ÿØÿà JFIF    ÿÛ „ !.%+&8&+/1555$;@;4?.451 4,$,44444444444414444444444444444444444444444444444444ÿÀ  á á" ÿÄ     ÿÄ ?    !1AQaq"2‘¡±ÁðBRbrÑá#‚’¢²3S CñÿÄ   ÿÄ !    !1QAa‘2ÿÚ   ? 5˜Z¯V¦cø)›t/? z¨±>Õ5€¶‹Á¤·¼z¼Ü¬+ñ®v¤¨_ˆR­BFn©—˜ý®ç̝P8gýt·ÉSTŦˆìät?þé¼íìN/Þa)ì–í6ô… Ï¿øÃj´¿KÇü]ÿ ªô¹-eKànëÕHTx}ýSÜ›ÿ ”7Ø×&µ<¦  ¥ÑO¶[Ù¯ä¨ÞÃÿ PZ-¬;#õ|•oaÿ ©CìÞz3˜öː/¤­ñTûIØ}š^ mÓ%ªxˆ¥ÉŸu=Z+ISe¿45™¼u;ú&WØ÷€æßQ™®{|íx*TC“#ZŠìZ§²‹ 6pv…³¿¡äª*áZÐ%ÒOáˆo"x«OHk w±æ+¬V(kMúŸ5Vö«$ ÁrÏbàb57/luR ¸ÑÛj Òµì`Ðœq­û žICÀÊ•©4€Âcà¨Ï€O´<èÐ:›ù(Ë^L8þ‘ÍÌ#¸Ð_Ì©ÙK(Öz 4¬û+¸;ü’V’84‘¬ÃŽ:[â‡ÔÌáõp¢~§ªlæ£ö{®G>J¼"°‡7¯ÆÉèßû ‹É‹§ÁòÃýâßî ^ƾÙõ‹×óH#«LP½ïX=xÑÍ$|W?•~• îëÔ©ª‹ {ÝT…Kÿ ”hûâá)J*ö˜–ÔU;iÇ€/ ÆþjóZ\ýwØ=Ìm ºèËL9 ýèÆð/¨’¥öo=nË.%Îì ŽÕ¯È|{Oj²ƒE6e/ßdÄõ²Ìâ1O®ò×TsəԸhOMýíMˆ¿¼H˜l²,7Â¥#MF/Úf°Ö½± ¸–dr‹NýÊ íjqx{œÉ ä-È ¦ øÄër¨q°ð †nцýÑÄÆ’mä…n<0È™;ÁÝá¯ÁZƒ7FÀmì­ É&9ˆîéi¶ùN§Y• ÃZãAâ?•‡©‰ , ó¾IŸŠc1 4â&y­&pŠ­6;M À 0¹qç»p.á …ŸÅáK@%6·y6ƒ‰3?”úºŽ‰éX5ªPT §µ!=Mž«Ú½‹ÅgÂSâÉaþÓoö–¯ÁÔìR>5éÿ üs¶ÆUcÌ kÇR ]ÿ ù¬¼«VŽ;Â|‡~¢¦”ÏÅ°æ {L™Õ°Óv¹ò¸írŽ¡×¢CÃ!íVÕ {¶»sŒNPg/ "uÕbkm²“$ďå¿é¹§°½æz¯6 †s¿!s–wÚÝ“™Œ °.ûj>·+™Òa…©Œ&rÝÎtÛë긪Ît’LAVp%c Úý[ÄzJ¾ÇàXXç@˜ó<êL]·T˜¾¥1Ó©V‡g´æ½¦Ý@¹óø!_@´ÞâSÁ —S3™•& ]@JHÚý©ZŽ €×æÔr»Áf!‡yÞ4Mv*èÓã_{‘åóUuљØ«Oïé*®EvÑ Œ÷‡U \"㪒ÍK+À 4“M¡ï:0¥5í!'<@î´”>Ç»&Z–ïCCV˜Ì5Šo&îhè.žû |ÓK©h$s6KìŒëã)¹hI¦GïOåóI;ììü#É$Š0…Ææ¥TØ.5­¾gn´ “ÂÖ\:hœ89G)J@„}œ:’Ò{/Š"¦_Æ×7Æ3VÇŠÊa]ÚŒÙ€Ä–=®uÁßâACZƒ§§£ Qnâ:«,×{tyø¬iÛcœÜÄ€H½ÄÍCk´÷šß .W'b¤Íåh]÷€=,Žv×cÚEÚHXJX¶îo¨FÒtèöŸ>ªª6[J®Fµ£sGÁeqõfe\íjÒÐïÄÐGˆe1Ø‹.Ø”‘Ëuø Y­ˆÜ ŽG|zùªüMpDnQWÄ”%JŠ™)â*p@Örš«ÕT2Ð%ˆG#ª„ ·¤!°ŸOTÂT¸aÚ%4&h™LµšØüÐ.F¿²ÐÞ_Ç‚¾ÅÃaÜ÷09Æ q€öy˜v‡85õN÷]¬äѼóS{°_MŽ¬úÔ#°Ç¸0åÞè2ëôPcvÆw9®ií1Ä8F™˜à‰´+‰Ik1òÝ7“Ñ×ÒsÝ\x‚h`ÞÑ`ó"|µEcý£n˜h`}GÞ !±ù²Ápü²ß6 0ïi󜵩SÈÇ7˜-ÕURO˜¦´f$ªž-Í6(œ}<„ éc øs]ŽŽ„*—¾ ìdŽ„)méª\¿êÎIg¾ØÞ~I#C/¼¼´EÁÈŽi8“©õådô·>euä ƒ'Ê×लR1ÉJE1ÐAát`t;ÇР%Ý<‡¥„ÍÆ`×Oyó)õiI€ñQaŸ4Ûù\áàaÃÔ¹HÃu¹*k€¦<„e S‡&õÏ B!ŽhüÞ`yj}mªf×\¿ Ç~æ­9‡û\՞Ǖg²1Žû5V7 !àöšm° c`ܬøÇìµÒ'P"?…´Ö,"§^•õŽ¨sÔ)6˜sæéÍR¼ ò|Sl”‹7 nPW Gòú÷½§O¯‡„l¡kSÞŒr½PÊ@æ¢pŽ-mÿ #Ÿ˜Àº¶Áä¦;ïÔæ$1££`“Õ>„—·ž)ßð³ñ#Ï Ô$¶œ‰ÊE‹À;÷º ¯«P:Ñ”8–IÊtpÞ3ª“>ê“þës4ò2OÏÕ­±zô†Õ§‰.÷ä¸;¿˜“'œ›žª}«Œ{ª±Ì 9ÔóÞÕ‡0 $íWV3Üì¬ —@kÝ4@¿r¼±½¬™›?øØæ´'Áé®CË3-g$˜ö‡×auÚi´Žp/êÛ æF›Ú2v‹ã¿¿,nB1̨ƃqÞa5͝@&Æû“él÷ \C²½UÍc ¯k×¢U ÖéQå™—-r wô ÞÏ<Ò=&=ÿ Ôê Òêˈt,i—;LîÜ á¸*ÚÃ1$êL•LÍ <É)ýÐà’ ;F™{ƒ™˜€&'}‚ãÄK`¡ÞT@I;®žZóè‚s’7®°›+§O­Åq©é»²9<Ô J ¼9O’HL»Ùïì¸rk¼Ž_ý‘TŸu[²ßÚŒ·ü÷B%¯E ŸÔX5êO´ Ç•€’I0 ÉJX` ñ¹õ%;µŸD‘«´€àwÒ™U ûئžÖö\×®×´8 ½‡ºÐÆÓ§?Àkmœ=;d5*@-ì0F Rªýš[Ü6âö̃ڸr*KA9· u*µæ£?U¸Âêí†8@¦X4 e-ò„0s{ HâUpU?¼mñRa°®a%Ð'tÉ×’\¾ÊÉ]t›h>·(Ë@R¼¡Ãt h}’O÷au<+nT…Ö…MӐ??Óe95 q>í/;&JSû °¯ÊéÞ øƒ*Ã2½Ài&:nôUl=¾¿5eˆ3”ñc|Ú2V”>„»&eE;«ÚäC p¢Û úy 9š[ŒÌx¼擼A&DåÒ¯ˆ¤ÀÌ;"˜ ÏQä¸åhÊ}Ûq«Û0WžÒ|»€ø®öCm5•\ÇÀ§Pe3£]0ÃàLDÉ‰1øªxjgwT‚÷¿LΨK‹›ùs—xˆÜ±µ kæ¸f‰‰ÜGk/LÛØ6d9ò¶ùA{ƒA3š/¬D¬khÓk‰`˜"㯒r¿±Óã jx‡°e}<Ñø\3y:'À•/h½Í€Ç4~g ?Û(¼]v‘ªlKÎâ~?O‚W%{Ì:“'©úNq¾›úo(X’¥¯ˆ nFê{Ç€ü?º'ë ø‹ì Þ09ŒÌç9Æ —ËC`j@ÓÄ(+a‹un¸#ÂꟋ{K`‘ÑÍÍ'à´»/Û,KW;Þ4²þð ï Nm|~fGÏ(…³Ã)«1ö­Õ ¥‡¨©ƒÃ™ü-s=à=U66Ï«Ýc蓦W¹íž®›nÔ%êÇìŒ<#Ü×84ån®Ð ÒåOC` ñânÑs‡¢ç 1õ%Îhì½Ã½® e:ݼUZo™`  ÅZŸŒÊ«ê1ÏÄo$q¹Þ€©ˆhÐÉä¯ñ[!…Ú˜àJ:x2$Íß&PåT£6ç— ‡Í*4Ýšçjÿ ‰É nófÐ ó(L5C•åÆ\rMÒ@ò }y-W}™üýVù—ú¢=Ù”c®‘< M ž ´Phr ¦©TD ‘ù.$´÷O‡‘V2Æò.=IUŒ=ž‡â¬i™aþÓåÙ?òUø'ØÖ•.~* šTŒ!•-×áºTâ®ä#õü'´ eýlYÅÓeÕKÂrT"CÚ@u!Óxƒ{š3€}1¿(r}%«nËamjÑ%ÑNEò v ˜à  σöK³,*º.àzù¨™Ó ÚçâU¦*¿ 9{%Ö¹ njûdaXöb) kÛƱûÓ\°M7ˆÂ=û›ç¿Ã‚­V»Cg–8ÙêE- j)k$º`Ã-ùEýeBÆÇ]c¡°ñty&Òd0nõ'¡W+ƒ*|–øµFa\GQªEAÔp5\Ǽ·¼Ç8·õ -â§Ú[ ‡ uZeÖ 3}×d'+¹:ð+K†Û®s!Ï$úe€<Û”x)1»a­¡LC]¸µík…ÚàA»AYº{†ªS[¦5HÒ7ù --,ísòDØ€èk ÞÀîÜ ò@â( ËNˆë›4ô½•/¦o‡€Û7 ê•ÆêòðÜy'Án½µ á˜ݦ ndeo…[ì¶Ê,¥R³Ä=À±—–ß;£™´ñSâ*g§”ïaið‘Jå~™ÓÞ ß³Õ¢»8x埒²52>AÊb&-÷\7´éÄù€T˜,w;3{ï˜k…à¹ÄqÀ«œ{€\ ˆ¾[´¨јr &Úé„Ívˆ±8†¿]|¬ņ4I×pÞS1ÈÖz‰#Ìv‡G!YNògñ:màTz¢Ý1ô©^O=~ë|5Bã™ç•¼µõ•bÆ@úÕS¬ÈŒ#¬zünrŸ û” Z²•ï›èðV"ÁHÚý©wÝ €7¼Ìu1hÑa3Éä û f$o¿É ™Ú›ÝçnpÒ3äÌ3†Í§,Äï]$‰/pê †«À¼¸e9­Æê_C]žƒ·ý·frÁN«, E=›Çq -‰öŒ:aÏ¿±í&£Í:-} 84‘ÿ eƒQÑeëSsuiA ³g㟥ú£?ÿ ʼn*”“÷aühe:ÊWa@ÒÞk±eØ] F Ô—r.