Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [nmap-svn] r32017 - nmap-exp/d33tah/ncat-lua-callbacks/ncat
From: Jacek Wielemborek <wielemborekj1 () gmail com>
Date: Fri, 23 Aug 2013 00:40:50 +0200

2013/8/22  <commit-mailer () nmap org>:
Author: d33tah
Date: Thu Aug 22 21:16:01 2013
New Revision: 32017

Log:
Add a hack that will make connect-mode --proxy work.

Modified:
   nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_connect.c
   nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.c
   nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.h
   nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_listen.c
   nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_main.c

Modified: nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_connect.c
==============================================================================
--- nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_connect.c  (original)
+++ nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_connect.c  Thu Aug 22 21:16:01 2013
@@ -151,7 +151,7 @@

 void lua_nsock_save(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler)
 {
-    struct ncat_lua_state *nl = get_connection(NULL);
+    struct ncat_lua_state *nl = get_connection(NULL, NULL);
     nl->nsp = nsp;
     nl->nsiod = nsiod;
     nl->handler = handler;
@@ -183,7 +183,7 @@

 char* lua_nsock_recv(nsock_event evt, int *nbytes)
 {
-    struct ncat_lua_state *nl = get_connection(NULL);
+    struct ncat_lua_state *nl = get_connection(NULL, NULL);
     size_t nbytes_size_t;
     nl->evt = evt;
     int old_top = lua_gettop(L);
@@ -222,7 +222,7 @@
 void lua_nsock_write(nsock_pool nsp, nsock_iod nsiod, nsock_ev_handler handler,
     int timeout_msecs, void *userdata, const char *data, int datalen)
 {
-    struct ncat_lua_state *nl = get_connection(NULL);
+    struct ncat_lua_state *nl = get_connection(NULL, NULL);
     nl->nsp = nsp;
     nl->nsiod = nsiod;
     nl->handler = handler;

Modified: nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.c
==============================================================================
--- nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.c  (original)
+++ nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.c  Thu Aug 22 21:16:01 2013
@@ -220,8 +220,9 @@
    as the key. If it's not there, create it, find its topmost "super", set its
    "fd" to the given struct ncat_lua_state and save it in connection_supers.
    Leave the socket on the stack. If *fdn is NULL, we assume that fd=0 and
-   we're in connect mode. */
-struct ncat_lua_state* get_connection(struct fdinfo *fdn)
+   we're in connect mode. Also, if *created is not NULL, it is set to 1 if
+   the socket put on the stack was just created. */
+struct ncat_lua_state* get_connection(struct fdinfo *fdn, int *created)
 {
     struct ncat_lua_state *ret;
     int connections_key;
@@ -281,6 +282,9 @@
         lua_remove(L, -4);
         lua_settable(L, -3);
         lua_pop(L, 1);
+
+        if (created != NULL)
+            *created = 1;
     } else {
         lua_insert(L, -2); /* Get rid of connections[]. */
         lua_pop(L, 1);
@@ -292,6 +296,9 @@
         lua_getfield(L, -1, "lua_state");
         ret = (struct ncat_lua_state *) lua_touserdata(L, -1);
         lua_pop(L, 3); /* Pop the userdata, the table and connection_roots. */
+
+        if (created != NULL)
+            *created = 0;
     }

     return ret;
@@ -355,7 +362,7 @@
     /* This is a trick we do to make sure we're not reading from stdin yet.
        Copy the default event handler that reads from stdin, run connect(),
        then restore it. */
-    struct ncat_lua_state *nl = get_connection(fdn);
+    struct ncat_lua_state *nl = get_connection(fdn, NULL);
     old_handler = nl->handler;
     nl->handler = write_socket_handler_nostdin;


Modified: nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.h
==============================================================================
--- nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.h  (original)
+++ nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_filters.h  Thu Aug 22 21:16:01 2013
@@ -145,6 +145,6 @@

 void lua_run_filter(char *cmdexec);
 void lua_filters_setup();
-struct ncat_lua_state* get_connection(struct fdinfo *fdn);
+struct ncat_lua_state* get_connection(struct fdinfo *fdn, int *created);

 #endif

Modified: nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_listen.c
==============================================================================
--- nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_listen.c   (original)
+++ nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_lua_listen.c   Thu Aug 22 21:16:01 2013
@@ -126,6 +126,25 @@
 #include "ncat_lua_filters.h"
 #include "ncat_listen.h"

+static void replace_root_functions(int fd)
+{
+    /* If we reached lua_fdinfo_recv while we're in connect mode, it's most
+       likely because we connected to the proxy. Replace the recv and send
+       functions for this FD so they won't try to use the connect-mode
+       functions. */
+    lua_getglobal(L, "connection_roots");
+    lua_pushinteger(L, fd);
+    lua_gettable(L, -2);
+    ncat_assert(lua_istable(L, -1));
+    lua_pushstring(L, "recv");
+    lua_pushcfunction(L, lua_fdinfo_recv_raw);
+    lua_settable(L, -3);
+    lua_pushstring(L, "send");
+    lua_pushcfunction(L, lua_fdinfo_send_raw);
+    lua_settable(L, -3);
+    lua_pop(L, 2);
+}
+
 int lua_fdinfo_recv_raw(lua_State *L)
 {
     char buf[DEFAULT_TCP_BUF_LEN];
@@ -148,8 +167,11 @@

 int lua_fdinfo_recv(struct fdinfo *fdn, char *buf, size_t size, int *pending, int *error)
 {
+    int created;
     size_t oldsize = size;
-    struct ncat_lua_state *nl = get_connection(fdn);
+    struct ncat_lua_state *nl = get_connection(fdn, &created);
+    if (created && !o.listen)
+        replace_root_functions(fdn->fd);
     *pending = nl->pending = 0;
     if (nl->recv_buf != NULL) {
         int chunk_size = nl->recv_buf_size-nl->recv_buf_pos;
@@ -225,7 +247,10 @@

 int lua_fdinfo_send(struct fdinfo *fdn, const char *buf, size_t size)
 {
-    get_connection(fdn);
+    int created;
+    get_connection(fdn, &created);
+    if (created && !o.listen)
+        replace_root_functions(fdn->fd);
     lua_getfield(L, -1, "send");
     lua_insert(L, -2);
     lua_pushlstring(L, buf, size);

Modified: nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_main.c
==============================================================================
--- nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_main.c (original)
+++ nmap-exp/d33tah/ncat-lua-callbacks/ncat/ncat_main.c Thu Aug 22 21:16:01 2013
@@ -908,12 +908,6 @@
      * connect to a host, don't try to.
      */

-    if (o.script && (socksconnect.storage.ss_family != AF_UNSPEC ||
-            httpconnect.storage.ss_family != AF_UNSPEC))
-        /* Not allowed because in ncat_connect.c we perform send() and we'd
-           need some hooks for that. */
-        bye("Invalid option combination: --proxy with --load-lua-socket-file.");
-
     if (o.allow || o.deny)
         bye("Invalid option combination: allow/deny with connect.");


_______________________________________________
Sent through the svn mailing list
http://nmap.org/mailman/listinfo/svn

Note that this will cause the connection to also be added to
connections[] and a broadcast to all connections may break the proxy
link this way. A solution could be to make get_connection take another
parameter, char *table_name, which would be used to store this
connection in. This doesn't sound like a good idea to me though.
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • Re: [nmap-svn] r32017 - nmap-exp/d33tah/ncat-lua-callbacks/ncat Jacek Wielemborek (Aug 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault