Nmap Development mailing list archives

Re: backorifice-info

From: David Fifield <david () bamsoftware com>
Date: Mon, 18 Apr 2011 19:52:19 -0700

On Tue, Apr 12, 2011 at 02:55:31AM +0200, Gorjan Petrovski wrote:

Hello,

Here is the latest version of the backorifice-info script, which
gathers basic information about Windows machines running the
BackOrifice service. I'd really like to finalize this script and move
on to more interesting ones. Is it good enough to be accepted into
Nmap Library?


Some things:

Add documentation for the script argument.

        try(socket:bind(nil,1025))


Is it necessary to bind the socket? Can you just let the OS choose a
port?

I like the system you have of keeping the commands to be run in a table.
But put the filter functions in the table too, so they don't have be
kept in sync:

        cmds = {
                {cmd_name="PING REPLY", p_type="TYPE_PING", p_code=0x01, arg1="", arg2="",
                filter=function(data)
                          return string.gsub(data," ","")
                end
                },
                ...
        }

(Or, define named filter_* functions and refer to them by name in the
table.)

You don't need to have an initialize_globals function. Just make your
globals top-level local variables.

I think you can get rid of some redundant information in the commands
table. Instead of this:

        cmds = {{cmd_name="PING REPLY",p_type="TYPE_PING",p_code=0x01,arg1="",arg2=""}, ...}

you might do this:

        TYPES = { PING = 0x01, ... }
        CMDS = {{ p_type = TYPES.PING, arg1 = "", arg2 = "" }, ... }

Then, instead of checking cmd_name == "PING_REPLY", just check p_type ==
TYPES.PING.

Instead of using a global "rand" variable to track random number state,
make mrand take a parameter (the current seed), and return the new seed.
Make the seed local to the BOcrypt function. Let BOcrypt do the
(seed >> 16) & 0xff calculation, not mrand.

How do we handle lines that are too long to be printed into terminal
(longer than 80 chars)?
I cut long lines at about ~75 chars and added a "  ..." at the
beginning of the new line so output looks like this now:


I wouldn't worry about this too much. Just print the long lines, unless
you expect them to wrap three or four times.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

backorifice-info Gorjan Petrovski (Apr 11)
- Re: backorifice-info David Fifield (Apr 18)
  - Re: backorifice-info Gorjan Petrovski (Apr 19)
    - Re: backorifice-info David Fifield (Apr 20)
    - Re: backorifice-info Gorjan Petrovski (Apr 20)
    - Message not available
    - Message not available
    - Re: backorifice-info Gorjan Petrovski (Apr 25)
    - Message not available
    - Message not available
    - Message not available
    - Message not available
    - Re: backorifice-info Gorjan Petrovski (Apr 25)
    - Re: backorifice-info Patrick Donnelly (Apr 25)
    - Re: backorifice-info Toni Ruottu (Apr 20)
    - Re: backorifice-info Gorjan Petrovski (Apr 20)
    - Re: backorifice-info Toni Ruottu (Apr 20)
    - Re: backorifice-info Gorjan Petrovski (Apr 20)