1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
|
local nbd = require "nbd"
local shortport = require "shortport"
local stdnse = require "stdnse"
local table = require "table"
local tableaux = require "tableaux"
description = [[
Displays protocol and block device information from NBD servers.
The Network Block Device protocol is used to publish block devices
over TCP. This script connects to an NBD server and attempts to pull
down a list of exported block devices and their details
For additional information:
* https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md
]]
---
-- @usage nmap -p 10809 --script nbd-info <target>
--
-- @output
-- PORT STATE SERVICE REASON
-- 10809/tcp open nbd syn-ack
-- | nbd-info:
-- | Protocol:
-- | Negotiation: fixed newstyle
-- | SSL/TLS Wrapped: false
-- | Exported Block Devices:
-- | foo:
-- | Size: 1048576 bytes
-- | Transmission Flags:
-- | SEND_FLUSH
-- | READ_ONLY
-- | SEND_FUA
-- | bar:
-- | Size: 1048576 bytes
-- | Transmission Flags:
-- | READ_ONLY
-- |_ ROTATIONAL
--
-- @args nbd-info.export_names Either a single name, or a table of
-- names to about which to request information from the server.
author = "Mak Kolybabi <mak@kolybabi.com>"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "intrusive"}
portrule = shortport.version_port_or_service(10809, "nbd", "tcp")
local enumerate_options = function(comm)
-- Run the LIST command and store the responses.
local req = comm:build_opt_req("LIST")
if not req then
return
end
local status, err = comm:send(req)
if not status then
stdnse.debug1("Failed to send option request: %s", err)
return nil
end
while true do
local rep = comm:receive_opt_rep()
if not rep or rep.rtype_name ~= "SERVER" then
break
end
comm.exports[rep.export_name] = {}
end
end
local newstyle_connection = function(comm, args)
local names = {}
for _, name in ipairs(args.export_name) do
table.insert(names, name)
end
for name, _ in pairs(comm.exports) do
table.insert(names, name)
end
for i, name in ipairs(names) do
if i ~= 1 then
local status = comm:reconnect()
if not status then
return
end
end
comm:attach(name)
end
end
local function parse_args()
local args = {}
local arg = stdnse.get_script_args(SCRIPT_NAME .. ".export-names")
if not arg then
-- An empty string for an export name indicates to the server that
-- we wish to attach to the default export.
arg = {}
elseif type(arg) ~= 'table' then
arg = {arg}
end
args.export_name = arg
return args
end
action = function(host, port)
local args = parse_args()
local comm = nbd.Comm:new(host, port)
local status = comm:connect(args)
if not status then
return nil
end
-- If the service supports an unrecognized negotiation, or the
-- oldstyle negotiation, there's no more information to be had.
if comm.protocol.negotiation == "unrecognized" or comm.protocol.negotiation == "oldstyle" then
-- Nothing to do.
comm:close()
-- If the service supports the (non-fixed) newstyle negotiation,
-- which should be very rare, we can only send a single option. That
-- option is the name of the export to which we'd like to attach.
elseif comm.protocol.negotiation == "newstyle" then
newstyle_connection(comm, args)
-- If the service supports the fixed newstyle negotiation, then we
-- can perform option haggling to wring additional information from
-- it.
elseif comm.protocol.negotiation == "fixed newstyle" then
enumerate_options(comm)
newstyle_connection(comm, args)
-- Otherwise, we've got a mismatch between the library and this script.
else
assert(false, "NBD library supports more negotiation styles than this script.")
end
-- Master output table.
local output = stdnse.output_table()
-- Format protocol information.
local protocol = stdnse.output_table()
if comm.protocol.negotiation == "oldstyle" and comm.exports["(default)"] then
if comm.exports["(default)"].hflags & nbd.NBD.handshake_flags.FIXED_NEWSTYLE then
protocol["Fixed Newstyle Negotiation"] = "Supported by service, but not on this port."
end
end
protocol["Negotiation"] = comm.protocol.negotiation
protocol["SSL/TLS Wrapped"] = comm.protocol.ssl_tls
output["Protocol"] = protocol
-- Format exported block device information.
local exports = stdnse.output_table()
local no_shares = true
local names = tableaux.keys(comm.exports)
-- keep exports in stable order
table.sort(names)
for _, name in ipairs(names) do
local info = comm.exports[name]
local exp = {}
if type(info.size) == "number" then
exp["Size"] = info.size .. " bytes"
end
if type(info.tflags) == "table" then
local keys = {}
for k, _ in pairs(info.tflags) do
if k ~= "HAS_FLAGS" then
table.insert(keys, k)
end
end
-- sort by bitfield flag value
table.sort(keys, function(a, b)
return nbd.NBD.transmission_flags[a] < nbd.NBD.transmission_flags[b]
end)
exp["Transmission Flags"] = keys
end
no_shares = false
exports[name] = exp
end
if not no_shares then
output["Exported Block Devices"] = exports
end
return output
end
|
