Nmap Development mailing list archives
Re: NMAP NSE script for iSCSI enumeration
From: Michel Chamberland <merc () securitywire com>
Date: Sat, 10 Oct 2009 20:56:36 -0400
Thanks for the feedback Fyodor. Unfortunately there is no protocol decoder in wireshark for iSCSI but I can go by the RFC to breakdown the payload. I will definitely clean up the packet construction with useful comments. It may even be useful to have optional parameters to the script to insert in the payload. I will also get rid of the table which I did borrow from sslv2.nse. On Sat, 2009-10-10 at 16:48 -0700, Fyodor wrote:
On Sat, Oct 10, 2009 at 01:54:10PM -0400, Michel Chamberland wrote:I wrote a nmap nse script to enumerate iSCSI targets. I would be interested to get feedback on it. The script can be found here: http://blog.securitywire.com/2009/10/10/nmap-nse-script-to-enumerate-iscsi-targets/ I have very limited access to iSCSI targets so I'd be really interested to hear how it works out across a variety of targets.Thanks Michael! I hope people try it out and send feedback, as this sounds like a useful script for integration into Nmap. Please send us (nmap-dev) another mail when you feel it is ready for that. Unfortunately I don't have any iSCSI devices to test, and I only have time for a quick glance at the script right now. One thing that stands out is that most of the lines in the script are of this form: table.insert(t1, string.char(0x6c, 0x6d, 0x00, 0x53, 0x65, 0x73, 0x73, 0x69)); table.insert(t1, string.char(0x6f, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x3d, 0x44)); table.insert(t1, string.char(0x69, 0x73, 0x63, 0x6f, 0x76, 0x65, 0x72, 0x79)); table.insert(t1, string.char(0x00, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x44)); table.insert(t1, string.char(0x69, 0x67, 0x65, 0x73, 0x74, 0x3d, 0x4e, 0x6f)); table.insert(t1, string.char(0x6e, 0x65, 0x00, 0x44, 0x61, 0x74, 0x61, 0x44)); table.insert(t1, string.char(0x69, 0x67, 0x65, 0x73, 0x74, 0x3d, 0x4e, 0x6f)); That raises two issues: 1) It would be great to comment these hex dumps to explain more about what they are doing. It is a lot harder to maintain/improve/understand scripts when we don't understand what the requests are doing. Also, how did you generate them? If you aren't so familiar with the protocol yourself, one thing which can help is running Wireshark while you make the requests. That often explains the various fields and types which can then be added as comments to the script. 2) I'm not sure that this approach of table.insert followed by a .concat into a string is an efficient or desirable way to fill out the request payload. You might have gotten this approach from sslv2.nse, but that is an ancient script and I'm not sure that it serves as a good example in this respect. Perhaps the approach shown in this dns-random-srcport.nse snippet is better: local query = string.char(0xbe, 0xef, -- TXID 0x01, 0x00, -- Flags 0x00, 0x01, -- Questions 0x00, 0x00, -- Answer RRs 0x00, 0x00, -- Authority RRs 0x00, 0x00, -- Additional RRs 0x08) .. "porttest" .. string.char(0x08) .. "dns-oarc" .. string.char(0x03) .. "net" .. string.char(0x00, -- Name terminator 0x00, 0x10, -- Type (TXT) 0x00, 0x01) -- Class (IN) Another option is bin.pack (http://nmap.org/nsedoc/lib/bin.html).I have about 2 hours of experience with lua too so I'm sure it shows :)It looks like a good first script to me! Cheers, Fyodor
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Fyodor (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Patrick Donnelly (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 10)
- Re: NMAP NSE script for iSCSI enumeration David Fifield (Oct 11)
- Re: NMAP NSE script for iSCSI enumeration Michel Chamberland (Oct 11)
- Re: NMAP NSE script for iSCSI enumeration Fyodor (Oct 10)