ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙ--- The credential class stores found credentials in the Nmap registry -- -- The credentials library may be used by scripts to store credentials in -- a common format in the nmap registry. The Credentials class serves as -- a primary interface for scripts to the library. -- -- The State table keeps track of possible account states and a corresponding -- message to return for each state. -- -- The following code illustrates how a script may add discovered credentials -- to the database: -- -- local c = creds.Credentials:new( {"myapp"}, host, port ) -- c:add("patrik", "secret", creds.State.VALID ) -- -- -- The following code illustrates how a script can return a table of discovered -- credentials at the end of execution: -- -- return tostring(creds.Credentials:new({"myapp"}, host, port)) -- -- -- Another script can iterate over credential already discovered by other -- scripts just by referring to the same tag: -- -- local c = creds.Credentials:new({"myapp", "yourapp"}, host, port) -- for cred in c:getCredentials(creds.State.VALID) do -- showContentForUser(cred.user, cred.pass) -- end -- -- -- The following code illustrates how a script may iterate over all discovered -- credentials: -- -- local c = creds.Credentials:new(creds.ALL_DATA, host, port) -- for cred in c:getCredentials(creds.State.VALID) do -- showContentForUser(cred.user, cred.pass) -- end -- -- -- The library also enables users to add credentials through script arguments -- either globally or per service. These credentials may be retrieved by script -- through the same functions as any other discovered credentials. Arguments -- passed using script arguments will be added with the PARAM state. The -- following code may be used by a scripts to retrieve these credentials: -- -- local c = creds.Credentials:new(creds.ALL_DATA, host, port) -- for cred in c:getCredentials(creds.State.PARAM) do -- ... do something ... -- end -- -- -- Any globally added credentials will be made available to all scripts, -- regardless of what service is being filtered through the host and port -- arguments when instantiating the Credentials class. Service specific -- arguments will only be made available to scripts with ports matching -- the service name. The following two examples illustrate how credentials are -- added globally and for the http service: -- -- --script-args creds.global='admin:nimda' -- --script-args creds.http='webadmin:password' -- -- -- The service name at this point may be anything and the entry is created -- dynamically without validating whether the service exists or not. -- -- The credential argument is not documented in this library using the args -- function as the argument would incorrectly show up in all scripts making use -- of this library. This would show that credentials could be added to scripts -- that do not make use of this function. Therefore any scripts that make use -- of the credentials passing arguments need to have appropriate documentation -- added to them. -- -- -- The following code illustrates how a script may save its discovered credentials -- to a file: -- -- local c = creds.Credentials:new( SCRIPT_NAME, host, port ) -- c:add("patrik", "secret", creds.State.VALID ) -- status, err = c:saveToFile("outputname","csv") -- -- -- Supported output formats are CSV, verbose and plain. In both verbose and plain -- records are separated by colons. The difference between the two is that verbose -- includes the credential state. The file extension is automatically added to -- the filename based on the type requested. -- -- @args creds.global Credentials to be returned by Credentials.getCredentials -- regardless of the service. -- @args creds.[service] Credentials to be returned by -- Credentials.getCredentials for [service]. E.g. -- creds.http=admin:password -- -- @author Patrik Karlsson -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html -- Version 0.5 -- Created 2011/02/06 - v0.1 - created by Patrik Karlsson -- Revised 2011/27/06 - v0.2 - revised by Patrik Karlsson -- * added documentation -- * added getCredentials function -- -- Revised 2011/05/07 - v0.3 - revised by Patrik Karlsson -- * modified getCredentials to return an iterator -- * added support for adding credentials as -- script arguments -- -- Revised 2011/09/04 - v0.4 - revised by Tom Sellers -- * added saveToFile function for saving credential -- * table to file in CSV or text formats -- -- Revised 2015/19/08 - v0.5 - Gioacchino Mazzurco -- * added multitag support to share credential easier across -- scripts -- local coroutine = require "coroutine" local io = require "io" local ipOps = require "ipOps" local nmap = require "nmap" local stdnse = require "stdnse" local stringaux = require "stringaux" local table = require "table" local tableaux = require "tableaux" _ENV = stdnse.module("creds", stdnse.seeall) --- Table mapping the different account states to their number -- -- Also available is the StateMsg table, used to map these numbers -- to a description. -- @class table -- @name State -- @field LOCKED Account is locked -- @field VALID Valid credentials -- @field DISABLED Account is disabled -- @field CHANGEPW Valid credentials, password must be changed at next logon -- @field PARAM Credentials passed to script during Nmap execution -- @field EXPIRED Valid credentials, account expired -- @field TIME_RESTRICTED Valid credentials, account cannot log in at current