Re: [NSE] Revision of telnet-brute

[David Fifield <david () bamsoftware com>]

On Sat, Apr 20, 2013 at 09:17:30PM +0000, nnposter () users sourceforge net wrote:
> David Fifield wrote:
> > > - Replaced hard-coded line termination \r\0 with a configurable
> > > parameter (telnet-brute.eol) and set the default value to \r to avoid
> > > falsely failed logins on some daemons. The parameter supports use of
> > > C-like escape sequences, such as \r, \x0d, and \0015.
> >
> > This part seems overengineered to me. My reading of RFC 854 says that
> > there are only two reasonable values for sending end-of-line: "\r\n" and
> > "\r\0". Ideally one of these always works better than the other and we
> > don't need to make it configurable. If it must be configurable, let it
> > be between these two choices. I don't want the unescape function to be
> > there.
>
> Sequence \r\0 does not always work while it is the one used by the
> linux telnet client. Sequence \r\n worked for me (and it is the one
> used by the Windows client) but that observation is not worth much.
> Single \r worked for me as well.
>
> That is why the best approach might be to pick a sensible default
> value but give the user the option to override it, instead of having
> to clone the script and edit the hard-coded string inside, which is what
> I had to do with the old one to make it work.
>
> I honestly do not follow what you are proposing here. Some Boolean
> script parameter "Use the other line termination"? Could you please
> elaborate?

Let's hard-code it to be "\r\n". If you can find a server that doesn't
work on, then we'll make it configurable.

The reason I ask you to do this is that I don't want the extra
complexity for a feature that, to a close approximation, nobody will
use. I'm looking at the future maintenance costs.

If there were to be a script argument, it would be something like
eol=lfnul or eol=crlf.

> > Can you explain the print_debug function? Why not use stdnse.print_debug
> > directly?
>
> The local function is just a wrapper around stdnse.print_debug to make
> sure that the messages are consistently prefixed with the script name,
> without having to repeat the same code over and over.

Okay, but I don't understand the two branches inside the function. Am I
wrong, or is only one of the branches ever followed?

David Fifield
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/