[NSE] Script for TIME protocol
|
View:
New views
3 Messages
—
Rating Filter:
Alert me
|
 |
[NSE] Script for TIME protocol
by Dirk Loss
::
Rate this Message:
Hi,
the attached NSE script gets the current date and time from a server that implements the TIME protocol (UDP port 37, RFC 868): # nmap -p 37 -sU --script time-rfc868.nse time-a.nist.gov Starting Nmap 4.68 ( http://nmap.org ) at 2008-07-19 18:30 CEST Interesting ports on time-a.nist.gov (129.6.15.28): PORT STATE SERVICE 37/udp open time |_ TIME: Sat Jul 19 18:30:37 2008 Nmap done: 1 IP address (1 host up) scanned in 2.964 seconds I wrote the script just to introduce myself to Lua and NSE programming so if you have any comments or suggestions for improvement, please let me know. >From the manual [1] it seemed bin.unpack() could be used to parse the response, but I haven't been able to find the Binlib library in my Nmap installation (SVN trunk). What would be right way to install and use it? Regards Dirk [1] http://nmap.org/book/nse-library.html#nse-binlib id = "TIME" description = "Connects to the TIME service (RFC 868, not NTP) and on success prints the date and time." author = "Dirk Loss <http://www.dirk-loss.de>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"demo"} require "shortport" require "comm" require "stdnse" unpack_uint32 = function(str) -- Convert given 4 character string into a big-endian 32bit integer if string.len(str) ~= 4 then valid = false result = "Argument must be a 4 character string." else valid = true a = string.byte(string.sub(str,1,1)) b = string.byte(string.sub(str,2,2)) c = string.byte(string.sub(str,3,3)) d = string.byte(string.sub(str,4,4)) result = a*256*256*256 + b*256*256 + c*256 + d end return valid, result end -- Seconds between Unix epoch (1970-01-01) and NTP epoch (1900-01-01) EPOCH1900_DIFF = 2208988800 portrule = shortport.port_or_service(37, "time", "udp") action = function(host, port) local status, result = comm.exchange(host, port, '\n', {bytes=4, proto="udp", timeout=1000}) if status then local valid, seconds = unpack_uint32(result) if valid then return os.date("%c", seconds - EPOCH1900_DIFF) end end end _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org |
|
|
Re: [NSE] Script for TIME protocol
by Philip Pickering
::
Rate this Message:
Hi,
regarding the binlib: it hasn't been added to the trunk, yet. It is still in code review, but will be added soon, hopefully. There exists, however, a patch against nmap 4.68, which I posted at [1]. If you want to try it out, just download nmap 4.68, apply the patch, build it and the promised functions will be available. cheers, Philip [1] http://seclists.org/nmap-dev/2008/q3/0031.html 2008/7/19 Dirk Loss <lists@...>: > Hi, > > the attached NSE script gets the current date and time from a server > that implements the TIME protocol (UDP port 37, RFC 868): > > # nmap -p 37 -sU --script time-rfc868.nse time-a.nist.gov > > Starting Nmap 4.68 ( http://nmap.org ) at 2008-07-19 18:30 CEST > Interesting ports on time-a.nist.gov (129.6.15.28): > PORT STATE SERVICE > 37/udp open time > |_ TIME: Sat Jul 19 18:30:37 2008 > > Nmap done: 1 IP address (1 host up) scanned in 2.964 seconds > > I wrote the script just to introduce myself to Lua and NSE programming > so if you have any comments or suggestions for improvement, please let > me know. > > >From the manual [1] it seemed bin.unpack() could be used to parse the > response, but I haven't been able to find the Binlib library in my Nmap > installation (SVN trunk). What would be right way to install and use it? > > Regards > Dirk > > [1] http://nmap.org/book/nse-library.html#nse-binlib > > > _______________________________________________ > Sent through the nmap-dev mailing list > http://cgi.insecure.org/mailman/listinfo/nmap-dev > Archived at http://SecLists.Org > _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org |
|
|
Re: [NSE] Script for TIME protocol
by Dirk Loss
::
Rate this Message:
Hi Philip,
after applying your patch [1] everything works as expected: Now I can use Binlib to unpack the integers, which makes my code a lot shorter. Thanks! Regards Dirk [1] http://seclists.org/nmap-dev/2008/q3/0031.html id = "TIME" description = "Connects to the TIME service (RFC 868, not NTP) and on success prints the date and time." author = "Dirk Loss <http://www.dirk-loss.de>" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"demo"} require "shortport" require "comm" require "stdnse" -- Seconds between Unix epoch (1970-01-01) and NTP epoch (1900-01-01) EPOCH1900_DIFF = 2208988800 portrule = shortport.port_or_service(37, "time", "udp") action = function(host, port) local status, result = comm.exchange(host, port, '\n', {bytes=4, proto="udp", timeout=1000}) if status then local pos, seconds, len = bin.unpack('>I', result) return os.date("%c", seconds - EPOCH1900_DIFF) end end _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org |
| Free Forum Powered by Nabble | Forum Help |