time -- @field HOST_RESTRICTED Valid credentials, account cannot log in from current host -- @field LOCKED_VALID Valid credentials, account locked -- @field DISABLED_VALID Valid credentials, account disabled -- @field HASHED Hashed valid or invalid credentials State = { LOCKED = 1, VALID = 2, DISABLED = 4, CHANGEPW = 8, PARAM = 16, EXPIRED = 32, TIME_RESTRICTED = 64, HOST_RESTRICTED = 128, LOCKED_VALID = 256, DISABLED_VALID = 512, HASHED = 1024, } StateMsg = { [State.LOCKED] = 'Account is locked', [State.VALID] = 'Valid credentials', [State.DISABLED] = 'Account is disabled', [State.CHANGEPW] = 'Valid credentials, password must be changed at next logon', [State.PARAM] = 'Credentials passed to script during Nmap execution', [State.EXPIRED] = 'Valid credentials, account expired', [State.TIME_RESTRICTED] = 'Valid credentials, account cannot log in at current time', [State.HOST_RESTRICTED] = 'Valid credentials, account cannot log in from current host', [State.LOCKED_VALID] = 'Valid credentials, account locked', [State.DISABLED_VALID] = 'Valid credentials, account disabled', [State.HASHED] = 'Hashed valid or invalid credentials', } ALL_DATA = {} -- The RegStorage class RegStorage = { --- Creates a new RegStorage instance -- -- @return a new instance -- @name RegStorage.new new = function(self) local o = {} setmetatable(o, self) self.__index = self o.filter = {} return o end, --- Add credentials to storage -- -- @param tags a table containing tags associated with the credentials -- @param host host table, name or ip -- @param port number containing the port of the service -- @param service the name of the service -- @param user the name of the user -- @param pass the password of the user -- @param state of the account -- @name RegStorage.add add = function( self, tags, host, port, service, user, pass, state ) local cred = { tags = tags, host = host, port = port, service = service, user = user, pass = pass, state = state } nmap.registry.creds = nmap.registry.creds or {} table.insert( nmap.registry.creds, cred ) end, --- Sets the storage filter -- -- @param host table containing the host -- @param port table containing the port -- @param state table containing the account state -- @name RegStorage.setFilter setFilter = function( self, host, port, state ) self.filter.host = host self.filter.port = port self.filter.state = state end, --- Returns a credential iterator matching the selected filters -- -- @return a credential iterator -- @name RegStorage.getAll getAll = function( self ) local function get_next() local host, port = self.filter.host, self.filter.port if ( not(nmap.registry.creds) ) then return end for _, v in pairs(nmap.registry.creds) do local h = ( v.host.ip or v.host ) if ( not(host) and not(port) ) then if ( not(self.filter.state) or ( v.state == self.filter.state ) ) then coroutine.yield(v) end elseif ( not(host) and ( port == v.port ) ) then if ( not(self.filter.state) or ( v.state == self.filter.state ) ) then coroutine.yield(v) end elseif ( ( host and ( h == host or h == host.ip ) ) and not(port) ) then if ( not(self.filter.state) or ( v.state == self.filter.state ) ) then coroutine.yield(v) end elseif ( ( host and ( h == host or h == host.ip ) ) and port.number == v.port ) then if ( not(self.filter.state) or ( v.state == (self.filter.state & v.state) ) ) then coroutine.yield(v) end end end end return coroutine.wrap(get_next) end, } Account = { --- Creates a new instance of the Account class -- -- @param username containing the user's name -- @param password containing the user's password -- @param state A creds.State account state -- @return A new creds.Account object -- @name Account.new new = function(self, username, password, state) local o = { username = username, password = password, state = StateMsg[state] or state } setmetatable(o, self) self.__index = self return o end, --- Converts an account object to a printable script -- -- @return string representation of object -- @name Account.__tostring __tostring = function( self ) return ( (self.username and self.username .. ":" or "") .. (self.password ~= "" and self.password or "") .. (self.state and " - " .. self.state or "") ) end, --- Less-than operation for sorting -- -- Lexicographic comparison by user, pass, and state -- @name Account.__lt __lt = function (a, b) if a.user and b.user and a.user >= b.user then return false elseif a.pass and b.pass and a.pass >= b.pass then return false elseif a.state and b.state and a.state >= b.state then return false end return true end, } -- Return a function suitable for use as a __pairs metamethod -- which will cause the table to yield its values sorted by key. local function sorted_pairs (sortby) return function (t) local order = tableaux.keys(t) table.sort(order, sortby) return coroutine.wrap(function() for i,k in ipairs(order) do coroutine.yield(k, t[k]) end end) end end -- The credentials class Credentials = { --- Creates a new instance of the Credentials class -- @param tags a table containing tags associated with the credentials -- @param host table as received by the scripts action method -- @param port table as received by the scripts action method -- @name Credentials.new new = function(self, tags, host, port) local o = {} setmetatable(o, self) self.