Nmap Development mailing list archives
Re: [RFC] NSE pack/unpack library
From: David Fifield <david () bamsoftware com>
Date: Fri, 20 Jun 2008 10:01:13 -0600
On Fri, Jun 20, 2008 at 04:24:56PM +0200, Philip Pickering wrote:
Are there reasons that we can't use the current lpack library as-is?lpack lacks some functionality we need. These features are at least H for hex strings, B for bit strings and x for null/ignoring bytes. By adding these features the original operator characters get misleading.
I looked through the scripts to see which ones could benefit from pack/unpack. Here are some examples I found (edited to include just snippets of binary data handling). MSSQLm.nse: -- build a TDS packet - type 0x12 -- copied from packet capture of osql connection payload = payload .. "\018\001\000\047\000\000\001\000\000\000" payload = payload .. "\026\000\006\001\000\032\000\001\002\000" payload = payload .. "\033\000\001\003\000\034\000\004\004\000" payload = payload .. "\038\000\001\255\009\000\011\226\000\000" payload = payload .. "\000\000\120\023\000\000\000" dns-test-open-recursion.nse: -- generate dns query, Transaction-ID 0xdead, www.wikipedia.org (type A, class IN) local request = string.char(0xde, 0xad, 0x01, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03) .. "www" .. string.char(0x09) .. "wikipedia" .. string.char(0x03) .. "org" .. string.char(0x00, 0x00, 0x01, 0x00, 0x01) -- parse response for dns flags if (bit.band(string.byte(result,3), 0x80) == 0x80 and bit.band(string.byte(result,4), 0x85) == 0x80) netbios-smb-os-discovery.nse: local WildCard = string.char(0x00, 0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x43, 0x4b, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x00, 0x00, 0x21, 0x00, 0x00) I want to know what these snippets would look like using the pack/unpack library. Maybe we don't need everything that lpack has and can invent our own interface. I too am wary of giving an NSE library behavior that's incompatible with the library it's based on. Anyway, good thinking Philip. There appears to be ample demand for this functionality (especially pack). David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [RFC] NSE pack/unpack library Philip Pickering (Jun 19)
- Re: [RFC] NSE pack/unpack library Brandon Enright (Jun 19)
- Re: [RFC] NSE pack/unpack library Philip Pickering (Jun 19)
- Re: [RFC] NSE pack/unpack library Fyodor (Jun 19)
- Re: [RFC] NSE pack/unpack library Philip Pickering (Jun 20)
- Re: [RFC] NSE pack/unpack library David Fifield (Jun 20)
- Re: [RFC] NSE pack/unpack library Philip Pickering (Jun 20)
- Re: [RFC] NSE pack/unpack library Brandon Enright (Jun 19)