hardcoded all supported known version numbers in the match lines (the last one is generic and doesn't differentiate between versions). In the end I chose to use the NSE because this was ugly :). Probe UDP Murmur q|\0\0\0\0abcdefgh| rarity 1 ports 64738 match murmur m|^\0\x01\x02\0abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.0/ match murmur m|^\0\x01\x02\x01abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.1/ match murmur m|^\0\x01\x02\x02abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.2/ match murmur m|^\0\x01\x02\x03abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.3/ match murmur m|^\0\x01\x02\x04abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.4/ match murmur m|^\0.{3}abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.X/An NSE script sounds like the right way to go. We have a similar battery of service matches for bitcoin in the service database, but the script is better. David Fifield
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] murmur-version Murmur server version detection script Marin Maržić (Dec 09)
- Re: [NSE] murmur-version Murmur server version detection script David Fifield (Dec 10)
- Re: [NSE] murmur-version Murmur server version detection script Marin Maržić (Dec 12)
- Re: [NSE] murmur-version Murmur server version detection script David Fifield (Dec 12)
- Re: [NSE] murmur-version Murmur server version detection script Marin Maržić (Dec 17)
- Re: [NSE] murmur-version Murmur server version detection script Patrik Karlsson (Dec 17)
- Re: [NSE] murmur-version Murmur server version detection script David Fifield (Dec 17)
- Re: [NSE] murmur-version Murmur server version detection script Daniel Miller (Dec 18)
- Re: [NSE] murmur-version Murmur server version detection script Marin Maržić (Dec 18)
- Re: [NSE] murmur-version Murmur server version detection script Marin Maržić (Dec 12)
- Re: [NSE] murmur-version Murmur server version detection script David Fifield (Dec 10)