__index = self o.storage = RegStorage:new() o.storage:setFilter(host, port) o.host = host o.port = ( port and port.number ) and port.number o.service = ( port and port.service ) and port.service if ( type(tags) ~= "table" ) then tags = {tags} end o.tags = tags return o end, --- Add a discovered credential -- -- @param user the name of the user -- @param pass the password of the user -- @param state of the account -- @name Credentials.add add = function( self, user, pass, state ) local pass = ( pass and #pass > 0 ) and pass or "" assert( self.host, "No host supplied" ) assert( self.port, "No port supplied" ) assert( state, "No state supplied") assert( self.tags, "No tags supplied") -- there are cases where we will only get a user or password -- so as long we have one of them, we're good if ( user or pass ) then self.storage:add( self.tags, self.host, self.port, self.service, user, pass, state ) end end, --- Returns a credential iterator -- -- @see State -- @param state mask containing values from the State table -- @return credential iterator, returning a credential each time it's -- called. Unless filtered by the state mask all credentials -- for the host, port match are iterated over. -- The credential table has the following fields: -- host - table as received by the action function -- port - number containing the port number -- user - string containing the user name -- pass - string containing the user password -- state - a state number -- service - string containing the name of the service -- tags - table containing tags associated with -- the credential -- @name Credentials.getCredentials getCredentials = function(self, state) local function next_credential() if ( state ) then self.storage:setFilter(self.host, { number=self.port, service = self.service }, state) end for cred in self.storage:getAll() do if ( self.tags == ALL_DATA ) then coroutine.yield(cred) end for _,stag in pairs(self.tags) do for _,ctag in pairs(cred.tags) do if(stag == ctag) then coroutine.yield(cred) end end end end if ( state and State.PARAM == (state & State.PARAM) ) then local creds_global = stdnse.get_script_args('creds.global') local creds_service local creds_params if ( self.service ) then creds_service = stdnse.get_script_args('creds.' .. self.service ) end if ( creds_service ) then creds_params = creds_service end if ( creds_global and creds_service ) then creds_params = creds_params .. ',' .. creds_global elseif ( creds_global ) then creds_params = creds_global end if ( not(creds_params) ) then return end for _, cred in ipairs(stringaux.strsplit(",", creds_params)) do -- if the credential contains a ':' we have a user + pass pair -- if not, we only have a user with an empty password local user, pass if ( cred:match(":") ) then user, pass = cred:match("^(.-):(.-)$") else user = cred:match("^(.*)$") end coroutine.yield( { host = self.host, port = self.port, user = user, pass = pass, state = State.PARAM, service = self.service } ) end end end return coroutine.wrap( next_credential ) end, --- Returns a table of credentials -- -- @return tbl table containing the discovered credentials -- @name Credentials.getTable getTable = function(self) local result = {} for v in self:getCredentials() do local h = ( v.host.ip or v.host ) assert(type(h)=="string", "Could not determine a valid host") local svc = ("%s/%s"):format(v.port,v.service) result[h] = result[h] or {} result[h][svc] = result[h][svc] or {} table.insert( result[h][svc], Account:new( v.user ~= "" and v.user or nil, v.pass, v.state ) ) end for _, host_tbl in pairs(result) do for _, svc_tbl in pairs(host_tbl) do -- sort the accounts table.sort( svc_tbl ) end -- sort the services setmetatable(host_tbl, { __pairs = sorted_pairs( function(a,b) return tonumber(a:match("^(%d+)")) < tonumber(b:match("^(%d+)")) end ) }) end -- sort the IP addresses setmetatable(result, { __pairs = sorted_pairs( function(a, b) return ipOps.compare_ip(a, "le", b) end ) }) local _ if ( self.host and next(result) ) then _, result = next(result) end if ( self.host and self.port and next(result) ) then _, result = next(result) end return next(result) and result end, -- Saves credentials in the current object to file -- @param filename string name of the file -- @param fileformat string file format type, values = csv | verbose | plain (default) -- @return status true on success, false on failure -- @return err string containing the error if status is false saveToFile = function(self, filename, fileformat) if ( fileformat == 'csv' ) then filename = filename .. '.csv' else filename = filename .. '.txt' end local f = io.open( filename, "w") local output = nil if ( not(f) ) then return false, ("ERROR: Failed to open file (%s)"):format(filename) end for account in self:getCredentials() do if ( fileformat == 'csv' ) then output = "\"" .. account.user .. "\",\"" .. account.pass .. "\",\"" .. StateMsg[account.state] .. "\"" elseif ( fileformat == 'verbose') then output = account.user .. ":" .. account.pass .. ":" .. StateMsg[account.state] else output = account.user .. ":" .. account.pass end if ( not(f:write( output .."\n" ) ) ) then return false, ("ERROR: Failed to write file (%s)"):format(filename) end end f:close() return true end, --- Get credentials with optional host and port filter -- If no filters are supplied all records are returned -- -- @param host table or string containing the host to filter -- @param port number containing the port to filter -- @return table suitable from stdnse.format_output -- @name Credentials.__tostring __tostring = function(self) local all = self:getTable() if ( all ) then return tostring(all) end end, } return _ENV;