Nmap Development mailing list archives
Re: [nmap-svn] r36162 - nmap/nselib/data
From: Daniel Miller <bonsaiviking () gmail com>
Date: Mon, 22 Aug 2016 10:35:10 -0500
nnposter, I'm responding here on the mailing list because I think the conventions surrounding the openssl NSE library deserve discussion. There are a few hard requirements we must meet: 1. OpenSSL is strictly optional. Nmap must compile and run without crashing or quitting early due to NSE library lookup failure even when OpenSSL is not compiled in. 2. If a script can run and produce useful output without OpenSSL, it should offer those features when openssl library is missing. There are essentially 3 ways of requiring openssl: * require "openssl"; This fails on point 1 because NSE will fail to find the openssl library and quit immediately. * stdnse.silent_require "openssl"; This works for scripts which require the use of openssl in all cases. The script or library that uses this method will simply fail to run, but NSE can continue with other scripts. * local have_openssl, openssl = pcall(require, 'openssl'); This is the most flexible option, which produces a boolean value "have_openssl" which can be tested before actually using the openssl library functions. If it is not present, the script can fall back to lesser methods. So in the specific case of http-default-accounts-fingerprints.lua, it makes sense to use the last option; most of the fingerprints will not require openssl to check. We can even move the conditional farther out: if the library is not present, do not bother adding the fingerprint to the fingerprints table at all. The other option you mentioned directly to me was: local _, openssl = pcall(require, "openssl"); This option should not be used, since "_" is considered a throwaway variable name; It could easily be overwritten, and code that tests it doesn't make sense. So it would open us up to crashes when someone writes unconditional code that tries to index the nonexistent openssl library. Hope this clears things up. Dan On Mon, Aug 22, 2016 at 8:41 AM, <commit-mailer () nmap org> wrote:
Author: nnposter Date: Mon Aug 22 06:41:01 2016 New Revision: 36162 Log: Adds a fingerprint for Lantronix ThinWeb Manager to script http-default-accounts Modified: nmap/nselib/data/http-default-accounts-fingerprints.lua Modified: nmap/nselib/data/http-default-accounts-fingerprints.lua ============================================================ ================== --- nmap/nselib/data/http-default-accounts-fingerprints.lua (original) +++ nmap/nselib/data/http-default-accounts-fingerprints.lua Mon Aug 22 06:41:01 2016 @@ -4,6 +4,7 @@ local stdnse = require "stdnse" local table = require "table" local url = require "url" +local have_openssl, openssl = pcall(require, 'openssl') --- -- http-default-accounts-fingerprints.lua @@ -555,6 +556,47 @@ end }) +table.insert(fingerprints, { + -- Version 3.6/4 + name = "Lantronix ThinWeb Manager", + category = "printer", + paths = { + {path = "/"} + }, + target_check = function (host, port, path, response) + -- This fingerprint needs OpenSSL for MD5 + return have_openssl + and response.status == 200 + and response.header["server"] + and response.header["server"]:find("^Gordian Embedded") + and response.body + and response.body:lower():find("<title>lantronix thinweb manager", 1, true) + end, + login_combos = { + {username = "", password = "system"} + }, + login_check = function (host, port, path, user, pass) + local lurl = url.absolute(path, "server_eps.html") + -- obtain login nonce + local req1 = http.get(host, port, lurl, {no_cache=true, redirect_ok=false}) + if req1.status ~= 403 then return false end + local nonce = nil + for _, ck in ipairs(req1.cookies or {}) do + if ck.name == "SrvrNonce" then + nonce = ck.value + break + end + end + if not nonce then return false end + -- credential is the MD5 hash of the nonce and the password (in upper case) + local creds = stdnse.tohex(openssl.md5(nonce .. ":" .. pass:upper())) + local cookies = ("SrvrNonce=%s; SrvrCreds=%s"):format(nonce, creds) + local req2 = http.get(host, port, lurl, + {cookies=cookies, no_cache=true, redirect_ok=false}) + return req2.status == 200 + end +}) + --- --Remote consoles --- _______________________________________________ Sent through the svn mailing list https://nmap.org/mailman/listinfo/svn
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data Patrick Donnelly (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data Daniel Miller (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)
- Re: [nmap-svn] r36162 - nmap/nselib/data nnposter (Aug 22)