Replace some string.char and bin.pack calls with literals

2026-06-09 17:22:26 +00:00 · 2015-02-27 19:42:56 +00:00 · 2015-02-27 19:42:56 +00:00 · 0e74dd7a35
commit 0e74dd7a35
parent 204d37e4d7
37 changed files with 85 additions and 97 deletions
--- a/scripts/citrix-enum-apps.nse
+++ b/scripts/citrix-enum-apps.nse
@ -138,7 +138,7 @@ action = function(host, port)
  -- if it is set to zero (0) we have more response packets to process
  -- if it is set to one (1) we have arrived at the last packet of our journey
  --
-  while packet:sub(31,31) ~= string.char(0x01) do
+  while packet:sub(31,31) ~= "\x01" do
    packet = try( socket:receive() )
    local tmp_table = process_pa_response( packet )

--- a/scripts/citrix-enum-servers.nse
+++ b/scripts/citrix-enum-servers.nse
@ -126,7 +126,7 @@ action = function(host, port)
  -- if it is set to zero (0) we have more response packets to process
  -- if it is set to one (1) we have arrived at the last packet of our journey
  --
-  while packet:sub(31,31) ~= string.char(0x01) do
+  while packet:sub(31,31) ~= "\x01" do
    packet = try( socket:receive() )
    local tmp_table = process_server_response( packet )

--- a/scripts/db2-das-info.nse
+++ b/scripts/db2-das-info.nse
@ -183,7 +183,7 @@ function read_db2_packet(socket)

  packet.header.raw = buf:sub(1, header_len)

-  if packet.header.raw:sub(1, 10) == string.char(0x00, 0x00, 0x00, 0x00, 0x44, 0x42, 0x32, 0x44, 0x41, 0x53) then
+  if packet.header.raw:sub(1, 10) == "\x00\x00\x00\x00\x44\x42\x32\x44\x41\x53" then

    stdnse.debug1("Got DB2DAS packet")

--- a/scripts/dns-random-srcport.nse
+++ b/scripts/dns-random-srcport.nse
@ -64,8 +64,8 @@ action = function(host, port)
    0x00, 0x00, -- Authority RRs
    0x00, 0x00, -- Additional RRs
    0x08) .. "porttest" ..
-  string.char(    0x08) .. "dns-oarc" ..
-  string.char(    0x03) .. "net" ..
+  "\x08" .. "dns-oarc" ..
+  "\x03" .. "net" ..
  string.char(    0x00, -- Name terminator
    0x00, 0x10, -- Type (TXT)
    0x00, 0x01) -- Class (IN)
--- a/scripts/dns-random-txid.nse
+++ b/scripts/dns-random-txid.nse
@ -64,8 +64,8 @@ action = function(host, port)
    0x00, 0x00, -- Authority RRs
    0x00, 0x00, -- Additional RRs
    0x08) .. "txidtest" ..
-  string.char(    0x08) .. "dns-oarc" ..
-  string.char(    0x03) .. "net" ..
+  "\x08" .. "dns-oarc" ..
+  "\x03" .. "net" ..
  string.char(    0x00, -- Name terminator
    0x00, 0x10, -- Type (TXT)
    0x00, 0x01) -- Class (IN)
--- a/scripts/firewall-bypass.nse
+++ b/scripts/firewall-bypass.nse
@ -73,12 +73,12 @@ ftp_helper = {
      bit.band(bit.rshift(targetport, 8), 0xff) ..
      "," .. bit.band(targetport, 0xff) ..
      ")\r\n"
-      ethertype = string.char(0x08, 0x00) -- Ethernet Type: IPv4
+      ethertype = "\x08\0" -- Ethernet Type: IPv4

    else
      -- IPv6 payload
      payload = "229 Extended Passive Mode OK (|||" .. targetport .. "|)\r\n"
-      ethertype = string.char(0x86, 0xdd) -- Ethernet Type: IPv6
+      ethertype = "\x86\xdd" -- Ethernet Type: IPv6
    end

    helperport = helperport or 21
--- a/scripts/ipv6-ra-flood.nse
+++ b/scripts/ipv6-ra-flood.nse
@ -106,13 +106,13 @@ local function build_router_advert(mac_src,prefix,prefix_len,valid_time,preferre
  0x00,0x00,0x00,0x00, --reachable time
  0x00,0x00,0x00,0x00) --retrans timer

-  local mtu_option_msg = string.char(0x00, 0x00) .. -- reserved
+  local mtu_option_msg = "\0\0" .. -- reserved
  packet.numtostr32(mtu) -- MTU

  local prefix_option_msg = string.char(prefix_len, 0xc0) .. --flags: Onlink, Auto
  packet.set_u32("....", 0, valid_time) .. -- valid lifetime
  packet.set_u32("....", 0, preferred_time) .. -- preferred lifetime
-  string.char(0,0,0,0) .. --unknown
+  "\0\0\0\0" .. --unknown
  prefix

  local icmpv6_mtu_option = packet.Packet:set_icmpv6_option(packet.ND_OPT_MTU, mtu_option_msg)
--- a/scripts/krb5-enum-users.nse
+++ b/scripts/krb5-enum-users.nse
@ -231,7 +231,7 @@ KRB5 = {
    data = bin.pack(">I", kdc_options) .. data

    -- add padding
-    data = bin.pack("C", 0) .. data
+    data = '\0' .. data

    -- hmm, wonder what this is
    data = bin.pack("H", "A0070305") .. data
--- a/scripts/metasploit-info.nse
+++ b/scripts/metasploit-info.nse
@ -55,31 +55,31 @@ local get_prefix = function(data)
  if string.len(data) <= 31 then
    return bin.pack("C",0xa0 + string.len(data))
  else
-    return bin.pack("C",0xda)  .. bin.pack("s",string.len(data))
+    return "\xda"  .. bin.pack("s",string.len(data))
  end

 end

 -- returns a msgpacked data for console.read
 local encode_console_read = function(method,token, console_id)
-  return bin.pack("C",0x93) .. get_prefix(method) .. method .. bin.pack("H","da0020") .. token .. get_prefix(console_id) .. console_id
+  return "\x93" .. get_prefix(method) .. method .. "\xda\x00\x20" .. token .. get_prefix(console_id) .. console_id
 end

 -- returns a msgpacked data for console.write
 local encode_console_write = function(method, token, console_id, command)
-  return bin.pack("C",0x94) .. get_prefix(method) .. method .. bin.pack("H","da0020") .. token .. get_prefix(console_id) .. console_id .. get_prefix(command) .. command
+  return "\x94" .. get_prefix(method) .. method .. "\xda\x00\x20" .. token .. get_prefix(console_id) .. console_id .. get_prefix(command) .. command
 end

 -- returns a msgpacked data for auth.login
 local encode_auth = function(username, password)
  local method = "auth.login"
-  return bin.pack("C",0x93) .. bin.pack("C",0xaa) .. method .. get_prefix(username) .. username .. get_prefix(password) .. password
+  return "\x93\xaa" .. method .. get_prefix(username) .. username .. get_prefix(password) .. password
 end

 -- returns a msgpacked data for any method without extra parameters
 local encode_noparam = function(token,method)
  -- token is always the same length
-  return bin.pack("C",0x92) .. get_prefix(method) .. method .. bin.pack("H","da0020") .. token
+  return "\x92" .. get_prefix(method) .. method .. "\xda\x00\x20" .. token
 end

 -- does the actual call with specified, pre-packed data
--- a/scripts/metasploit-msgrpc-brute.nse
+++ b/scripts/metasploit-msgrpc-brute.nse
@ -48,15 +48,15 @@ local encode = function(username, password)
  if string.len(username) <= 31 then -- http://wiki.msgpack.org/display/MSGPACK/Format+specification#Formatspecification-fixraw
    username_prefix = bin.pack("C",0xa0 + string.len(username))
  else -- http://wiki.msgpack.org/display/MSGPACK/Format+specification#Formatspecification-raw16
-    username_prefix = bin.pack("C",0xda)  .. bin.pack("s",string.len(username))
+    username_prefix = "\xda"  .. bin.pack("s",string.len(username))
  end
  if string.len(password) <= 31 then
    password_prefix = bin.pack("C",0xa0 + string.len(password))
  else
-    password_prefix = bin.pack("C",0xda)  .. bin.pack("s",string.len(password))
+    password_prefix = "\xda"  .. bin.pack("s",string.len(password))
  end

-  return bin.pack("C",0x93) .. bin.pack("C",0xaa) .. method .. username_prefix .. username .. password_prefix .. password
+  return "\x93\xaa" .. method .. username_prefix .. username .. password_prefix .. password
 end

 Driver = {
--- a/scripts/metasploit-xmlrpc-brute.nse
+++ b/scripts/metasploit-xmlrpc-brute.nse
@ -51,7 +51,7 @@ Driver =
  end,

  login = function( self, username, password )
-    local xmlreq='<?xml version="1.0" ?><methodCall><methodName>auth.login</methodName><params><param><value><string>'..username..'</string></value></param><param><value><string>'..password.."</string></value></param></params></methodCall>\n"..string.char(0)
+    local xmlreq='<?xml version="1.0" ?><methodCall><methodName>auth.login</methodName><params><param><value><string>'..username..'</string></value></param><param><value><string>'..password.."</string></value></param></params></methodCall>\n\0"
    local status, err = self.socket:send(xmlreq)

    if ( not ( status ) ) then
@ -84,7 +84,7 @@ Driver =
 action = function(host, port)

  -- first determine whether we need SSL or not
-  local xmlreq='<?xml version="1.0" ?><methodCall><methodName>core.version</methodName></methodCall>\n'..string.char(0)
+  local xmlreq='<?xml version="1.0" ?><methodCall><methodName>core.version</methodName></methodCall>\n\0'
  local socket, _, opts = comm.tryssl(host, port, xmlreq, { recv_first = false } )
  if ( not(socket) ) then
    return "\n  ERROR: Failed to determine whether SSL was needed or not"
--- a/scripts/ntp-monlist.nse
+++ b/scripts/ntp-monlist.nse
@ -255,7 +255,7 @@ function getPrivateMode(impl, requestCode)
    0x00, 0x00, 0x00, 0x00
  )
  -- Data 40 Octets: 0
-  .. string.char(0x00):rep(40)
+  .. ("\x00"):rep(40)
  -- The following are optional if the Authenticated bit is set:
  -- Encryption Keyid 4 Octets: 0
  -- Message Authentication Code 16 Octets (MD5): 0
--- a/scripts/pcanywhere-brute.nse
+++ b/scripts/pcanywhere-brute.nse
@ -121,14 +121,14 @@ Driver = {
    stdnse.debug1( "Trying %s/%s ...", user, pass )
    -- send username and password
    -- both are prefixed with 0x06, size and are encrypted
-    status, err = self.socket:send(bin.pack("C",0x06) .. bin.pack("C",string.len(user)) .. encrypt(user) ) -- send username
+    status, err = self.socket:send("\x06" .. bin.pack("C",string.len(user)) .. encrypt(user) ) -- send username
    status, response = self.socket:receive_bytes(0)
    if not status or string.find(response,"Enter password") == nil then
      stdnse.debug1("Sending username failed")
      return false, brute.Error:new( "Sending username failed." )
    end
    -- send password
-    status, err = self.socket:send(bin.pack("C",0x06) .. bin.pack("C",string.len(pass)) .. encrypt(pass) ) -- send password
+    status, err = self.socket:send("\x06" .. bin.pack("C",string.len(pass)) .. encrypt(pass) ) -- send password
    status, response = self.socket:receive_bytes(0)
    if not status or string.find(response,"Login unsuccessful") or string.find(response,"Invalid login.")then
      stdnse.debug1("Incorrect username or password")
--- a/scripts/smb-brute.nse
+++ b/scripts/smb-brute.nse
@ -165,8 +165,8 @@ result_strings[results.INVALID_WORKSTATION]  = "Valid credentials, account canno

 ---Constants for special passwords. These each contain a null character, which is illegal in
 -- actual passwords.
-local USERNAME          = string.char(0) .. "username"
-local USERNAME_REVERSED = string.char(0) .. "username reversed"
+local USERNAME          = "\0username"
+local USERNAME_REVERSED = "\0username reversed"
 local special_passwords = { USERNAME, USERNAME_REVERSED }