åä˜ @ö¥ªZoÐýYL·¥S²G/‡ñ <~*ZÆ´è>JlòàÛƽÿ 窘ìGN¢:I®KšJp/`íIÁÀõ#Ä-€ö­šµŒoF4|ÆQØÆ@Ì|£Ô…¢À{9˜è½Üó›€ôYÒÎYsið;ís¤€à²ˆ‚4qÉVŒI$ ‰"° æµ8cXGjœˏ¡Aâý•ËÜ¢ûï e·çLx']á"oÅÎê3¯Ç—¹”ó0nå‚âg{Œñ> S´˜îè°g238‚ãköÝfÚd´6Ò€;ò÷±¢™¼›º ¢Æ'¥Ðx'e¬ç ]bÈÆV¢ó‹kýBO ðÊâ$Ÿ!×T 3Mýמ žìٍàÌü‘8÷€àæØ8æ©6‰©L´«…oãpð„~Çk‰!ñ;‹”ÛžÍ àž±z Ÿôû øŸÝužÏ;ÿ #|u6™Þ¬ÚˆÐõA4¶â|ôl|Ê2ŽÇ¤ÝÅÇY.<#Aí.k§hóF‚”Y; M½Ö4hŸ4&›­¿tès´%FìL¥£Ãk‰ÇT¤haÁ¤ÚxfÉ`ÑìË›>i 3t‚:,–+^÷´–{Û–Nxi"x‘Ûg î¨>¥Õ܁ùZH,2Û“:8xÊ¢Çí9.É-Ìâã-=çjwµS˜dütžçwýGòú®®ûº_ˆýx$–¡ãøO EÚÛÏ÷R„×w+3£Á£öUMyR²¹âŒ°š›¸Ñãò9§Ó_Dl+Ùßc›úšGÅÌc†Ž!Ko=¶.‘Îÿ c²(2®V mª.ÿ ¹B›¹å ù„öŸSV>™ü¯$y:G¢Z×àøúdî¹û­·ýÇ´:•c LÍõi_‹ö+ÎæGÊè>OŠ•äž´§Þ{X}¨1ÚTc›»Qþ•êô°t¿OP?eæ~É{5]•ÙR£r5†nZ\ã@ &îJõ ¾àC°þV>fé¥/ü5ñÊIº_é5 ;e­h<@ Ä&æÃëE%;X,ÒãÆÞ`Oò¦kŸm#˜!ÀyÄ¢| óLšò¥Ä` ¶R=|ÈCâh5ò3DˆïF†ðÒ#ÅìÛœ?¸yhBãœí ZxßÎÄhºRK„`Þödvײ™ÀÈÑÒgŒuY w³%†ƒÓzõ ÖÏp‚dH®¦A´ù§»ÓÇMæ~)ˆð‡û:ù&Ä •vGD´À n ݇¼Ö8Fö óáà£~Ë¥x`oK|Ä?fxiØü%pìR>éò+Û±éÎ>núlFŤ'tq8LZÏvÃ?„¡ß±È⽆¯³íü@x|PöUäèØã¡ð‚ŒAìÏ"vÍwóŸÍ{ ý0.z È•Ö{,N¡£¡ŸKÕÙž>Ýœþ ÍÀ°<×EA!Å‚D™IúOÍ¡>ôG}Â` ÍßkÜL™Ž Þð™ {IøF²¹òQ3&!ÃÂÞz.d&Ï-sH¸,Ôõ˜ŽP€ 77ˆÝ¼ÊëÜw =cÕ Ú,ØÐ5ÎYÐ)ì´öœgŒ[¤ßv㙑8心>h]§µháYš£²ºÑ.{Ï7Sð•?´~×SÃKýJÛ˜ ™Íäiúu<µX¶1õ^kâçIÑ£sZ4h>j*ÔšD:4­¿_ ÷¸ Õxæÿ ¸?Mù _•­ÊÐ ä ÷ý ÑwL œ­ïnTkÛUÍN©ë:¦fV ¶ÜÔÜMªÅâA½–¿R×TXš-%iTÊT•‡Ù‚JôϐZxWÑè‰f‰òG º ×Õû2aZ7OU3[“×AT–ÞŒ…-‘¤”Ì ì&(ˆ¿­•ƒkï’:ðY¦W‘ Å)“†‘˜³Åtcø˜ñTÂwÚÇ4|üLÇªí–v- qˆèU qPE.†â‘˜µ Æ,ÐÅs]8¾„oúÑ i>ÜxxÈó)ƒ ´æÁâØ$À‰vžŸf$Ž |ãw;ÀÁIJ»b` {¦Ó¤Ú$©YÀ‘n@Óïž«9J¼êG m¤ ܯ¹ÌW4€ÐÒÅÛ‡#褕Ÿn-?í|с¥÷Ú¹¬'´ÞÜ9ÓK `hê£SÄSà?7—Wí_´…óB›»:=Ãïq`<8ñÓŒÑlú2d¬ê³£hÖ[l|$vÝro~'R®‰§°ñmY ͧäP |PUª¹·:3Œ[Û{Xÿ ºâ@‚W–Äé u‚ ¯´*=íή.pûÒdt @G‰¬ s¸ ëÉücr ÞæѨÊ@>¤¢Ö±. Þ'¯°ÌME[YéïĵÂCå½ Ué©Áû'Ê9%eÔðNU”ë‘ÌsD3/®+UI˜9h.WC”빓$#:pz:YÓ ¿xž* ³$Í +$kñAŠ‹†¢ Uê>¸)_š¬÷©ßAÂÔb9ÇU ¯¾á•9¯ÏÏ÷O÷¼¼Fähal1‰3Ì[Ïr•´UCksNÐ] R‘¸¥H+§Šé†c©vÖÞ0iÓ76s†î!§=ß ¼~Ô'°Ãmäoäš³ªøi1úÉ)³yV8 CLÄØÁ‘WYïi€H6ÖÑiámø^ÈY´°Ñ7¥Û*—Ñ©L«Qƒï—Ùrÿ ›£Ð*š¸ˆL©ˆ$ˆ ÷¾D§9È®«qbqC)–ˆïv´çñsÑVT­Ø, <àïºÀO«Jý·õ àfPìð .wFšir´þ’2_Y *Æ€x\« ì€9š@ Ž|F⇥ˆkZ@hÖÄ0t¿-<“‹qµ¾*ZL¤Ú)&BJpÓF5=$„at*Zš$’ÑtdûÝRI1 2Ž‰$€$I$#‰SÞ’Hë¬ï;Á$¡t$’`<(ñÇt)$‡Ð.