diff options
Diffstat (limited to '')
-rw-r--r-- | nselib/rpcap.lua | 435 |
1 files changed, 435 insertions, 0 deletions
diff --git a/nselib/rpcap.lua b/nselib/rpcap.lua new file mode 100644 index 0000000..e524461 --- /dev/null +++ b/nselib/rpcap.lua @@ -0,0 +1,435 @@ +--- +-- This library implements the fundamentals needed to communicate with the +-- WinPcap Remote Capture Daemon. It currently supports authenticating to +-- the service using either NULL-, or Password-based authentication. +-- In addition it has the capabilities to list the interfaces that may be +-- used for sniffing. +-- +-- The library consist of classes handling <code>Request</code> and classes +-- handling <code>Response</code>. The communication with the service is +-- handled by the <code>Comm</code> class, and the main interface for script +-- writers is kept under the <code>Helper</code> class. +-- +-- The following code snippet illustrates how to connect to the service and +-- extract information about network interfaces: +-- <code> +-- local helper = rpcap.Helper:new(host, port) +-- helper:connect() +-- helper:login() +-- helper:findAllInterfaces() +-- helper:close() +-- </code> +-- +-- For a more complete example, consult the rpcap-info.nse script. +-- +-- @author Patrik Karlsson <patrik@cqure.net> + + +local ipOps = require "ipOps" +local match = require "match" +local nmap = require "nmap" +local stdnse = require "stdnse" +local string = require "string" +local table = require "table" +_ENV = stdnse.module("rpcap", stdnse.seeall) + +RPCAP = { + + MessageType = { + ERROR = 1, + FIND_ALL_INTERFACES = 2, + AUTH_REQUEST = 8, + }, + + -- Holds the two supported authentication mechanisms PWD and NULL + Authentication = { + + PWD = { + + new = function(self, username, password) + local o = { + type = 1, + username = username, + password = password, + } + setmetatable(o, self) + self.__index = self + return o + end, + + __tostring = function(self) + local DUMMY = 0 + return string.pack(">I2I2I2I2", self.type, DUMMY, #self.username, #self.password) .. self.username .. self.password + end, + + }, + + NULL = { + + new = function(self) + local o = { + type = 0, + } + setmetatable(o, self) + self.__index = self + return o + end, + + __tostring = function(self) + local DUMMY = 0 + return string.pack(">I2I2I2I2", self.type, DUMMY, 0, 0) + end, + + } + + }, + + -- The common request and response header + Header = { + size = 8, + new = function(self, type, value, length) + local o = { + version = 0, + type = type, + value= value or 0, + length = length or 0 + } + setmetatable(o, self) + self.__index = self + return o + end, + + parse = function(data) + local header = RPCAP.Header:new() + header.version, header.type, header.value, header.length = string.unpack(">BBI2I4", data) + return header + end, + + __tostring = function(self) + return string.pack(">BBI2I4", self.version, self.type, self.value, self.length) + end, + + }, + + -- The implemented request types are kept here + Request = { + + Authentication = { + + new = function(self, data) + local o = { + header = RPCAP.Header:new(RPCAP.MessageType.AUTH_REQUEST, nil, #data), + data = data, + } + setmetatable(o, self) + self.__index = self + return o + end, + + __tostring = function(self) + return tostring(self.header) .. tostring(self.data) + end, + + }, + + FindAllInterfaces = { + + new = function(self) + local o = { + header = RPCAP.Header:new(RPCAP.MessageType.FIND_ALL_INTERFACES) + } + setmetatable(o, self) + self.__index = self + return o + end, + + __tostring = function(self) + return tostring(self.header) + end, + + + } + + }, + + -- Parsers for responses are kept here + Response = { + + Authentication = { + new = function(self) + local o = { } + setmetatable(o, self) + self.__index = self + return o + end, + + parse = function(data) + local resp = RPCAP.Response.Authentication:new() + local pos = RPCAP.Header.size + 1 + resp.header = RPCAP.Header.parse(data) + return resp + end + }, + + Error = { + new = function(self) + local o = { } + setmetatable(o, self) + self.__index = self + return o + end, + + parse = function(data) + local err = RPCAP.Response.Error:new() + local pos = RPCAP.Header.size + 1 + err.header = RPCAP.Header.parse(data) + err.error, pos = string.unpack("c" .. err.header.length, data, pos) + return err + end + + }, + + FindAllInterfaces = { + new = function(self) + local o = { } + setmetatable(o, self) + self.__index = self + return o + end, + + parse = function(data) + + -- Each address is made up of 4 128 byte fields, this function + -- parses these fields and return the response, if it + -- understands it. Otherwise it simply increases the pos by the + -- correct offset, to get us to the next field. + local function parseField(data, pos) + local offset = pos + local family, port + family, port, pos = string.unpack(">I2I2", data, pos) + + if ( family == 0x0017 ) then + -- not sure why... + pos = pos + 4 + + local ipv6 = ipOps.str_to_ip(data:sub(pos, pos + 16 - 1)) + return offset + 128, ipv6 + elseif ( family == 0x0002 ) then + local ipv4 = ipOps.str_to_ip(data:sub(pos, pos + 4 - 1)) + return offset + 128, ipv4 + end + + return offset + 128, nil + end + + -- Parses one of X addresses returned for an interface + local function