OXIESEC PANEL

Name	Size	Modified	Perms
📁 ..	-	08/07/2020 12:36:00 PM	rwxr-xr-x
📄 afp.lua	71.92 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ajp.lua	16.69 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 amqp.lua	10.5 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 anyconnect.lua	4.45 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 asn1.lua	14.57 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 base32.lua	7.33 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 base64.lua	5.67 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 bin.lua	12.89 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 bit.lua	2.43 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 bitcoin.lua	16.99 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 bits.lua	1.82 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 bittorrent.lua	40.77 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 bjnp.lua	9.45 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 brute.lua	50.04 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 cassandra.lua	5.78 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 citrixxml.lua	16 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 coap.lua	76.24 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 comm.lua	10.75 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 creds.lua	18.22 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 cvs.lua	3.13 KB	04/16/2018 01:11:39 AM	rw-r--r--
📁 data	-	08/07/2020 12:36:00 PM	rwxr-xr-x
📄 datafiles.lua	11.05 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 datetime.lua	1.16 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 dhcp.lua	29.17 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 dhcp6.lua	19.87 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 dns.lua	51.44 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 dnsbl.lua	19.02 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 dnssd.lua	12.57 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 drda.lua	24.2 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 eap.lua	7.64 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 eigrp.lua	14.47 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 formulas.lua	5.35 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ftp.lua	9.03 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 geoip.lua	1.71 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 giop.lua	18.44 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 gps.lua	3.05 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 http.lua	105.81 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 httpspider.lua	36.15 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 iax2.lua	9.6 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ike.lua	15.02 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 imap.lua	9.59 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 informix.lua	39.76 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ipOps.lua	26.92 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ipmi.lua	10.02 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ipp.lua	12.54 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 irc.lua	757 bytes	04/16/2018 01:11:39 AM	rw-r--r--
📄 iscsi.lua	21.45 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 isns.lua	15.34 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 jdwp.lua	43.57 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 json.lua	11.65 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ldap.lua	31.86 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 lfs.luadoc	1.68 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 libssh2-utility.lua	4.39 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 libssh2.luadoc	4.75 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 listop.lua	4.66 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 lpeg-utility.lua	5.64 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 lpeg.luadoc	351 bytes	04/16/2018 01:11:39 AM	rw-r--r--
📄 ls.lua	10.96 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 match.lua	2.05 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 membase.lua	9.88 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 mobileme.lua	8.46 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 mongodb.lua	21.29 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 mqtt.lua	28.95 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 msrpc.lua	179.93 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 msrpcperformance.lua	29.72 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 msrpctypes.lua	167.61 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 mssql.lua	110.87 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 multicast.lua	6.1 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 mysql.lua	17.09 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 natpmp.lua	5.04 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ncp.lua	36 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ndmp.lua	11.58 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 netbios.lua	13.9 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 nmap.luadoc	40.34 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 nrpc.lua	4.42 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 nsedebug.lua	3.49 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 omp2.lua	4.77 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 openssl.luadoc	7.08 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ospf.lua	15.29 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 packet.lua	36.65 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 pcre.luadoc	6.79 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 pgsql.lua	20.61 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 pop3.lua	5.7 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 pppoe.lua	29.95 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 proxy.lua	12.04 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 rdp.lua	11.05 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 re.lua	8.22 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 redis.lua	3.59 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 rmi.lua	47.89 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 rpc.lua	106.22 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 rpcap.lua	11.19 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 rsync.lua	5.19 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 rtsp.lua	8.67 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 sasl.lua	16.38 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 shortport.lua	8.01 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 sip.lua	30.56 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 slaxml.lua	17.9 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 smb.lua	175.85 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 smb2.lua	16.32 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 smbauth.lua	37.53 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 smtp.lua	19.81 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 snmp.lua	15.99 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 socks.lua	8.26 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 srvloc.lua	12.25 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ssh1.lua	8.88 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 ssh2.lua	11.88 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 sslcert.lua	33.34 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 sslv2.lua	9.63 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 stdnse.lua	45.93 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 strbuf.lua	4.52 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 strict.lua	2.53 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 stun.lua	11.51 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 tab.lua	3.35 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 target.lua	3.93 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 tftp.lua	9.38 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 tls.lua	56.16 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 tn3270.lua	43.75 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 tns.lua	64.17 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 unicode.lua	14.32 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 unittest.lua	12.33 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 unpwdb.lua	10.08 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 upnp.lua	11.18 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 url.lua	12.09 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 versant.lua	8.6 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 vnc.lua	23.3 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 vulns.lua	76.29 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 vuzedht.lua	16.62 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 wsdd.lua	12.03 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 xdmcp.lua	11.9 KB	04/16/2018 01:11:39 AM	rw-r--r--
📄 xmpp.lua	15.88 KB	04/16/2018 01:11:39 AM	rw-r--r--

