Re: [NSE] Improved version of ms-sql-info

[Chris Woodbury <chris3e3 () gmail com>]

On Thu, Feb 3, 2011 at 4:24 PM, Patrik Karlsson <patrik () cqure net> wrote:
> On 31 jan 2011, at 22.08, Chris Woodbury wrote:
>
> > On Sun, Jan 30, 2011 at 4:04 AM, Patrik Karlsson <patrik () cqure net> wrote:
> > > Although I'm no Lua expert here are some quick comments on the code:
> > > * You should probably avoid the leading underscore convention for instance variables and function names to avoid 
> > > confusion with metamethods. [1]
> >
> > Good tip, and thanks for the reference. I've replaced the leading
> > double-underscores with single underscores. Do you think that's still
> > likely to cause problems? My background is in object-oriented
> > programming, so I'm wondering whether I'm trying to impose too much on
> > Lua. :)
>
> I don't think it will cause any problems but theres not much NSE code currently that uses this convention ....
> On the other hand, theres no code style guide for NSE saying the opposite either.

I'm going to take the path of least effort and just leave them as-is
(single leading underscore for "private" variables and functions), and
see if anyone else feels passionately one way or the other. On the
topic of a style guide, that might not be such a bad idea. I've
noticed there are at least 3 or 4 styles in use across the NSE
codebase. It's not a big problem, but it's a bit of an annoyance, as
I'm sure others have experienced too.

> > >   On that same note, all of my ToString and your new ToBytes method could be changed to __tostring (as I've done in 
> > > my later libraries).
> > >   This would make it possible to do:
> > >
> > > local p = PreLoginPacket:new()
> > > socket:send( tostring(p) )
> >
> > I did this and then realized that the ToString methods here return two
> > values (PacketType, PacketData). I didn't think it was worth it to
> > make all the necessary changes to make that work, so I reverted back
> > to the original. I'll keep that in mind for the future, though.
>
> Ok, sorry, my bad.

No problem. I was all for it until I saw the exception and realized
what was going on. :)

> I was just doing some testing so that I could commit this code but noticed something strange.
> I haven't investigated it further but the new ms-sql-info script does not report the TCP ports for my instances.
> This is what I'm seeing:
>
> PORT     STATE SERVICE  REASON
> 1434/udp open  ms-sql-m script-set
> | ms-sql-info:
> |   Server name: EDUSRV011
> |     Instance name: SQLEXPRESS
> |       Version: Microsoft SQL Server 2005 SP2
> |         Product: Microsoft SQL Server 2005
> |         Service pack level: SP2
> |       Clustered: No
> |     Instance name: MSSQLSERVER
> |       Version: Microsoft SQL Server 2000
> |         Product: Microsoft SQL Server 2000
> |       Named pipe: \\EDUSRV011\pipe\sql\query
> |_      Clustered: No
>
>
> This is how the SSRP string looks:
> ServerName;EDUSRV011;InstanceName;MSSQLSERVER;IsClustered;No;Version;8.00.194;np;\\EDUSRV011\pipe\sql\query;tcp;1433;;ServerName;EDUSRV011;InstanceName;SQLEXPRESS;IsClustered;No;Version;9.00.3042.00;tcp;1444;via;EDUSRV011,0:1433;;
>
> Could you please look in to why this information does not make it to the output? If you need more debug info, let me 
> know.

Thanks for including the SSRP string. That's a big help in debugging.
I figured out the the problem here was a mismatch in the mssql and
ms-sql-info versions (I sent my current ms-sql-info, not the one that
was current for the mssql.lua I sent the day before). It's not hard to
reconcile them, but I have some other changes in the works for
mssql.lua and the ms-sql scripts, and I think it would be more
worthwhile at this point to get those ready and just do it all at
once. So, ignore what I sent before, and I should have something to
look at in the next few days.

> Regards,
> Patrik
>
> --
> Patrik Karlsson
> http://www.cqure.net
> http://www.twitter.com/nevdull77

Thanks
-chris
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/