Call for testing: "ncatins" Ncat feature

[Jacek Wielemborek <wielemborekj1 () gmail com>]

Hi,

I'm happy to announce that the new feature I was working on, codenamed
"ncatins", is ready for (hopefully final) testing. In this e-mail I'll
explain what it actually is and how does it work and then give some
pointers on how to try it out.

First of all, a bit of a background. I'm the developer behind Ncat's
--lua-exec feature, recently released in Nmap 6.40 package. Although
the --lua-exec scripts can do really powerful things (in
lua-exec-examples I'm working on a small HTTP server as a nice
demonstration), it has its shortcomings. One of them is that it is
currently impossible to write any filter scripts that would, for
example, implement Websocket protocol. The reason for this is that
although you can read and write to the socket (and even output
messages using standard error stream), there's no way to read Ncat's
standard input.

That's when ncatins come in. The idea behind them is to allow the user
(or rather - the program ran using --exec, --sh-exec or --lua-exec) to
open Ncat's standard input/output and read/write to it as you would to
any other file. In order to do that, Ncat exports a new pair of
environment variables - depending on the system, you'd get
NCAT_INPUT_FD and NCAT_OUTPUT_FD on Linux, or NCAT_INPUT_PIPE and
NCAT_OUTPUT_PIPE on Windows. On Linux, the values of the variables
point to numbers of file descriptors ready for opening in order to
read/write to Ncat's standard streams - just call fdopen() and you're
set. On Windows, due to its limitations, there's a bit more dancing
involved - you need to connect to the named pipe, with the filename
from the environment variable.

For Lua, I made it much simpler to access ncatin/ncatout (as I call
Ncat's stdin/stdout equivalents) - they are already opened and ready
for reading/writing, waiting for you in the "io" module. This works
the same way on both Windows and POSIX systems.

To try the feature out, pull the code from d33tah/ncat-env-ncatins
branch and build it. On Unix systems, here are the commands you need
to run:

svn co https://svn.nmap.org/nmap-exp/d33tah/ncat-env-ncatins
cd ncat-lua
./configure
make

Now, you can cd into the ncat directory and run the
"hello-ncatout.lua" script to see if the code works:

cd ncat
./ncat --listen --lua-exec scripts/hello-ncatout.lua
# And, in another terminal...
./ncat localhost
# (now type in some text in the first terminal and hit return)

This works in connect mode too, of course. Since there's no
io.select() (yet), the first filter demo, demonstrating Websocket, is
written in Python. It's currently very hacky (not exactly RFC
compliant) and does not work on Windows (and has echo.websocket.org
hardcoded), though on Unix systems you can for example call the
following command and type some stuff to see it repeated by
echo.websocket.org:

./ncat --sh-exec "python scripts/ws.py" echo.websocket.org 80

As for the documentation, in r31690 I updated ncat.xml to include some
data about the usage of new feature. It's likely I'll add more demo
scripts - the ws.py is basically a ported ws.lua from ncat-lua-with
branch and I will consider porting base64, rot13, telnet and IRC demos
too. Have a look at scripts/hello-ncatout.lua code, too.

I'd be really grateful for testing this feature and feedback on
whether it works. Comments on the interface itself are welcome too.

So, does it work for you? What do you think about it?

Yours,
Jacek Wielemborek
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/