Editing: xdmcp.lua

---
-- Implementation of the XDMCP (X Display Manager Control Protocol) based on:
--   x http://www.xfree86.org/current/xdmcp.pdf
--
-- @author Patrik Karlsson <patrik@cqure.net>

local bin = require "bin"
local ipOps = require "ipOps"
local nmap = require "nmap"
local stdnse = require "stdnse"
local table = require "table"
_ENV = stdnse.module("xdmcp", stdnse.seeall)

-- Supported operations
OpCode = {
  BCAST_QUERY = 1,
  QUERY = 2,
  WILLING = 5,
  REQUEST = 7,
  ACCEPT = 8,
  MANAGE = 10,
}

-- Packet class
Packet = {

-- The cdmcp header
  Header = {

-- Creates a new instance of class
    -- @param version number containing the protocol version
    -- @param opcode number containing the opcode type
    -- @param length number containing the length of the data
    -- @return o instance of class
    new = function(self, version, opcode, length)
      local o = { version = version, opcode = opcode, length = length }
      setmetatable(o, self)
      self.__index = self
      return o
    end,

-- Parses data based on which a new object is instantiated
    -- @param data opaque string containing data received over the wire
    -- @return hdr instance of class
    parse = function(data)
      local pos, hdr = nil, Packet.Header:new()
      pos, hdr.version, hdr.opcode, hdr.length = bin.unpack(">SSS", data)
      return hdr
    end,

-- Converts the instance to an opaque string
    -- @return str string containing the instance
    __tostring = function(self)
      assert(self.length, "No header length was supplied")
      return bin.pack(">SSS", self.version, self.opcode, self.length)
    end,
  },

[OpCode.QUERY] = {

-- Creates a new instance of class
    -- @param authnames table of strings containing authentication
    --        mechanism names.
    -- @return o instance of class
    new = function(self, authnames)
      local o = {
        header = Packet.Header:new(1, OpCode.QUERY),
        authnames = authnames or {},
      }
      o.header.length = #o.authnames + 1
      setmetatable(o, self)
      self.__index = self
      return o
    end,

-- Converts the instance to an opaque string
    -- @return str string containing the instance
    __tostring = function(self)
      local data = tostring(self.header)
      data = data .. bin.pack("C", #self.authnames)
      for _, name in ipairs(self.authnames) do
        data = data .. bin.pack(">P", name)
      end
      return data
    end,

[OpCode.BCAST_QUERY] = {
    new = function(...)
      local packet = Packet[OpCode.QUERY]:new(...)
      packet.header.opcode = OpCode.BCAST_QUERY
      return packet
    end,

__tostring = function(...)
      return Packet[OpCode.QUERY]:__tostring(...)
    end

[OpCode.WILLING] = {

-- Creates a new instance of class
    -- @return o instance of class
    new = function(self)
      local o = {
        header = Packet.Header:new(1, OpCode.WILLING)
      }
      setmetatable(o, self)
      self.__index = self
      return o
    end,

local pos = 7
      pos, willing.authname, willing.hostname,
      willing.status = bin.unpack("ppp", data, pos)
      return willing
    end,

