Nmap Development mailing list archives

Re: Lexmark script

From: Patrik Karlsson <patrik () labb1 com>
Date: Wed, 13 Jan 2010 20:45:43 +0100


On 13 jan 2010, at 00.41, David Fifield wrote:

On Mon, Jan 04, 2010 at 11:05:46AM +0100, Patrik Karlsson wrote:

Hi,

I recently purchased a new Lexmark printer. I have added match lines for FTP and port 9100/udp that gets detected by 
the NTPRequest probe. Port 9100/udp should be running the hbn3 protocol according to:
http://www.lexmark.com/vgn/images/portal/Security%20Features%20of%20Lexmark%20MFPs%20v1_1.pdf

IANA has no record of the HBN3 protocol running on that port so I'm a bit clueless on what to put in the match 
lines. I have put hbn3 for the time being.

The printer response with a MDNS response to the NTPRequest and the
match line parses out very little from it for now. However, I'm also
submitting a script that sends a MDNS request and then attempts to
parse out the response, which is the configuration of the printer.


The script looks good, but I want you to see if you can make it work
using the dns library. If the dns library lacks some feature that you
need, it better that we improve it centrally there.


I've modified the script to make use of the dns library and reduced the code considerably.
It required another small patch to the dns library as the printer did not properly populate the question section of the 
response. I'm attaching this patch as part of the other patches I did to the dns library for the dns discovery script.

Looking at the script, it doesn't seem that the protocol uses multicast
DNS, or is any variant of Bonjour/Rendezvous/Zeroconf/DNS-SD. It looks
to me like a simple proprietary protocol using DNS as a transport. If
that's so, we can name the service hbn3, like we do for some other
protocols that run over another protocol.


the script should be naming the service as hbn3 now.

Does the printer have the same service on 5353/udp? If not, then the
script shouldn't run for that port.


I've removed the 5353 port support as the printer does not have the same service there.


//Patrik

Attachment: dns.lua.patch
Description:

Attachment: lexmark-config.nse
Description:

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Lexmark matches and script Patrik Karlsson (Jan 04)
- Re: Lexmark matches David Fifield (Jan 12)
  - Re: Lexmark matches Patrik Karlsson (Jan 12)
- Re: Lexmark script David Fifield (Jan 12)
  - Re: Lexmark script Patrik Karlsson (Jan 13)
    - Re: Lexmark script David Fifield (Jan 22)
    - Re: Lexmark script Patrik Karlsson (Jan 23)
    - Re: Lexmark script David Fifield (Jan 29)