Nmap Development mailing list archives

Re: afp-serverinfo.nse script

From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Feb 2010 21:23:03 -0700

On Wed, Feb 10, 2010 at 04:46:01PM -0600, Andrew Orr wrote:

Good catch, thanks Matt. UTF8 Server Name and Server Signature are both  
optional fields, I've updated the script to check if those are included.  
If you run the updated script on that same machine it shouldn't output  
the utf8 server name anymore.

I also fixed the null byte bug more properly and fixed a typo.


  -- a null byte is added to the end of server_name if it doesn't end on an
  -- even boundary, so we check for that and skip it if necessary
  if bit.mod(pos, 2) == 0 then
    -- null byte detected! GET'M!
    pos = pos + 1 -- zap!
  end

Can you attach a packet capture or something of this phenomenon? This
way of handling it seems suspicious to me.

  -- For some reason which doesn't reveal itself to me, all the offsets are off.
  -- This was the source of much frustration when debugging and I'm simply
  -- fixing them here until I figure out why this is.
  offsets.machine_type = offsets.machine_type + 1
  offsets.afp_version_count = offsets.afp_version_count + 1
  offsets.uam_count = offsets.uam_count + 1
  -- offsets.volume_icon_and_mask <-- this is deprecated so we don't bother
  -- not sure why but the offsets get even more off at this point
  offsets.server_signature = offsets.server_signature + 2
  -- and go back down again o.O
  offsets.network_addresses_count = offsets.network_addresses_count + 1
  offsets.directory_names_count = offsets.directory_names_count + 1
  -- and back up!
  offsets.utf8_server_name = offsets.utf8_server_name + 2

This makes me nervous too. I'd like you to paste in hex packet contents
of a packet showing these characteristics, and what the values are that
you're reading. Off by one is easy to explain, because Lua strings are
1-indexed, but it shouldn't change to 2 like that.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

afp-serverinfo.nse script Andrew Orr (Feb 09)
- Re: afp-serverinfo.nse script Matt Selsky (Feb 09)
  - Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
    - Re: afp-serverinfo.nse script Matt Selsky (Feb 10)
    - Re: afp-serverinfo.nse script Andrew Orr (Feb 10)
    - Re: afp-serverinfo.nse script David Fifield (Feb 15)
    - Re: afp-serverinfo.nse script David Fifield (Feb 15)
    - Re: afp-serverinfo.nse script David Fifield (Feb 25)
- Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 29)
  - Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)
    - Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 29)
    - Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)
    - Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 30)
    - Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 30)
    - Re: afp-serverinfo.nse script -- new AFP library David Fifield (Mar 30)
    - Re: afp-serverinfo.nse script -- new AFP library Patrik Karlsson (Mar 29)