smb2.lua, smb-protocols.nse, smb2-capabilities and smb2-security-mode #943
Conversation
scripts/smb2-capabilities.nse
Outdated
| end | ||
| -- We set our overrides Dialects table with the dialect we are testing | ||
| overrides['Dialects'] = {dialect} | ||
| status, _ = smb2.negotiate_v2(smbstate, overrides) |
There was a problem hiding this comment.
_ is global here. Just leave it off; unlike Python, Lua ignores any extra/unassigned return values.
nselib/smb.lua
Outdated
| function negotiate_protocol(smb, overrides) | ||
| -- @param smb The SMB object associated with the connection. | ||
| -- @param overrides Overrides table. | ||
| -- @return (status, dialect) If status is true, the negotiated dialect in human readable form is returned as the second value. |
There was a problem hiding this comment.
NSEdoc supports multiple @return statements. The convention for this sort of thing is:
-- @return Boolean status
-- @return The negotiated dialect in human-readable form, or an error message if status is false
nselib/smb.lua
Outdated
| @@ -2498,7 +2561,6 @@ end | |||
| -- data is given as a string, not a file. | |||
| -- | |||
| --@param host The host object | |||
| --@param data The string containing the data to be written | |||
nselib/smb2.lua
Outdated
| local table = require "table" | ||
| local match = require "match" | ||
| local bit = require "bit" | ||
| local nsedebug = require "nsedebug" |
There was a problem hiding this comment.
I guess this was left in from testing; please remove it before committing.
nselib/smb2.lua
Outdated
| -- get updated. I tried to be consistent with the current implementation of | ||
| -- smb.lua but some fields may have changed name or don't exist anymore. | ||
| -- | ||
| -- TODO: |
There was a problem hiding this comment.
Is this TODO list current? It probably doesn't belong in the NSEdoc. Please make a separate Github Issue for each item that you think really ought to be done.
nselib/smb2.lua
Outdated
| return false, "SMB2: ERROR:Server returned less data than it was supposed to" | ||
| end | ||
| -- Make the length 24 bits | ||
| netbios_length = bit.band(netbios_length, 0x00FFFFFF) |
There was a problem hiding this comment.
Please use native Lua 5.3 bit operations. The bit library is deprecated.
There was a problem hiding this comment.
Removed all calls to the bit library.
nselib/smb2.lua
Outdated
| 0x0002, -- Ciphers (2 bytes each): AES-128-GCM | ||
| 0x0001 -- Ciphers (2 bytes each): AES-128-CCM | ||
| ) | ||
| data = data .. string.pack("<I2 I2 I4 c" .. #context_data, |
There was a problem hiding this comment.
Instead of string.pack("XYZ c" .. #something, X, Y, Z, something), just do string.pack("XYZ", X, Y, Z) .. something; it's simpler.
nselib/smb2.lua
Outdated
| total_data = #header+#data | ||
| padding_data = "" | ||
| while((total_data)%8 ~= 0) do | ||
| padding_data = padding_data .. string.pack("<c1", 0x0) |
There was a problem hiding this comment.
Padding is simpler like this:
padding = string.rep("\0", (8 - total_data % 8) % 8)
scripts/smb2-capabilities.nse
Outdated
| -- we need a clean connection for each negotiate request | ||
| status, smbstate = smb.start(host) | ||
| if(status == false) then | ||
| return false, smbstate |
There was a problem hiding this comment.
Don't return false from the action function. Either return nil (no output) or return an error message. I guess this was probably part of a function at one time.
scripts/smb2-capabilities.nse
Outdated
|
|
||
| -- We check the capabilities flags. Not all of them are supported by | ||
| -- every dialect but we dumb check anyway. | ||
| if ( bit.band(smbstate['capabilities'], 0x00000001) == 0x00000001) then |
There was a problem hiding this comment.
if smbstate.capabilities & 0x01 == 0x01 then
|
Added smb2-time.nse to this branch too. I'll create a separate PR for the vulnerability detection script based on the system uptime. |
|
Actually, as we want to push everything we have for SMB2 now, I've added smb2-vuln-uptime.nse in the same PR. |
More info:
http://seclists.org/nmap-dev/2017/q3/20