Re: Jacek's status report - #2 of 16

[David Fifield <david () bamsoftware com>]

On Tue, Jun 18, 2013 at 12:25:53AM +0200, Jacek Wielemborek wrote:
> 2013/6/18 David Fifield <david () bamsoftware com>:
> > On Mon, Jun 17, 2013 at 11:32:54PM +0200, Jacek Wielemborek wrote:
> > > * Develop a working telnet negotiation demo. I believe it will be an
> > > interesting challenge for the current --lua-exec implementation and I
> > > can't wait to start writing the Websocket script!
> >
> > There might be some confusion here, because Telnet negotiation is not
> > something that makes sense for --lua-exec. The -t option just causes
> > Ncat to do things to automatically ignore certain byte patterns that
> > Telnet servers emit.
> >
> > Think of --lua-exec this way: You are stuck on Windows and you don't
> > even have a way to write shell scripts. But Ncat's built-in Lua
> > interpreter lets you still write interesting little --sh-exec
> > replacements.
>
> Have you looked at my initial implementation? I estimated the proof of concept
> to take more or less three days, it was more like three hours. I like the
> explanation you just gave for embedding Lua - it really is a pain to code on
> the bare Windows and I do believe that Ncat-Lua could help me there.

I saw the implementation at https://svn.nmap.org/nmap-exp/d33tah/ncat-lua,
and it's looking good. The reason I estimate two weeks is because of
what Fred Brooks said: "A Systems Product is a truly useful object but
costs at least 9 times as much as a Program." (http://javatroopers.com/Mythical_Man_Month.html#Chapter_1)
There's still a lot to be done before this feature is complete. At least:
 * man page documenatation
 * Windows portability
 * new tests in ncat-test.pl
 * nmap-dev call for testing

> And for the telnet negotiation, I understood your point (or at least I think I
> do) a while after I wrote that e-mail. I still think that coding it as a --
> lua-exec makes a bit of sense though - as an interesting (at least for me)
> proof of concept. I already wrote a tiny bit of code, though I didn't commit
> it because it's still quite messy (OTOH, it features some stderr debugging
> facilities along with a built-in hexdump!).

Okay. Please feel free to push that code in a new branch (seriously,
branches are cheap) or in a personal public repo. I still think there
must be some misunderstanding because the Telnet negotiation isn't
something you just connect and "do": it's something that happens in-band
while Ncat is otherwise doing its thing with stdin and stdout and the
socket.

> > This is the supported way:
> > http://nmap.org/book/inst-windows.html#inst-win-source
> > Hopefully there won't be too much work to be portable. liblua is already
> > nicely portable, and the hard parts of fork and exec replacements on
> > Windows have already been figured out.
>
> Sigh, MSVC. I wonder how much work would be needed for MinGW to support it as
> well.

The short answer: too much work for it to be a priority at this point.
Please do not take time trying to make it work with MinGW; rather just
use the supported method. MinGW compatibility with a documented build
process is a nice goal, but it's not what I want you to be doing now.

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/