Êf¢X’Kt=Éé$‚ˆªè¢oÝëòI%Rgcª÷ŠyI%¡‰ÿ !ñ)´õ $¤ Ô’IIGÿÙlocal comm = require "comm" local match = require "match" local stdnse = require "stdnse" local string = require "string" _ENV = stdnse.module("nbd", stdnse.seeall) --- -- An implementation of the Network Block Device protocol. -- https://github.com/NetworkBlockDevice/nbd/blob/master/doc/proto.md -- -- @author "Mak Kolybabi " -- @copyright Same as Nmap--See https://nmap.org/book/man-legal.html NBD = { magic = { init_passwd = string.char(0x4E, 0x42, 0x44, 0x4d, 0x41, 0x47, 0x49, 0x43), cliserv_magic_old = string.char(0x00, 0x00, 0x42, 0x02, 0x81, 0x86, 0x12, 0x53), cliserv_magic_new = string.char(0x49, 0x48, 0x41, 0x56, 0x45, 0x4F, 0x50, 0x54), option = string.char(0x00, 0x03, 0xE8, 0x89, 0x04, 0x55, 0x65, 0xA9), cmd_request = string.char(0x25, 0x60, 0x95, 0x13), cmd_reply = string.char(0x67, 0x44, 0x66, 0x98), }, handshake_flags = { FIXED_NEWSTYLE = 0x0001, NO_ZEROES = 0x0002, }, client_flags = { C_FIXED_NEWSTYLE = 0x00000001, C_NO_ZEROES = 0x00000002, }, transmission_flags = { HAS_FLAGS = 0x0001, READ_ONLY = 0x0002, SEND_FLUSH = 0x0004, SEND_FUA = 0x0008, ROTATIONAL = 0x0010, SEND_TRIM = 0x0020, SEND_WRITE_ZEROES = 0x0040, -- WRITE_ZEROES Extension SEND_DF = 0x0080, -- STRUCTURED_REPLY Extension }, opt_req_types = { EXPORT_NAME = 0x00000001, ABORT = 0x00000002, LIST = 0x00000003, PEEK_EXPORT = 0x00000004, -- PEEK_EXPORT Extension STARTTLS = 0x00000005, INFO = 0x00000006, -- INFO Extension GO = 0x00000007, -- INFO Extension STRUCTURED_REPLY = 0x00000008, -- STRUCTURED_REPLY Extension BLOCK_SIZE = 0x00000009, -- INFO Extension }, opt_rep_types = { ACK = 0x00000001, SERVER = 0x00000002, INFO = 0x00000003, -- INFO Extension ERR_UNSUP = 0x80000001, ERR_POLICY = 0x80000002, ERR_INVALID = 0x80000003, ERR_PLATFORM = 0x80000004, ERR_TLS_REQD = 0x80000005, ERR_UNKNOWN = 0x80000006, -- INFO Extension ERR_SHUTDOWN = 0x80000007, ERR_BLOCK_SIZE_REQD = 0x80000008, -- INFO Extension }, opt_rep_ext_types = { info = { EXPORT = 0x0000, NAME = 0x0001, DESCRIPTION = 0x0002, BLOCK_SIZE = 0x0003, }, }, cmd_req_flags = { FUA = 0x0001, NO_HOLE = 0x0002, -- WRITE_ZEROES Extension DF = 0x0004, -- STRUCTURED_REPLY Extension }, cmd_req_types = { READ = 0x0000, WRITE = 0x0001, DISC = 0x0002, FLUSH = 0x0003, TRIM = 0x0004, CACHE = 0x0005, -- XNBD custom request types WRITE_ZEROES = 0x0006, -- WRITE_ZEROES Extension }, errors = { EPERM = 0x00000001, EIO = 0x00000005, ENOMEM = 0x0000000C, EINVAL = 0x00000016, ENOSPC = 0x0000001C, EOVERFLOW = 0x0000004B, ESHUTDOWN = 0x0000006C, }, } Comm = { --- Creates a new client instance. -- -- @name Comm.new -- -- @param host Table as received by the action method. -- @param port Table as received by the action method. -- -- @return o Instance of Client. new = function(self, host, port) local o = {host = host, port = port, exports = {}} setmetatable(o, self) self.__index = self return o end, --- Connects to the NBD server. -- -- @name Comm.connect -- -- @return status true on success, false on failure. connect = function(self) -- NBD servers send a response when we connect. We are using -- tryssl here as a precaution since there are several -- implementations of the protocol and no reason it can't be -- wrapped. IANA has rejected assigning another port for NBD over -- TLS. local sd, err, proto, rep = comm.tryssl(self.host, self.port, "", {recv_before = true}) if not sd then return false, err end -- The socket connected successfully over whichever protocol. -- Store the connection information. self.socket = sd self.protocol = {ssl_tls = (proto == "ssl")} if #rep < 8 then stdnse.debug1("Failed to receive first 64 bits of magic from server: %s", rep) self:close() return false end -- We may have received 8-100+ bytes of data, depending on timing. To make -- the code simpler, we will seed a buffer to be used by this object's -- receive function until empty. self.receive_buffer = rep:sub(9) rep = rep:sub(1, 8) if rep ~= NBD.magic.init_passwd then stdnse.debug1("First 64 bits from server don't match expected magic: %s", stdnse.tohex(rep, {separator = ":"})) self:close() return false end local status, rep = self:receive(8) if not status then stdnse.debug1("Failed to receive second 64 bits of magic from server: %s", rep) return false end if rep == NBD.magic.cliserv_magic_new then self.protocol.negotiation = "newstyle" return self:connect_new() end if rep == NBD.magic.cliserv_magic_old then self.protocol.negotiation = "oldstyle" return self:connect_old() end self.protocol.negotiation = "unrecognized" stdnse.debug1("Second 64 bits from server don't match any known protocol magic: %s", stdnse.tohex(rep, {separator = ":"})) self:close() return true end, --- Cycles the connection to the server. -- -- @name Comm.reconnect -- -- @return status true on success, false on failure. reconnect = function(self) self:close() return self:connect(self.connect_options) end, --- Attaches to an named share on the server. -- -- @name Comm.attach -- -- @return status true on success, false on failure. attach = function(self, name) assert(self.protocol.negotiation == "newstyle" or self.protocol.negotiation == "fixed newstyle") assert(type(name) == "string") local req = self:build_opt_req("EXPORT_NAME", {export_name = name}) local status, err = self:send(req) if not status then stdnse.debug1("Failed to send attach request for '%s': %s", name, err) self:close() return end local status, size = self:receive(8) if not status then stdnse.debug1("Failed to receive response to attach