[OpCode.REQUEST] = {

-- The connection class
    Connection = {

IpType = {
        IPv4 = 0,
        IPv6 = 6,
      },

-- Creates a new instance of class
      -- @param iptype number
      -- @param ip opaque string containing the ip
      -- @return o instance of class
      new = function(self, iptype, ip)
        local o = {
          iptype = iptype,
          ip = ip,
        }
        setmetatable(o, self)
        self.__index = self
        return o
      end,

-- Creates a new instance of class
    -- @param disp_no number containing the display name
    -- @param auth_name string containing the authentication name
    -- @param auth_data string containing additional authentication data
    -- @param authr_names string containing authorization mechanisms
    -- @param manf_id string containing the manufacturer id
    -- @return o instance of class
    new = function(self, disp_no, conns, auth_name, auth_data, authr_names, manf_id )
      local o = {
        header = Packet.Header:new(1, OpCode.REQUEST),
        disp_no = disp_no or 1,
        conns = conns or {},
        auth_name = auth_name or "",
        auth_data = auth_data or "",
        authr_names = authr_names or {},
        manf_id = manf_id or "",
      }
      setmetatable(o, self)
      self.__index = self
      return o
    end,

-- Adds a new connection entry
    -- @param conn instance of Connections
    addConnection = function(self, conn)
      table.insert(self.conns, conn)
    end,

-- Adds a new authorization entry
    -- @param str string containing the name of the authorization mechanism
    addAuthrName = function(self, str)
      table.insert(self.authr_names, str)
    end,

-- Converts the instance to an opaque string
    -- @return str string containing the instance
    __tostring = function(self)
      local data = bin.pack(">SC", self.disp_no, #self.conns)
      for _, conn in ipairs(self.conns) do
        data = data .. bin.pack(">S", conn.iptype)
      end
      data = data .. bin.pack("C", #self.conns)
      for _, conn in ipairs(self.conns) do
        data = data .. bin.pack(">P", ipOps.ip_to_str(conn.ip))
      end
      data = data .. bin.pack(">PP", self.auth_name, self.auth_data)
      data = data .. bin.pack("C", #self.authr_names)
      for _, authr in ipairs(self.authr_names) do
        data = data .. bin.pack(">P", authr)
      end
      data = data .. bin.pack(">P", self.manf_id)
      self.header.length = #data

return tostring(self.header) .. data
    end,

[OpCode.ACCEPT] = {

-- Creates a new instance of class
    -- @param session_id number containing the session id
    -- @param auth_name string containing the authentication name
    -- @param auth_data string containing additional authentication data
    -- @param authr_name string containing the authorization mechanism name
    -- @param authr_names string containing authorization mechanisms
    -- @return o instance of class
    new = function(self, session_id, auth_name, auth_data, authr_name, authr_data)
      local o = {
        header = Packet.Header:new(1, OpCode.ACCEPT),
        session_id = session_id,
        auth_name = auth_name,
        auth_data = auth_data,
        authr_name = authr_name,
        authr_data = authr_data,
      }
      setmetatable(o, self)
      self.__index = self
      return o
    end,

-- Parses data based on which a new object is instantiated
    -- @param data opaque string containing data received over the wire
    -- @return hdr instance of class
    parse = function(data)
      local accept = Packet[OpCode.ACCEPT]:new()
      accept.header = Packet.Header.parse(data)
      local pos = 7
      pos, accept.session_id, accept.auth_name, accept.auth_data,
      accept.authr_name, accept.authr_data = bin.unpack(">IPPPP", data, pos)
      return accept
    end,

[OpCode.MANAGE] = {

-- Creates a new instance of class
    -- @param session_id number containing the session id
    -- @param disp_no number containing the display number
    -- @param disp_class string containing the display class
    -- @return o instance of class
    new = function(self, sess_id, disp_no, disp_class)
      local o = {
        header = Packet.Header:new(1, OpCode.MANAGE),
        session_id = sess_id,
        disp_no = disp_no,
        disp_class = disp_class or ""
      }
      setmetatable(o, self)
      self.__index = self
      return o
    end,

