Nmap Development mailing list archives
Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file
From: Kristian Erik Hermansen <kristian.hermansen () gmail com>
Date: Fri, 24 Apr 2015 05:07:20 -0700
Daniel -- Thanks for the pointers. And here is a working UDP based nse starter file to do a simple remote unauthenticated hostname extraction. I didn't merge the TCP and UDP functionality into a single nse, because I wasn't sure if separating them was preferred. Feel free to modify or clean up as you best see fit when integrating into a future release... valve-steam-udp.nse: """ local stdnse = require "stdnse" local tab = require "tab" description = [[ Determines whether Valve's Steam In-Home Streaming gaming control port is responding on a remote server. Some remote system configuration and other data can be extracted without any authentication. Research is based on a very limited understanding of the protocol learned from blind fuzzing. References: * Steam Support Page: https://support.steampowered.com/kb_article.php?ref=3629-RIAV-1617#networkports * Independent Research: https://codingrange.com/blog/steam-in-home-streaming-discovery-protocol ]] --- -- @usage -- nmap -sU -p 27036 <ip> --script valve-steam-udp -- -- @output -- PORT STATE SERVICE REASON -- 27036/udp open|filtered unknown -- | valve-steam-udp: -- |_ Hostname: SomePC -- -- categories = {"default", "safe", "discovery"} author = "Kristian Erik Hermansen <kristian.hermansen+nmap () gmail com>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" -- The Rule Section -- portrule = function(host, port) return port.protocol == "udp" and port.number == 27036 and port.state == "open|filtered" end action = function(host, port) local socket = nmap.new_socket() socket:connect(host, port, "udp") socket:send("\xff\xff\xff\xff\x21\x4c\x5f\xa0\x16\x00\x00\x00\x08\x9a\xe6\xb1\x84\xd0\x81\x83\xc5\x51\x10\x00\x18\xd4\xf8\xa8\xaa\x99\x83\xe5\x80\x74\x02\x00\x00\x00\x08\x01") s,response = socket:receive() socket:close() local out = tab.new() if string.match(response, "^\xff\xff\xff\xff\x21\x4c\x5f\xa0") then hostname = response:match( "\xff\xff\xff\xff\x21\x4c\x5f\xa0.*\x00\x00\x00\x08\x06\x10\x06\x18\x9c\xd3\x01\x22.(.*)\x30\x02\x38" ) tab.addrow(out, "Hostname: " .. hostname) else return nil end return stdnse.format_output(true, out) end """ -- Regards, Kristian Erik Hermansen https://www.linkedin.com/in/kristianhermansen https://google.com/+KristianHermansen _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Kristian Erik Hermansen (Apr 21)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Daniel Miller (Apr 21)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Kristian Erik Hermansen (Apr 22)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Daniel Miller (Apr 22)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Kristian Erik Hermansen (Apr 23)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Daniel Miller (Apr 23)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Kristian Erik Hermansen (Apr 23)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Kristian Erik Hermansen (Apr 24)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Kristian Erik Hermansen (Apr 22)
- Re: Valve Steam In-Home Streaming gaming software probe / match with additional nse starter file Daniel Miller (Apr 21)