Re: Detecting/parsing a hex string

[Ron <ron () skullsecurity net>]

Thanks to all of you, I managed to put together your suggestions and get 
something that works!

One thing I noticed in Lua is that I couldn't specify a count, like 
"(%x%x){32}" for 32 hex characters, so I just used a string.rep(). Let 
me know if there's a better way!

So, there are three conditions for me, a user can give a single 16-byte 
hex string, two 16-byte hex strings (together), or two 16-byte hex 
strings (with a separator). I covered all these cases using elseif's

Here's the code:

--
if(string.find(password, "^" .. string.rep("%x%x", 16) .. "$")) then
    lm_hash   = bin.pack("H", password:sub(1, 32))
    ntlm_hash = bin.pack("H", password:sub(1, 32))
elseif(string.find(password, "^" .. string.rep("%x%x", 32) .. "$")) then
    lm_hash   = bin.pack("H", password:sub(1, 32))
    ntlm_hash = bin.pack("H", password:sub(33, 64))
elseif(string.find(password, "^" .. string.rep("%x%x", 16) .. "." .. 
string.rep("%x%x", 16) .. "$")) then
    lm_hash   = bin.pack("H", password:sub(1, 32))
    ntlm_hash = bin.pack("H", password:sub(34, 65))
else
    status, lm_hash   = smbcrypto.lm_create_hash(password)
    status, ntlm_hash = smbcrypto.ntlm_create_hash(password)
end
--

Does that look logical to you guys? It seems to work, which is a plus.

Thanks!

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org