Nmap Development mailing list archives
Re: [NSE] Improved version of ms-sql-info
From: Chris Woodbury <chris3e3 () gmail com>
Date: Mon, 31 Jan 2011 18:29:54 -0600
Also, my latest version of ms-sql-info.nse. On Mon, Jan 31, 2011 at 3:08 PM, Chris Woodbury <chris3e3 () gmail com> wrote:
On Sun, Jan 30, 2011 at 4:04 AM, Patrik Karlsson <patrik () cqure net> wrote:Although I'm no Lua expert here are some quick comments on the code: * You should probably avoid the leading underscore convention for instance variables and function names to avoid confusion with metamethods. [1]Good tip, and thanks for the reference. I've replaced the leading double-underscores with single underscores. Do you think that's still likely to cause problems? My background is in object-oriented programming, so I'm wondering whether I'm trying to impose too much on Lua. :)On that same note, all of my ToString and your new ToBytes method could be changed to __tostring (as I've done in my later libraries). This would make it possible to do: local p = PreLoginPacket:new() socket:send( tostring(p) )I did this and then realized that the ToString methods here return two values (PacketType, PacketData). I didn't think it was worth it to make all the necessary changes to make that work, so I reverted back to the original. I'll keep that in mind for the future, though.* I don't know if this is or is going to be a problem but os.time() returns a value in seconds. So if two PreLoginPackets are created within the same second, the thread id will be the same. In the Connect method I'm adding the local port of the socket into the randomseed together with os.time. Looking at that particular code now, it could probably be cleaned up a little :)According to the TDS spec, ThreadID is just for debugging (i.e. tracing) purposes. I think the server pretty much ignores it - in fact, the server doesn't even return the value (or any value) in the response. So, I think it's safe to leave things as they are. That said, I realized that my random seeding was unnecessary anyway, since it's already being done in TDSStream.Connect(). Attached is an updated patch with the changes you've suggested. The only other new thing is that I've factored out most of the logic from the Helper.Discover() into a new SSRP class, which clarifies the process a bit and does some extra error-checking. Thanks -chris
Attachment:
ms-sql-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 24)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 26)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 28)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 28)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 30)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 31)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 31)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Feb 03)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Feb 06)
- Re: [NSE] Improved version of ms-sql-info Chris Woodbury (Jan 28)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 26)
- Re: [NSE] Improved version of ms-sql-info Patrik Karlsson (Jan 30)