Nmap Development mailing list archives

afp-serverinfo.nse script

From: Andrew Orr <andrew () andreworr ca>
Date: Wed, 10 Feb 2010 00:10:12 -0600

Hi everyone,

I wrote an nse script that queries an AFP (Apple Filing Protocol) server(TCP 548) for basic server information. Mostly to practice my lua/nse,but it may be useful for some, so here it is.

Attached is the script itself as well as a patch to nselib/afp.luaagainst svn revision 16706 (latest as of half hour ago or so).

I'm somewhat new to lua and nse so if there is anything blatantly wrongwith how I'm doing things please let me know. The bulk of the code is inafp.lua.patch. It is well commented, especially the hackish parts :)

Also if someone could test this out and let me know if it doesn't workon certain servers, that would be great.

@Patrik: I fixed the null byte bug and it should work on all your testmachines now.


Cheers,
-Andrew

P.S.

Here's some example outputs from three machines, one running OS X 10.6.1(localhost), one running Ubuntu 9.10 and netatalk 2.0.4~beta2-5ubuntu2(172...) and one running on iPhone OS 3.1.2 and netatalk 2.0.4 (192...)

$ ./nmap -p 548 --script=afp-serverinfo.nse localhost 192.168.1.103172.16.201.131


Starting Nmap 5.21 ( http://nmap.org ) at 2010-02-09 23:43 CST
NSE: Script Scanning completed.
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00022s latency).
PORT    STATE SERVICE
548/tcp open  afp
| afp-serverinfo:
|   | Server Flags: 0x8ffb
|   |   Super Client: Yes
|   |   UUIDs: No
|   |   UTF8 Server Name: Yes
|   |   Open Directory: Yes
|   |   Reconnect: Yes
|   |   Server Notifications: No
|   |   TCP/IP: No
|   |   Server Signature: No
|   |   ServerMessages: Yes
|   |   Password Saving Prohibited: Yes
|   |   Password Changing: Yes
|   |_  Copy File: Yes
|   Server Name: thrall
|   Machine Type: MacBookPro1,1
|   AFP Versions: AFP3.3, AFP3.2, AFP3.1, AFPX03
|   UAMs: DHCAST128, DHX2, Recon1, Client Krb v2, No User Authent
|   Server Signature: 0x0000000000100080000016CB9A545306
|   Network Address 1: 192.168.1.139:548
|   Network Address 2: 10.211.55.2:548
|   Network Address 3: 10.37.129.2:548
|   Network Address 4: 172.16.52.1:548
|   Network Address 5: 172.16.201.1:548
|   Network Address 6: 192.168.1.139

| Directory Name 1:afpserver/LKDC:SHA1.16D4F43CEBC3AD8C7D805EB9C667484B5A7280B0@LKDC:SHA1.16D4F43CEBC3AD8C7D805EB9C667484B5A7280B0

|_  UTF8 Server Name: thrall

Nmap scan report for 192.168.1.103
Host is up (0.062s latency).
PORT    STATE SERVICE
548/tcp open  afp
| afp-serverinfo:
|   | Server Flags: 0x8359
|   |   Super Client: No
|   |   UUIDs: No
|   |   UTF8 Server Name: No
|   |   Open Directory: Yes
|   |   Reconnect: Yes
|   |   Server Notifications: No
|   |   TCP/IP: No
|   |   Server Signature: No
|   |   ServerMessages: No
|   |   Password Saving Prohibited: No
|   |   Password Changing: Yes
|   |_  Copy File: Yes
|   Server Name: localhost
|   Machine Type: Netatalk

| AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1,AFP2.2, AFPX03, AFP3.1

|   UAMs: DHX2, DHCAST128
|   Server Signature: 0x00000000000000000000000000000001
|   Network Address 1: 0.0.0.0
|_  UTF8 Server Name: localhost

Nmap scan report for 172.16.201.131
Host is up (0.0034s latency).
PORT    STATE SERVICE
548/tcp open  afp
| afp-serverinfo:
|   | Server Flags: 0x8379
|   |   Super Client: No
|   |   UUIDs: No
|   |   UTF8 Server Name: No
|   |   Open Directory: Yes
|   |   Reconnect: Yes
|   |   Server Notifications: No
|   |   TCP/IP: No
|   |   Server Signature: No
|   |   ServerMessages: No
|   |   Password Saving Prohibited: No
|   |   Password Changing: Yes
|   |_  Copy File: Yes
|   Server Name: ubuntu
|   Machine Type: Netatalk

| AFP Versions: AFPVersion 1.1, AFPVersion 2.0, AFPVersion 2.1,AFP2.2, AFPX03, AFP3.1

|   UAMs: Cleartxt Passwrd, DHX2
|   Server Signature: 0x017F0001017F0001017F0001017F0002
|   Network Address 1: 172.16.201.131
|   Network Address 2: ddp 65280.34:128
|_  UTF8 Server Name: ubuntu

Nmap done: 3 IP addresses (3 hosts up) scanned in 1.89 seconds

Attachment: afp.lua.patch
Description:

Attachment: afp-serverinfo.nse
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

afp-serverinfo.nse script Andrew Orr (Feb 09)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 09)
  - Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
    - Re: afp-serverinfo.nse script Matt Selsky (Feb 10)
    - Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
    - Re: afp-serverinfo.nse script David Fifield (Feb 15)
    - Re: afp-serverinfo.nse script David Fifield (Feb 15)
    - Re: afp-serverinfo.nse script David Fifield (Feb 25)
- Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 29)
  - Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)
    - Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 29)

(Thread continues...)