-- Converts the instance to an opaque string
    -- @return str string containing the instance
    __tostring = function(self)
      local data = bin.pack(">ISP", self.session_id, self.disp_no, self.disp_class)
      self.header.length = #data
      return tostring(self.header) .. data
    end,

}

-- The Helper class serves as the main script interface
Helper = {

-- Creates a new instance of Helper
  -- @param host table as received by the action method
  -- @param port table as received by the action method
  -- @param options table
  -- @return o new instance of Helper
  new = function(self, host, port, options)
    local o = {
      host = host,
      port = port,
      options = options or {},
    }
    setmetatable(o, self)
    self.__index = self
    return o
  end,

-- "Connects" to the server (ie. creates the socket)
  -- @return status, true on success, false on failure
  connect = function(self)
    self.socket = nmap.new_socket("udp")
    self.socket:set_timeout(self.options.timeout or 10000)
    return true
  end,

-- Creates a xdmcp session
  -- @param auth_name string containing the authentication name
  -- @param authr_name string containing the authorization mechanism name
  -- @param disp_class string containing the display class
  -- @return status true on success, false on failure
  -- @return response table or err string containing an error message
  createSession = function(self, auth_names, authr_names, disp_no)
    local info  = nmap.get_interface_info(self.host.interface)
    if ( not(info) ) then
      return false, ("Failed to get information for interface %s"):format(self.host.interface)
    end

local req = Packet[OpCode.QUERY]:new(auth_names)
    local status, response = self:exch(req)
    if ( not(status) ) then
      return false, response
    elseif ( response.header.opcode ~= OpCode.WILLING ) then
      return false, "Received unexpected response"
    end

local REQ = Packet[OpCode.REQUEST]
    local iptype = REQ.Connection.IpType.IPv4
    if ( nmap.address_family() == 'inet6' ) then
      iptype = REQ.Connection.IpType.IPv6
    end

local conns = { REQ.Connection:new(iptype, info.address) }
    local req = REQ:new(disp_no, conns, nil, nil, authr_names)
    local status, response = self:exch(req)
    if ( not(status) ) then
      return false, response
    elseif ( response.header.opcode ~= OpCode.ACCEPT ) then
      return false, "Received unexpected response"
    end

-- Sending this last manage packet doesn't make any sense as we can't
    -- set up a listening TCP server anyway. When we can, we could enable
    -- this and wait for the incoming request and retrieve X protocol info.

-- local manage = Packet[OpCode.MANAGE]:new(response.session_id,
    --   disp_no, "MIT-unspecified")
    -- local status, response = self:exch(manage)
    -- if ( not(status) ) then
    --   return false, response
    -- end

return true, {
      session_id = response.session_id,
      auth_name = response.auth_name,
      auth_data = response.auth_data,
      authr_name = response.authr_name,
      authr_data = response.authr_data,
    }
  end,

send = function(self, req)
    return self.socket:sendto(self.host, self.port, tostring(req))
  end,

recv = function(self)
    local status, data = self.socket:receive()
    if ( not(status) ) then
      return false, data
    end
    local header = Packet.Header.parse(data)
    if ( not(header) ) then
      return false, "Failed to parse xdmcp header"
    end
    if ( not(Packet[header.opcode]) ) then
      return false, ("No parser for opcode: %d"):format(header.opcode)
    end
    local resp = Packet[header.opcode].parse(data)
    if ( not(resp) ) then
      return false, "Failed to parse response"
    end
    return true, resp
  end,

-- Sends a request to the server, receives and parses a response
  -- @param req instance of Packet
  -- @return status true on success, false on failure
  -- @return response instance of response packet
  exch = function(self, req)
    local status, err = self:send(req)
    if ( not(status) ) then
      return false, "Failed to send xdmcp request"
    end
    return self:recv()
  end,

}

return _ENV;