Re: Microsoft SQL Server fingerprint question

[doug () hcsw org]

Hi Tom,

On Thu, Jan 03, 2008 at 07:31:05PM -0600 or thereabouts, Tom Sellers wrote:
> 3.  Use a match line with pattern matching to extract the version
>      number in hex, convert it to decimal and present it.  Can this
>      be done?  (I saw a mention of helper functions in the docs but
>      could not find anything else about them.  The comment toward
>      the bottom of the match section:
>      http://insecure.org/nmap/vscan/vscan-fileformat.html#vscan-db-match)

A funny coincidence, but just a day or two I updated the docs to better
explain the helper functions. The new webpage hasn't been rendered yet
but here is the XML:

<para>
In rare cases, a <literal>helper function</literal><indexterm><primary>version scan</primary><secondary>helper
functions</secondary></indexterm> can be applied to the replacement
text before insertion.  The <literal>$P()</literal> helper function
will filter out unprintable characters. This is useful for converting
unicode UTF-16 encoded strings like <literal>W\0O\0R\0K\0G\0R\0O\0U\0P\0</literal>
into the ASCII approximation <literal>WORKGROUP</literal>. It can
be used in any <literal>versioninfo</literal> field by passing it the
number of the match you want to make printable, like this: <literal>i/$P(3)/</literal>.
</para>

<para>
Another helper function is <literal>$SUBST()</literal>. This is
used for making substitutions in matches before they are printed.
For example, if an application gives its versions like <literal>5_2_3</literal>
we could use a versioninfo field <literal>v/$SUBST(1,"_",".")/</literal>
to convert it to the more conventional <literal>5.2.3</literal>.
</para>



Thanks for these probes and suggestions! I will try to respond in
more detail shortly.

Best,

Doug

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org