Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] ventrilo-info Ventrilo server version detection and info

From: Marin Maržić <marzic () gmail com>
Date: Thu, 02 Jan 2014 22:31:36 +0100
Hey,

Happy New Year dev () nmap org!
(and sorry again for the slow replies)

These should replace the existing "match teamspeak2" lines, and they will
act as "softmatches" for the script (while still extracting as much info
as possible should the script not be there):

match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00.....(.{29}).([^\0]+)\0+[^\0]|s p/TeamSpeak 2/ 
o/$2/ i/name: $1; no password/
match teamspeak2 m|^\xf4\xbe\x04\x00\x00\x00\x00\x00....\x02\x00\x00\x00....\x00{60}|s p/TeamSpeak 2/ i|name: n/a; has 
password or version < 2.0.19.16 (very unlikely)|

Also noticed that someone chose to append ".{356]$" to the line matching
passworded or old TS2 versions, presumably based on the packet structure
description I'd posted. Older versions don't necessarily adhere to that
structure, in particular the fixed packet length, so I'd recommend not
adding that bit to the line this time.

Marin

On 1.12.2013. 5:51, David Fifield wrote:

On Tue, Nov 12, 2013 at 09:25:19PM +0100, Marin Maržić wrote:

Say we somehow enumerate and list all the different version/OS 
combinations into the nmap-service-probes file, and we get a match on a 
line. The teamspeak2-version.nse script will always run for that service 
because it's now been classified as "teamspeak2". That will overwrite
any match line findings with more detailed ones. Wouldn't match lines
indifferent to the version number do the job of "softmatching" for the
script better than the most likely incomplete (and non-elegant)
listing? 


I must have lost track of something during the TeamSpeak version
detection discussion. You're right that we shouldn't have matchline and
a version script that do the same thing. We should only have softmatches
in nmap-service-probes, and let teamspeak2-version.nse do the work. If
you can suggest a good softmatch line, I'll commit it.

David Fifield


_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: