1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
|
---
-- A tiny library allowing some basic information enumeration from
-- Versant object database software (see
-- http://en.wikipedia.org/wiki/Versant_Corporation). The code is
-- entirely based on packet dumps captured when using the Versant
-- Management Center administration application.
--
-- @author Patrik Karlsson <patrik@cqure.net>
--
local stdnse = require "stdnse"
local match = require "match"
local nmap = require "nmap"
local string = require "string"
local table = require "table"
_ENV = stdnse.module("versant", stdnse.seeall)
Versant = {
-- fallback to these constants when version and user are not given
USER = "nmap",
VERSION = "8.0.2",
-- Creates an instance of the Versant class
-- @param host table
-- @param port table
-- @return o new instance of Versant
new = function(self, host, port)
local o = { host = host, port = port, socket = nmap.new_socket() }
setmetatable(o, self)
self.__index = self
return o
end,
-- Connects a socket to the Versant server
-- @return status true on success, false on failure
-- @return err string containing the error message if status is false
connect = function(self)
return self.socket:connect(self.host, self.port)
end,
-- Closes the socket
-- @return status true on success, false on failure
-- @return err string containing the error message if status is false
close = function(self)
return self.socket:close()
end,
-- Sends command to the server
-- @param cmd string containing the command to run
-- @param arg string containing any arguments
-- @param user [optional] string containing the user name
-- @param ver [optional] string containing the version number
-- @return status true on success, false on failure
-- @return data opaque string containing the response
sendCommand = function(self, cmd, arg, user, ver)
user = user or Versant.USER
ver = ver or Versant.VERSION
arg = arg or ""
local data = stdnse.fromhex("000100000000000000020002000000010000000000000000000000000000000000010000")
.. string.pack("zzz",
cmd,
user,
ver
)
-- align to even 4 bytes
data = data .. string.rep("\0", 4 - ((#data % 4) or 0))
data = data .. stdnse.fromhex("0000000b000001000000000000000000")
.. string.pack("zxxxxxxxxxxz",
("%s:%d"):format(self.host.ip, self.port.number),
arg
)
data = data .. string.rep("\0", 2048 - #data)
local status, err = self.socket:send(data)
if ( not(status) ) then
return false, "Failed to send request to server"
end
local status, data = self.socket:receive_buf(match.numbytes(2048), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
return status, data
end,
-- Get database node information
-- @return status true on success, false on failure
-- @return result table containing an entry for each database. Each entry
-- contains a table with the following fields:
-- <code>name</code> - the database name
-- <code>owner</code> - the database owner
-- <code>created</code> - the date when the database was created
-- <code>version</code> - the database version
getNodeInfo = function(self)
local status, data = self:sendCommand("o_getnodeinfo", "-nodeinfo")
if ( not(status) ) then
return false, data
end
status, data = self.socket:receive_buf(match.numbytes(4), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
local db_count = string.unpack(">I4", data)
if ( db_count == 0 ) then
return false, "Database count was zero"
end
status, data = self.socket:receive_buf(match.numbytes(4), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
local buf_size = string.unpack(">I4", data)
local dbs = {}
for i=1, db_count do
status, data = self.socket:receive_buf(match.numbytes(buf_size), true)
local db = {}
db.name = string.unpack("z", data, 23)
db.owner = string.unpack("z", data, 599)
db.created= string.unpack("z", data, 631)
db.version= string.unpack("z", data, 663)
-- remove trailing line-feed
db.created = db.created:match("^(.-)\n*$")
table.insert(dbs, db)
end
return true, dbs
end,
-- Gets the database OBE port, this port is dynamically allocated once this
-- command completes.
--
-- @return status true on success, false on failure
-- @return port table containing the OBE port
getObePort = function(self)
local status, data = self:sendCommand("o_oscp", "-utility")
if ( not(status) ) then
return false, data
end
status, data = self.socket:receive_buf(match.numbytes(256), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
local success, pos = string.unpack(">I4", data)
if ( success ~= 0 ) then
return false, "Response contained invalid data"
end
local port = { protocol = "tcp" }
port.number, pos = string.unpack(">I2", data, pos)
return true, port
end,
-- Gets the XML license file from the database
-- @return status true on success, false on failure
-- @return data string containing the XML license file
getLicense = function(self)
local status, data = self:sendCommand("o_licfile", "-license")
if ( not(status) ) then
return false, data
end
status, data = self.socket:receive_buf(match.numbytes(4), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
local len = string.unpack(">I4", data)
if ( len == 0 ) then
return false, "Failed to retrieve license file"
end
status, data = self.socket:receive_buf(match.numbytes(len), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
return true, data
end,
-- Gets the TCP port for a given database
-- @param db string containing the database name
-- @return status true on success, false on failure
-- @return port table containing the database port
getDbPort = function(self, db)
local status, data = self:sendCommand(db, "")
if ( not(status) ) then
return false, data
end
if ( not(status) ) then
return false, "Failed to connect to database"
end
local port = { protocol = "tcp" }
port.number = string.unpack(">I4", data, 27)
if ( port == 0 ) then
return false, "Failed to determine database port"
end
return true, port
end,
}
Versant.OBE = {
-- Creates a new versant OBE instance
-- @param host table
-- @param port table
-- @return o new instance of Versant OBE
new = function(self, host, port)
local o = { host = host, port = port, socket = nmap.new_socket() }
setmetatable(o, self)
self.__index = self
return o
end,
-- Connects a socket to the Versant server
-- @return status true on success, false on failure
-- @return err string containing the error message if status is false
connect = function(self)
return self.socket:connect(self.host, self.port)
end,
-- Closes the socket
-- @return status true on success, false on failure
-- @return err string containing the error message if status is false
close = function(self)
return self.socket:close()
end,
-- Get database information including file paths and hostname
-- @return status true on success false on failure
-- @return result table containing the fields:
-- <code>root_path</code> - the database root directory
-- <code>db_path</code> - the database directory
-- <code>lib_path</code> - the library directory
-- <code>hostname</code> - the database host name
getVODInfo = function(self)
local data = stdnse.fromhex("1002005d00000000000100000000000d000000000000000000000000") --28
.. "-noprint -i " --12
.. string.rep("\0", 216) -- 256 - (28 + 12)
self.socket:send(data)
local status, data = self.socket:receive_buf(match.numbytes(256), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
local len = string.unpack(">I4", data, 13)
status, data = self.socket:receive_buf(match.numbytes(len), true)
if ( not(status) ) then
return false, "Failed to read response from server"
end
local result = {}
local offset = 13
result.version = string.unpack("z", data)
for _, item in ipairs({"root_path", "db_path", "lib_path", "hostname"}) do
result[item] = string.unpack("z", data, offset)
offset = offset + 256
end
return true, result
end,
}
return _ENV;
|
