Nmap Development mailing list archives

Re: [nmap-svn] r36162 - nmap/nselib/data

From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 22 Aug 2016 10:35:10 -0500

nnposter,

I'm responding here on the mailing list because I think the conventions
surrounding the openssl NSE library deserve discussion. There are a few
hard requirements we must meet:

1. OpenSSL is strictly optional. Nmap must compile and run without crashing
or quitting early due to NSE library lookup failure even when OpenSSL is
not compiled in.

2. If a script can run and produce useful output without OpenSSL, it should
offer those features when openssl library is missing.

There are essentially 3 ways of requiring openssl:

* require "openssl"; This fails on point 1 because NSE will fail to find
the openssl library and quit immediately.

* stdnse.silent_require "openssl"; This works for scripts which require the
use of openssl in all cases. The script or library that uses this method
will simply fail to run, but NSE can continue with other scripts.

* local have_openssl, openssl = pcall(require, 'openssl'); This is the most
flexible option, which produces a boolean value "have_openssl" which can be
tested before actually using the openssl library functions. If it is not
present, the script can fall back to lesser methods.

So in the specific case of http-default-accounts-fingerprints.lua, it makes
sense to use the last option; most of the fingerprints will not require
openssl to check. We can even move the conditional farther out: if the
library is not present, do not bother adding the fingerprint to the
fingerprints table at all.

The other option you mentioned directly to me was: local _, openssl =
pcall(require, "openssl"); This option should not be used, since "_" is
considered a throwaway variable name; It could easily be overwritten, and
code that tests it doesn't make sense. So it would open us up to crashes
when someone writes unconditional code that tries to index the nonexistent
openssl library.

Hope this clears things up.
Dan

On Mon, Aug 22, 2016 at 8:41 AM, <commit-mailer () nmap org> wrote:

Author: nnposter
Date: Mon Aug 22 06:41:01 2016
New Revision: 36162

Log:
Adds a fingerprint for Lantronix ThinWeb Manager to script
http-default-accounts

Modified:
   nmap/nselib/data/http-default-accounts-fingerprints.lua

Modified: nmap/nselib/data/http-default-accounts-fingerprints.lua
============================================================
==================
--- nmap/nselib/data/http-default-accounts-fingerprints.lua     (original)
+++ nmap/nselib/data/http-default-accounts-fingerprints.lua     Mon Aug
22 06:41:01 2016
@@ -4,6 +4,7 @@
 local stdnse = require "stdnse"
 local table = require "table"
 local url = require "url"
+local have_openssl, openssl = pcall(require, 'openssl')

 ---
 -- http-default-accounts-fingerprints.lua
@@ -555,6 +556,47 @@
   end
 })

+table.insert(fingerprints, {
+  -- Version 3.6/4
+  name = "Lantronix ThinWeb Manager",
+  category = "printer",
+  paths = {
+    {path = "/"}
+  },
+  target_check = function (host, port, path, response)
+    -- This fingerprint needs OpenSSL for MD5
+    return have_openssl
+           and response.status == 200
+           and response.header["server"]
+           and response.header["server"]:find("^Gordian Embedded")
+           and response.body
+           and response.body:lower():find("<title>lantronix thinweb
manager", 1, true)
+  end,
+  login_combos = {
+    {username = "", password = "system"}
+  },
+  login_check = function (host, port, path, user, pass)
+    local lurl = url.absolute(path, "server_eps.html")
+    -- obtain login nonce
+    local req1 = http.get(host, port, lurl, {no_cache=true,
redirect_ok=false})
+    if req1.status ~= 403 then return false end
+    local nonce = nil
+    for _, ck in ipairs(req1.cookies or {}) do
+      if ck.name == "SrvrNonce" then
+        nonce = ck.value
+        break
+      end
+    end
+    if not nonce then return false end
+    -- credential is the MD5 hash of the nonce and the password (in upper
case)
+    local creds = stdnse.tohex(openssl.md5(nonce .. ":" .. pass:upper()))
+    local cookies = ("SrvrNonce=%s; SrvrCreds=%s"):format(nonce, creds)
+    local req2 = http.get(host, port, lurl,
+                         {cookies=cookies, no_cache=true,
redirect_ok=false})
+    return req2.status == 200
+  end
+})
+
 ---
 --Remote consoles
 ---

_______________________________________________
Sent through the svn mailing list
https://nmap.org/mailman/listinfo/svn

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
  - Re: [nmap-svn] r36162 - nmap/nselib/data Patrick Donnelly (Aug 22)
  - Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
    - Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)