Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: afp-serverinfo.nse script

From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Feb 2010 21:42:36 -0700
On Mon, Feb 15, 2010 at 09:23:03PM -0700, David Fifield wrote:

On Wed, Feb 10, 2010 at 04:46:01PM -0600, Andrew Orr wrote:

Good catch, thanks Matt. UTF8 Server Name and Server Signature are both  
optional fields, I've updated the script to check if those are included.  
If you run the updated script on that same machine it shouldn't output  
the utf8 server name anymore.

I also fixed the null byte bug more properly and fixed a typo.


  -- a null byte is added to the end of server_name if it doesn't end on an
  -- even boundary, so we check for that and skip it if necessary
  if bit.mod(pos, 2) == 0 then
    -- null byte detected! GET'M!
    pos = pos + 1 -- zap!
  end

Can you attach a packet capture or something of this phenomenon? This
way of handling it seems suspicious to me.


Okay, I found where that's specified in the documentation at
http://developer.apple.com/mac/library/documentation/Networking/Reference/AFP_Reference/Reference/reference.html:

"The offsets are followed by the Flags parameter, the ServerName
parameter padded to an even boundary, ..."

I think I'd write it like this:

-- Skip to next even boundary.
if (pos - 1) % 2 ~= 0 then
        pos = pos + 1
end

pos - 1 converts from 1-indexed to 0-indexed coordinates, otherwise the
test for an even boundary looks like a test for an odd boundary and vice
versa. For the modulus there's no need to use the bit library.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: