Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Jacek's status report - #7 of 16
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Mon, 22 Jul 2013 23:11:29 +0200

Hi guys,

This is the report 7/16 for the Google Summer of Code project
“Bringing Lua to Ncat”.

After having looked at my --with feature design, David wasn't exactly
satisfied and suggested to step back, focusing on less controversial
improvements for now. That's why this week I was mainly working
towards implementing new environment variables to Ncat, passed to
--exec/--sh-exec/--lua-exec child processes. When I felt I completed
the task (at least until he reviews my progress), I worked on various
other things.

Achievements:

* Had an over-two-hours long meeting with David, during which we
discussed the environment variables feature, my --with feature and
alternative options of embedding Lua into Ncat.

* Prepared a patch that adds NCAT_REMOTE_ADDR, NCAT_REMOTE_PORT,
NCAT_SSL (actually had the code waiting for these three),
NCAT_LOCAL_ADDR, NCAT_LOCAL_PORT environment variables for POSIX
systems. Learnt a lesson from Henri about licensing.

* Did a bit of investigation on what is needed to add the environment
variables to Windows processes started by CreateProcess system call. I
wrote code needed to add the values to the environment returned by
GetEnvironmentStrings.

* Wrote some documentation on the new five environment variables.

* Started a README.txt in my nmap-exp directory, thinking it's a fun
idea to list all the branches one could find here in the SVN history.
I also added quick notes about the statuses of the branches and
information on why would anyone want to the parts of my code that
didn't get merged in (and a quick tip on how to actually use them).

* Wrote three examples showing the use of the new environment variables.

        - whatismyip.lua - simply replies to the user with his IP address,
        - logme.sh - shows how easy it is to log IP addresses (and source
ports, too) connecting to the server created with Ncat,
        - p0fme.py - collects all the data it can find on the IP address
connecting to the server, reading p0f (version 3) logs. To collect a
bit more data, it sends some data to the user first and waits for
three seconds.

* Frustrated by how a memory error slipped into my Windows addenv()
routine (off-by-one, probably nondestructive, but still an error), I
wrote a testing platform for this function. This helped me test
various modifications to addenv() with confidence that the code is
completely safe now (at least until David points out another
interesting thing to me). It also led to simplifying this code a bit.

* Replied to my proposal thread about Ncat environment variables,
listing the new variables and other goodies that can be found in my
branch.

* Started the implementation of a HTTP server using --lua-exec only.
Surprisingly, it performs pretty well already - it can work for
sharing files, as Fyodor requested in the TODO file. I had to deal
with line-endings in Windows (and I guess the fun's not over yet,
though I hotfixed it in r31481). There were also some security issues,
and I wouldn't be surprised to hear it's still exploitable (though I
fixed some quite a few bugs already).

* Came up with a way to use Windows without cursing every other
exhalation! I always kept saying that if I had to work on Windows for
a longer period time, I'd use Cygwin to ease the pain and it turned
out to be a good decision to finally try it.

Since it might be pretty fun, I'll write a bit about my new workflow:
I ssh to the Windows 7 virtual machine. Thanks to an app called
“apt-cyg”, I installed git-svn, GNU Screen, vim and zsh with just a
command and synchronized their settings (the command proved useful
many times later on). I work in a shared SMB directory - all my
working directory is synchronized right away (and I'll probably share
~/.viminfo too to share my vim buffers). This way I can easily test
pieces of code on both systems.

Compiling a MSVC project from the command line was most tricky. There
is a tool scarily named “msbuild” that you can use for that; the
problem I had was that it didn't work under Cygwin. Actually, even
spawning “cmd” and then running the magic “vcvarsall.bat” file that
was supposed to prepare the environment variables didnt' help. In the
end, I installed a Windows Telnet Server and ncat'ed to it locally.
Since Cygwin pipes didn't work the same way they work on Linux
(couldn't “echo 'a' > ~/fifo” twice), here's what I did as a
walkaround:

touch ~/fifo #yes, a regular file.
tail -f ~/fifo | ncat -t -C localhost 23 &
cat >> ~/fifo
# log in, run vcvarsall, CD to my project's working directory, then EOF
alias make="echo 'msbuild' >> ~/fifo"

It really does feel like a normal compilation then (if we skip the
“proprietary” part) - after issuing “make”, I can see the build log.
It is useful to turn off Telnet idle connection timeouts in this
setup. I can make a detailed Secwiki entry about it all if you're
interested. Turns out Windows is bearable if you remove windows out of
it!

Priorities:

* Merge in the environment variables code.

* Prepare code for ncatin/ncatout along with
NCAT_INPUT_FD/NCAT_OUTPUT_FD environment variables. These will enable
really awesome filtering functionality, so I hope to make examples
more attractive as well.

* Do some experimenting towards the socket abstraction model David
proposed during our last meeting. I already have some design concepts
in mind, I'll probably spend rest of this evening taking notes to
present the ideas to David.

* (low-priority) Explore expanding the stacking functionality to any
combination of --exec, --sh-exec and --lua-exec calls - perhaps it's
not a bad idea after all?

Yours,
Jacek Wielemborek
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • Jacek's status report - #7 of 16 Jacek Wielemborek (Jul 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault