Nmap Development mailing list archives
Re: [NSE] ventrilo-info Ventrilo server version detection and info
From: Marin Maržić <marzic () gmail com>
Date: Thu, 02 Jan 2014 22:31:36 +0100
Hey, Happy New Year dev () nmap org! (and sorry again for the slow replies) These should replace the existing "match teamspeak2" lines, and they will act as "softmatches" for the script (while still extracting as much info as possible should the script not be there): match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00.....(.{29}).([^\0]+)\0+[^\0]|s p/TeamSpeak 2/ o/$2/ i/name: $1; no password/ match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00....\x00{60}|s p/TeamSpeak 2/ i|name: n/a; has password or version < 2.0.19.16 (very unlikely)| Also noticed that someone chose to append ".{356]$" to the line matching passworded or old TS2 versions, presumably based on the packet structure description I'd posted. Older versions don't necessarily adhere to that structure, in particular the fixed packet length, so I'd recommend not adding that bit to the line this time. Marin On 1.12.2013. 5:51, David Fifield wrote:
On Tue, Nov 12, 2013 at 09:25:19PM +0100, Marin Maržić wrote:Say we somehow enumerate and list all the different version/OS combinations into the nmap-service-probes file, and we get a match on a line. The teamspeak2-version.nse script will always run for that service because it's now been classified as "teamspeak2". That will overwrite any match line findings with more detailed ones. Wouldn't match lines indifferent to the version number do the job of "softmatching" for the script better than the most likely incomplete (and non-elegant) listing?I must have lost track of something during the TeamSpeak version detection discussion. You're right that we shouldn't have matchline and a version script that do the same thing. We should only have softmatches in nmap-service-probes, and let teamspeak2-version.nse do the work. If you can suggest a good softmatch line, I'll commit it. David Fifield
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] ventrilo-info Ventrilo server version detection and info Marin Maržić (Jan 02)