parseAddress(data, pos) + local fields = {"ip", "netmask", "bcast", "p2p"} + local addr = {} + + for _, f in ipairs(fields) do + pos, addr[f] = parseField(data, pos) + end + + return pos, addr + end + + local resp = RPCAP.Response.FindAllInterfaces:new() + local pos = RPCAP.Header.size + 1 + resp.header = RPCAP.Header.parse(data) + resp.ifaces = {} + + for i=1, resp.header.value do + local name_len, desc_len, iface_flags, addr_count, dummy + name_len, desc_len, iface_flags, addr_count, dummy, pos = string.unpack(">I2I2I4I2I2", data, pos) + + local name, desc + name, desc, pos = string.unpack("c" .. name_len .. "c" .. desc_len, data, pos) + + local addrs = {} + for j=1, addr_count do + local addr + pos, addr = parseAddress(data, pos) + local cidr + if ( addr.netmask ) then + table.insert(addrs, addr.ip .. ipOps.subnet_to_cidr(addr.netmask)) + else + table.insert(addrs, addr.ip) + end + end + table.insert(resp.ifaces, { name = name, desc = desc, addrs = addrs }) + end + return resp + end, + } + + + } + +} + +-- Maps packet types to classes +RPCAP.TypeToClass = { + [1] = RPCAP.Response.Error, + [130] = RPCAP.Response.FindAllInterfaces, + [136] = RPCAP.Response.Authentication, +} + + +-- The communication class +Comm = { + + -- Creates a new instance of the Comm class + -- @param host table + -- @param port table + -- @return o instance of Comm + new = function(self, host, port, socket) + local o = { host = host, port = port, socket = socket or nmap.new_socket() } + setmetatable(o, self) + self.__index = self + return o + end, + + -- Connects the socket to the server + connect = function(self) + return self.socket:connect(self.host, self.port) + end, + + -- Sends an instance of the request class to the server + -- @param req class instance + -- @return status true on success, false on failure + -- @return err string containing error message if status is false + send = function(self, req) + return self.socket:send(req) + end, + + -- receives a packet and attempts to parse it if it has a supported parser + -- in RPCAP.TypeToClass + -- @return status true on success, false on failure + -- @return resp instance of a Response class or + -- err string containing the error message + recv = function(self) + local status, hdr_data = self.socket:receive_buf(match.numbytes(RPCAP.Header.size), true) + if ( not(status) ) then + return status, hdr_data + end + + local header = RPCAP.Header.parse(hdr_data) + if ( not(header) ) then + return false, "rpcap: Failed to parse header" + end + + local status, data = self.socket:receive_buf(match.numbytes(header.length), true) + if ( not(status) ) then + return false, "rpcap: Failed to read packet data" + end + + if ( RPCAP.TypeToClass[header.type] ) then + local resp = RPCAP.TypeToClass[header.type].parse(hdr_data .. data) + if ( resp ) then + return true, resp + end + end + + return false, "Failed to receive response from server" + end, + + -- Sends and request and receives the response + -- @param req the instance of the Request class to send + -- @return status true on success, false on failure + -- @return resp instance of a Response class or + -- err string containing the error message + exch = function(self, req) + local status, data = self:send(tostring(req)) + if ( not(status) ) then + return status, data + end + return self:recv() + end, + + -- closes the socket + close = function(self) + return self.socket:close() + end, + +} + + +Helper = { + + -- Creates a new instance of the Helper class + -- @param host table + -- @param port table + -- @return o instance of Helper + new = function(self, host, port) + local o = { + host = host, + port = port, + comm = Comm:new(host, port) + } + setmetatable(o, self) + self.__index = self + return o + end, + + -- Connects to the server + connect = function(self) + return self.comm:connect(self.host, self.port) + end, + + -- Authenticates to the service, in case no username or password is given + -- NULL authentication is assumed. + -- @param username [optional] + -- @param password [optional] + -- @return status true on success, false on failure + -- @return err string containing error message on failure + login = function(self, username, password) + local auth + + if ( username and password ) then + auth = RPCAP.Authentication.PWD:new(username, password) + else + auth = RPCAP.Authentication.NULL:new() + end + + local req = RPCAP.Request.Authentication:new(tostring(auth)) + local status, resp = self.comm:exch(req) + + if ( not(status) ) then + return false, resp + end + + if ( status and resp.error ) then + return false, resp.error + end + return true + end, + + -- Requests a list of all interfaces + -- @return table containing interfaces and addresses + findAllInterfaces = function(self) + local req = RPCAP.Request.FindAllInterfaces:new() + local status, resp = self.comm:exch(req) + + if ( not(status) ) then + return false, resp + end + + local results = {} + for _, iface in ipairs(resp.ifaces) do + local entry = {} + entry.name = iface.name + table.insert(entry, iface.desc) + table.insert(entry, { name = "Addresses", iface.addrs }) + table.insert(results, entry) + end + return true, results + end, + + -- Closes the connection to the server + close = function(self) + return self.comm:close() + end, +} + +return _ENV; |