 ---Generates a random string of the requested length. This can be used to check how hosts react to
--- a/scripts/smb-psexec.nse
+++ b/scripts/smb-psexec.nse
@ -1102,7 +1102,7 @@ local function service_file_is_xor_encoded(filename)
    return nil, "Can't read from service file"
  end
  -- This is the XOR-inverse of "MZ".
-  return bytes == string.char(0xb2, 0xa5)
+  return bytes == "\xb2\xa5"
 end

 ---Upload all of the uploadable files to the remote system.
--- a/scripts/ssl-ccs-injection.nse
+++ b/scripts/ssl-ccs-injection.nse
@ -1,10 +1,8 @@
-local bin = require('bin')
 local match = require('match')
 local nmap = require('nmap')
 local shortport = require('shortport')
 local sslcert = require('sslcert')
 local stdnse = require('stdnse')
-local string = require('string')
 local table = require('table')
 local vulns = require('vulns')
 local have_tls, tls = pcall(require,'tls')
@ -201,7 +199,7 @@ local function test_ccs_injection(host, port, version)

  -- change_cipher_spec message
  local ccs = tls.record_write(
-    "change_cipher_spec", version, bin.pack("C", 0x01))
+    "change_cipher_spec", version, "\x01")

  -- Send the first ccs message
  status, err = s:send(ccs)
--- a/scripts/sslv2.nse
+++ b/scripts/sslv2.nse
@ -108,7 +108,7 @@ local give_n_bytes = function(idx, n, str)
  -- returns the next n bytes of a string

  if (idx + (n - 1) > #str) then
-    return (idx + n), string.rep(string.char(0x00), n);
+    return (idx + n), string.rep("\0", n);
  end

  return (idx + n), string.sub(str, idx, (idx + (n - 1)) );
@ -214,11 +214,11 @@ action = function(host, port)

  -- some sanity checks:
  -- is response a server hello?
-  if (message_type ~= string.char(0x04)) then
+  if (message_type ~= "\x04") then
    return;
  end
  -- is certificate in X.509 format?
-  if (certificate_type ~= string.char(0x01)) then
+  if (certificate_type ~= "\x01") then
    return;
  end

@ -227,7 +227,7 @@ action = function(host, port)

  -- actually run some tests:
  local o = stdnse.output_table()
-  if (ssl_version == string.char(0x00, 0x02)) then
+  if (ssl_version == "\0\x02") then
    table.insert(o, "SSLv2 supported")
    o["ciphers"] = available_ciphers
  end
--- a/scripts/targets-ipv6-multicast-slaac.nse
+++ b/scripts/targets-ipv6-multicast-slaac.nse
@ -87,7 +87,7 @@ local function build_router_advert(mac_src,prefix,prefix_len,valid_time,preferre
  local prefix_option_msg = string.char(prefix_len, 0xc0) .. --flags: Onlink, Auto
    packet.set_u32("....",0,valid_time) ..
    packet.set_u32("....",0,preferred_time) ..
-    string.char(0,0,0,0) .. --unknown
+    "\0\0\0\0" .. --unknown
    prefix
  local icmpv6_prefix_option = packet.Packet:set_icmpv6_option(packet.ND_OPT_PREFIX_INFORMATION,prefix_option_msg)
  local icmpv6_src_link_option = packet.Packet:set_icmpv6_option(packet.ND_OPT_SOURCE_LINKADDR,mac_src)
--- a/scripts/tftp-enum.nse
+++ b/scripts/tftp-enum.nse
@ -1,4 +1,3 @@
-local bin = require "bin"
 local datafiles = require "datafiles"
 local math = require "math"
 local nmap = require "nmap"
@ -94,7 +93,7 @@ end


 local create_tftp_file_request = function(filename)
-  return bin.pack('CC', 0x00, 0x01) .. filename .. bin.pack('C', 0x00) .. 'octet' .. bin.pack('C', 0x00)
+  return "\0\x01" .. filename .. "\0octet\0"
 end

 local check_file_present = function(host, port, filename)