Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] murmur-version Murmur server version detection script
From: Marin Maržić <marzic () gmail com>
Date: Wed, 12 Dec 2012 20:40:32 +0100


The payload seems to be working:

# Murmur 1.2.X (Mumble server)
udp 64738 "\x00\x00\x00\x00abcdefgh"

The recommended port is the default port that a lot of servers use and
the program default, but it's common to see the server ran on other port
numbers (guess that's the usual situation).

As an aside,

I had made a nmap-service-probes thing prior to going with NSE. Would a
thing like the following match line somehow be possible?

match murmur m|^\0(.)(.)(.)abcdefgh(.{4})(.{4})(.{4})$|s p/Murmur voice
communication (Mumble server)/ v/$1.$2.$3/ i/#users: $4, #max users: $5,
speech bandwidth: $6 bps/

The problem is the regex captured parts are binary 1byte and 4byte big
endian ints, i.e. they aren't ascii. Can that somehow be converted to
ascii with some helper function for output?

Anyway, since I didn't know how to do output with that, I first
hardcoded all supported known version numbers in the match lines (the
last one is generic and doesn't differentiate between versions). In the
end I chose to use the NSE because this was ugly :).

Probe UDP Murmur q|\0\0\0\0abcdefgh|
rarity 1
ports 64738

match murmur m|^\0\x01\x02\0abcdefgh.{12}$|s p/Murmur voice
communication (Mumble server)/ v/1.2.0/
match murmur m|^\0\x01\x02\x01abcdefgh.{12}$|s p/Murmur voice
communication (Mumble server)/ v/1.2.1/
match murmur m|^\0\x01\x02\x02abcdefgh.{12}$|s p/Murmur voice
communication (Mumble server)/ v/1.2.2/
match murmur m|^\0\x01\x02\x03abcdefgh.{12}$|s p/Murmur voice
communication (Mumble server)/ v/1.2.3/
match murmur m|^\0\x01\x02\x04abcdefgh.{12}$|s p/Murmur voice
communication (Mumble server)/ v/1.2.4/
match murmur m|^\0.{3}abcdefgh.{12}$|s p/Murmur voice communication
(Mumble server)/ v/1.2.X/

Marin Maržić

On 12/11/2012 06:35 AM, David Fifield wrote:
On Sun, Dec 09, 2012 at 08:39:57PM +0100, Marin Maržić wrote:
Here's an NSE service detection script for the Murmur service (the
server for Mumble, a voice communication client). It seems to be in
working order for all the versions it's supposed to detect. More info
can be found in the .nse description.

Thank you Marin. I have added your script. It was well written and I
only made a few small changes to the output.

I wonder if you can turn this script into a UDP payload for the purpose
of UDP scans not using version detection?

David Fifield

Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]