Nmap Development mailing list archives
Jacek's status report - #7 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 22 Jul 2013 23:11:29 +0200
Hi guys, This is the report 7/16 for the Google Summer of Code project “Bringing Lua to Ncat”. After having looked at my --with feature design, David wasn't exactly satisfied and suggested to step back, focusing on less controversial improvements for now. That's why this week I was mainly working towards implementing new environment variables to Ncat, passed to --exec/--sh-exec/--lua-exec child processes. When I felt I completed the task (at least until he reviews my progress), I worked on various other things. Achievements: * Had an over-two-hours long meeting with David, during which we discussed the environment variables feature, my --with feature and alternative options of embedding Lua into Ncat. * Prepared a patch that adds NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT, NCAT_SSL (actually had the code waiting for these three), NCAT_LOCAL_ADDR, NCAT_LOCAL_PORT environment variables for POSIX systems. Learnt a lesson from Henri about licensing. * Did a bit of investigation on what is needed to add the environment variables to Windows processes started by CreateProcess system call. I wrote code needed to add the values to the environment returned by GetEnvironmentStrings. * Wrote some documentation on the new five environment variables. * Started a README.txt in my nmap-exp directory, thinking it's a fun idea to list all the branches one could find here in the SVN history. I also added quick notes about the statuses of the branches and information on why would anyone want to the parts of my code that didn't get merged in (and a quick tip on how to actually use them). * Wrote three examples showing the use of the new environment variables. - whatismyip.lua - simply replies to the user with his IP address, - logme.sh - shows how easy it is to log IP addresses (and source ports, too) connecting to the server created with Ncat, - p0fme.py - collects all the data it can find on the IP address connecting to the server, reading p0f (version 3) logs. To collect a bit more data, it sends some data to the user first and waits for three seconds. * Frustrated by how a memory error slipped into my Windows addenv() routine (off-by-one, probably nondestructive, but still an error), I wrote a testing platform for this function. This helped me test various modifications to addenv() with confidence that the code is completely safe now (at least until David points out another interesting thing to me). It also led to simplifying this code a bit. * Replied to my proposal thread about Ncat environment variables, listing the new variables and other goodies that can be found in my branch. * Started the implementation of a HTTP server using --lua-exec only. Surprisingly, it performs pretty well already - it can work for sharing files, as Fyodor requested in the TODO file. I had to deal with line-endings in Windows (and I guess the fun's not over yet, though I hotfixed it in r31481). There were also some security issues, and I wouldn't be surprised to hear it's still exploitable (though I fixed some quite a few bugs already). * Came up with a way to use Windows without cursing every other exhalation! I always kept saying that if I had to work on Windows for a longer period time, I'd use Cygwin to ease the pain and it turned out to be a good decision to finally try it. Since it might be pretty fun, I'll write a bit about my new workflow: I ssh to the Windows 7 virtual machine. Thanks to an app called “apt-cyg”, I installed git-svn, GNU Screen, vim and zsh with just a command and synchronized their settings (the command proved useful many times later on). I work in a shared SMB directory - all my working directory is synchronized right away (and I'll probably share ~/.viminfo too to share my vim buffers). This way I can easily test pieces of code on both systems. Compiling a MSVC project from the command line was most tricky. There is a tool scarily named “msbuild” that you can use for that; the problem I had was that it didn't work under Cygwin. Actually, even spawning “cmd” and then running the magic “vcvarsall.bat” file that was supposed to prepare the environment variables didnt' help. In the end, I installed a Windows Telnet Server and ncat'ed to it locally. Since Cygwin pipes didn't work the same way they work on Linux (couldn't “echo 'a' > ~/fifo” twice), here's what I did as a walkaround: touch ~/fifo #yes, a regular file. tail -f ~/fifo | ncat -t -C localhost 23 & cat >> ~/fifo # log in, run vcvarsall, CD to my project's working directory, then EOF alias make="echo 'msbuild' >> ~/fifo" It really does feel like a normal compilation then (if we skip the “proprietary” part) - after issuing “make”, I can see the build log. It is useful to turn off Telnet idle connection timeouts in this setup. I can make a detailed Secwiki entry about it all if you're interested. Turns out Windows is bearable if you remove windows out of it! Priorities: * Merge in the environment variables code. * Prepare code for ncatin/ncatout along with NCAT_INPUT_FD/NCAT_OUTPUT_FD environment variables. These will enable really awesome filtering functionality, so I hope to make examples more attractive as well. * Do some experimenting towards the socket abstraction model David proposed during our last meeting. I already have some design concepts in mind, I'll probably spend rest of this evening taking notes to present the ideas to David. * (low-priority) Explore expanding the stacking functionality to any combination of --exec, --sh-exec and --lua-exec calls - perhaps it's not a bad idea after all? Yours, Jacek Wielemborek _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Jacek's status report - #7 of 16 Jacek Wielemborek (Jul 22)