Re: Patch to add "Version scan".

["Alek O. Komarnitsky (N-CSC)" <alek () ast lmco com>]

> From: "Jay Freeman (saurik)" <saurik () cyberuniverse com>
> Subject: Patch to add "Version scan".
> To: Nmap-Hackers <nmap-hackers () insecure org>
>
> [Comments/Code about patches to nmap to return version number running ...]
>
> Sincerely,
> Jay Freeman (saurik)
> saurik () saurik com <mailto:saurik () saurik com>

Jay,

Super-duper cool stuff ... I hope this gets rolled into nmap itself!

Note that nmap-web has some (primitive) port querying code ... I've attached
the snippet for port 13, daytime ... which is actually by far the most 
complicated since we have to do some misc. date/time parsing - hopefully,
this might be of use to you since this can then be used as an easy way
to check that the time/date is set correctly on machines if the port is open;
good way to insure that your NTP setup is actually working!   ;-)

Again, GREAT stuff - I'd love to see this functionality moved into nmap itself.
alek

P.S. nmap-web is at:  http://www.komar.org/komar/alek/  ->  Misc. Tech Stuff
Feel free, of course, to "canabilize" anything I've done.


#nmap-web: port 13 query ... probably most complicated one!   ;-)
sub query_port{ 
   my ($timeout) = @_;        
   my $remote_data;
   my $diff = 999;
   print $socket "";
   $remote_date = get_socket_value($timeout);
   if (/Socket timed out/) {
      $_ = $remote_date;
   } else {
      $diff = &get_diff_seconds($remote_date);
      $_ = sprintf("%5s%s" ,"$diff" , "   $remote_date");
   }
   return "$_","$diff";
}


sub get_diff_seconds{ 
   # CPAN stuff could do this easier for you ...
   # But this is complicated by the fact that you don't know the timezone ...
   my ($remote_date,$rdaytime,$rmday) = @_; 
   my ($seconds,$minutes,$hours,$daytime,$mday,$month,$year);
   my ($local_date,$local_sec,$remote_sec,$diff);
   use Time::Local;
   $local_date = localtime;

   # NT adds commands and moves the year around ...
   $remote_date =~ s/\,//g;
   ($_,$_,$rmday,$rdaytime) = split(/\s+/,$remote_date); 
   ($_,$_,$_,$rmday,$rdaytime) = split(/\s+/,$remote_date) if ( ! ($rdaytime =~ /\:/)); 
   ($hours,$minutes,$seconds) = split(/:/,$rdaytime);

   ($_,$_,$_,$mday,$month,$year)=localtime();
   $remote_sec = timelocal($seconds,$minutes,$hours,$mday,$month,$year);

# Giant kludge to work around time zone stuff and testing around midnight ...
   if ( $rmday == $mday ) {
      #NOOP
   } elsif (( $rmday == ($mday+1)) || ( ($rmday == 1) && ( $rmday !=e $mday ))) {
      $remote_sec = $remote_sec + ( 24*60*60);
   } elsif (( $mday == ($rmday+1)) || ( ($mday == 1) && ( $rmday != $mday ))) {
      $remote_sec = $remote_sec - ( 24*60*60);
   } else {
      print "something wierd happening here with timezones ...\n";
      print "local date is $local_date and remote date is $remote_date ...\n";
      print "Let the $author know ... \n";
   }

   ($_,$_,$_,$daytime) = split(/\s+/,$local_date); 
   ($hours,$minutes,$seconds) = split(/:/,$daytime);
   ($_,$_,$_,$mday,$month,$year)=localtime();
   $local_sec = timelocal($seconds,$minutes,$hours,$mday,$month,$year);
   $diff = $remote_sec - $local_sec;
# timezone correction - we assume you are at least withen an hour!   ;-)
   if (abs($diff) > 3500) {
      $diff = $diff - ( 3600*int(($diff*1.2)/3600)); 
   }
   return $diff;
}


sub get_socket_value {
   my ($timeout) = @_; 
   $SIG{ALRM} = sub { die "timeout" };
   eval {
      alarm ($timeout);
      $_ = <$socket>;
      alarm(0);
   };
   if ( $@ ) {
      if ( $@ =~ /timeout/ ) {
         $_ = "<font color=\"red\">Socket timed out after $timeout seconds</font>";
      } else {
         alarm(0);
         die;
      }
   }
   chomp();
   s/\r//;
   return $_;
}