Re: LDAP library and scripts

[David Fifield <david () bamsoftware com>]

On Wed, Feb 03, 2010 at 12:18:52PM +0100, Patrik Karlsson wrote:
> I've re-worked the ASN1 library a bit in order to get rid of that
> nasty design flaw with the global state. I kind of like the "one
> all-powerful asn1.encode function" approach so I've kept it that way. 
>
> The new design splits encoding and decoding into two separate classes
> inside the asn1 library. Any library or script that needs to do ASN1
> encoding or decoding can instantiate an encoder or decoder and the
> register any custom decoders or encoders for that instance only.
> Sequence tags are no longer handled as decoders and therefore need to
> be registered using the registerSeqTag function. So registering a
> sequence tag (31) and a decoder (13) would look like this: 
>
> tagDecoder = {}
> tagDecoder["13"] = function( self, encStr, elen, pos )
>         return bin.unpack("A" .. elen, encStr, pos)
> end
>
> local decoder = asn1.ASN1Decoder:new()
> decoder:registerTagDecoders(tagDecoder)
> decoder:registerSeqTag("31")

I like the design of registering custom tag encoders and decoders
per-object. Can you explain more about why sequences are handled
specially? Will other collection types require other such separate
functions?

Functions like decode_oid_component, decodeOID, etc. should be either
standalone functions or else class-level methods, not object-level
methods. That is, they should not refer to "self". In Java these would
be static methods.

I think the "get" in each script name is unnecessary. I suggest renaming
snmp-get-processes to snmp-processes and so on.

> Decoding is done as usual (or almost): decoder:decode( data, pos )
>
> I've tested the code using three small test scripts that run in a loop
> register overlapping decoders and decoding a fixed sequence of bytes.
> This would result in chaos with the previous design error but seems to
> work alright now. I've also tried to run my 2 ldap scripts and 6 snmp
> scripts in one go against a single server. This does also seem to work
> alright. But it's obvious that it needs further testing and review.
>
> I'm attaching the ASN1 library and the other two making use of it
> (ldap and snmp).

It would help me if you create a Subversion branch for these changes.
It's hard keeping track between the mailing list and your web site which
is the most recent version. Please do this:

svn mkdir svn://svn.insecure.org/nmap-exp/patrik
svn copy svn://svn.insecure.org/nmap/nselib svn://svn.insecure.org/nmap-exp/patrik/nselib-asn1
svn co svn://svn.insecure.org/nmap-exp/patrik/nselib-asn1
cd nselib-asn1
(Make your changes.)
svn commit

Now, here are the results of my running the scripts. I first had to
allow SNMP through the Windows firewall, but one I did that, wow! what a
lot of results there are. And fast, too. This is going to be somewhat
trimmed for length.

# Nmap 5.21 scan initiated Sun Feb 14 21:33:50 2010 as: ./nmap --datadir . --script=snmp-* -d -sU -p snmp -oN 
win-snmp.nmap 192.168.0.190 
Scanned at 2010-02-14 21:33:50 MST for 2s
PORT    STATE SERVICE REASON
161/udp open  snmp    script-set
|_snmp-brute: public
| snmp-sysdescr: Hardware: x86 Family 6 Model 15 Stepping 2 AT/AT COMPATIBLE - Software: Windows 2000 Version 5.1 
(Build 2600 Multiprocessor Free)
|_  System uptime: 3 days, 2:11:39.90 (26709990 timeticks)
| snmp-get-windows-users:  
|   AT&T
|   Administrator
|   Guest
|   HelpAssistant
|   Kurt G\xC3\xB6del
|   SUPPORT_388945a0
|   david
|   jrandom
|_  \xE6\x9C\xAC\xE5\x9B\xA0\xE5\x9D\x8A\xE7\xA7\x80\xE7\xAD\x96
| snmp-get-windows-shares:  
|   david
|     C:\cygwin\home\david
|   Printer
|     Microsoft XPS Document Writer,LocalsplOnly
|   SharedDocs
|     C:\Documents and Settings\All Users\Documents
|   My Pictures
|_    C:\Documents and Settings\DAVID\My Documents\My Pictures
| snmp-get-netstat:  
|   TCP  0.0.0.0:135          0.0.0.0:14403
|   TCP  0.0.0.0:445          0.0.0.0:61
|   TCP  0.0.0.0:5900         0.0.0.0:34887
|   TCP  127.0.0.1:1027       0.0.0.0:57596
|   TCP  127.0.0.1:1290       0.0.0.0:55408
|   TCP  192.168.0.190:139    0.0.0.0:24596
|   UDP  0.0.0.0:161          *:*
|   UDP  0.0.0.0:445          *:*
|   UDP  0.0.0.0:500          *:*
|   UDP  0.0.0.0:4500         *:*
|   UDP  127.0.0.1:123        *:*
|   UDP  127.0.0.1:1291       *:*
|   UDP  127.0.0.1:1900       *:*
|   UDP  192.168.0.190:123    *:*
|   UDP  192.168.0.190:137    *:*
|   UDP  192.168.0.190:138    *:*
|_  UDP  192.168.0.190:1900   *:*
| snmp-get-windows-services:  
|   Apple OS Switch Manager
|   Apple Time Service
|   Application Layer Gateway Service
|   Automatic Updates
|   ...
| snmp-get-processes:  
|   System Idle Process
|     PID: 1
|   System
|     PID: 4
|   EXPLORER.EXE
|     Path: C:\WINDOWS\
|     PID: 196
|   WinVNC.exe
|     Path: C:\Program Files\TightVNC\
|     Params:  -service
|     PID: 280
|   ...
| snmp-get-windows-software:  
|   7-Zip 4.57; 2008-09-11 22:28:58
|   Boot Camp Services; 2008-09-09 13:41:04
|   Debugging Tools for Windows (x86); 2009-04-30 12:26:10
|   Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595); 2009-04-28 19:28:32
|_  ...

I'd like you to make a branch with the asn1/snmp/ldap changes, because
they are all related. This is really good stuff, so I want to get it
merged as soon as I'm satisfied with the interface for the asn1 library.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/