Nmap Development mailing list archives

Re: Huawei/H3C Local User enumeration script

From: David Fifield <david () bamsoftware com>
Date: Thu, 25 Oct 2012 11:23:21 -0700

On Thu, Oct 25, 2012 at 10:52:51AM -0700, Kurt Grutzmacher wrote:

I don't see where the script accepts a community string. You say the
script needs a read-only or read-write community string; how does the
user get one?


Like all the other SNMP NSEs the user would need to send it with
--script-args snmpcommunity=<community>. I have added a @usage section
to help for this. Based on http://nmap.org/nsedoc/lib/snmp.html this
argument is accepted by the library and does not need to be configured
in NSE scripts.


Is there likely to be a default community string? Or is ti not something
worth checking for?

It would probably be better to use structured output than
stdnse.format_output for this script. Make your process_answer function
return a nice semantic table with labeled fields; then just return it.
http://nmap.org/book/nse-api.html#nse-structured-output


Sounds good except that how does one make columns in the structured
output? I see some discussion but not real resolution. For now I'm just
having to slap everything into an element output which makes:


You don't make columns in the structured output. Structured output is a
table of name-value pairs. If you need columns, then you additionally
return a string with the formatted columns--but we are trying to
discourage this kind of output when simple structured output is enough.

output.users[#output.users + 1] = string.format("%s - %s - level: %s", v.value, password, level)


This is exactly what structured output shouldn't return :) Is the first
field a user name? Then it should be more like this:

        local users = stdnse.output_table()
        for _, v in ipairs( tbl ) do
                ...
                users[#users+1] = {username=v.value, password=password, level=level}
        end
        return users

Think about what would be the optimal structure for a programmer using
the username-password table, and your script should construct exactly
that structure at some point. You can return this table directly. If you
need fancier formatting, then pass the formatted users table into
another function that will format the username/password/level triples:

        output = process_answer(users)
        return output, format_user_table(output)

format_user_table would contain the same string.format code you are
doing now.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 23)
- Re: Huawei/H3C Local User enumeration script David Fifield (Oct 24)
  - Re: Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 25)
    - Re: Huawei/H3C Local User enumeration script David Fifield (Oct 25)
    - Re: Huawei/H3C Local User enumeration script Kurt Grutzmacher (Oct 25)
    - Re: Huawei/H3C Local User enumeration script David Fifield (Nov 07)