Nmap Development mailing list archives
Re: [NSE] ventrilo-info Ventrilo server version detection and info
From: Marin Maržić <marzic () gmail com>
Date: Tue, 12 Nov 2013 21:25:19 +0100
Hey, time for another ultra late reply! (sorry) Say we somehow enumerate and list all the different version/OS combinations into the nmap-service-probes file, and we get a match on a line. The teamspeak2-version.nse script will always run for that service because it's now been classified as "teamspeak2". That will overwrite any match line findings with more detailed ones. Wouldn't match lines indifferent to the version number do the job of "softmatching" for the script better than the most likely incomplete (and non-elegant) listing? As a practical matter, getting a complete list of possible versions would be tedious or impossible. In any case, I'll test out whatever you end up committing (if anything) and let you know if something doesn't work. On 6.8.2013. 1:51, David Fifield wrote:
On Tue, Jul 16, 2013 at 10:01:56PM +0200, Marin Maržić wrote:Offset Type Value Comment 0-1 uint16 0xBEF4 Class: connection 2-3 uint16 0x0004 Type: login reply 4-7 uint32 0 Session key; zero on first reply 8-11 uint32 client id 12-15 uint32 2 Sequence number; 2 on first reply 16-19 uint32 some crc32 checksum 20 uint8 server name length 21-49 string server name 50 uint8 platform length 51-79 string platform 80-81 uint16 1. version E.g. the "2" in "2.0.23.19" 82-83 uint16 2. version E.g. the "0" in "2.0.23.19" 84-85 uint16 3. version E.g. the "23" in "2.0.23.19" 86-87 uint16 4. version E.g. the "19" in "2.0.23.19" 88-179 bytes unknown 180 uint8 welcome message length 181-435 string welcome messageThanks for doing this research. I've modified the match lines a bit using this new information. I decided to make individual match lines for different versions. That means that version detection will show the specific version e.g. "2.0.23.19", but it also requires a separate match line for every version. I have left in the match lines for 2.0.23.19. If you can find a list of possible versions, we can add match lines for each of them.- TeamSpeak 3 UDP probe and nmap-payloadsThis is an encrypted login request packet copied off the wire. Think there is no documentation on it. There seem to be some fields that echo back what is sent, and some that are static when sent this exact payload, so I match on them. Length varies. I guess the description could be something like: # TeamSpeak 3 # UDP login request (encrypted) - TeamSpeak 3 TCP port service detection (the "ServerQuery" interface): 2 examples of what output looks like for the suggested "version" command: version=3.0.6.1 build=1340956745 platform=Windows error id=0 msg=ok version=3.0.7.2 build=1368605352 platform=Linux error id=0 msg=okIt looks like you missed pasting in the payload here?Didn't want to confuse stuff since it was in the previous mail but just required some clarification. Here it is anyway:Ah, thanks. I have added these. I was confused because the payloads were from a different thread: http://seclists.org/nmap-dev/2012/q4/490. David Fifield
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] ventrilo-info Ventrilo server version detection and info Marin Maržić (Nov 12)
- Re: [NSE] ventrilo-info Ventrilo server version detection and info David Fifield (Nov 30)