request for '%s': %s", name, size) self:close() return end local size, pos = (">I8"):unpack(size) if pos ~= 9 then stdnse.debug1("Failed to unpack size of exported block device from server.") self:close() return false end local status, tflags = self:receive(2) if not status then stdnse.debug1("Failed to receive transmission flags from server while attaching to export: %s", tflags) self:close() return false end local tflags, pos = (">I2"):unpack(tflags) if pos ~= 3 then stdnse.debug1("Failed to unpack transmission flags from server.") self:close() return false end tflags = self:parse_transmission_flags(tflags) if self.protocol.zero_pad == "required" then local status, err = self:receive(124) if not status then stdnse.debug1("Failed to receive zero pad from server while attaching to export: %s", err) self:close() return false end end self.exports[name] = { size = size, tflags = tflags, } return true end, --- Sends data to the server -- -- @name Comm.send -- -- @param pkt String containing the bytes to send. -- -- @return status true on success, false on failure. -- @return err string containing the error message on failure. send = function(self, data) assert(type(data) == "string") return self.socket:send(data) end, --- Receives data from the server. -- -- @name Comm.receive -- -- @param len Number of bytes to receive. -- -- @return status True on success, false on failure. -- @return response String representing bytes received on success, -- string containing the error message on failure. receive = function(self, len) assert(type(len) == "number") -- Try to answer this request from the buffer. if #self.receive_buffer >= len then local rep = self.receive_buffer:sub(1, len) self.receive_buffer = self.receive_buffer:sub(len + 1) return true, rep end return self.socket:receive_buf(match.numbytes(len), true) end, --- Disconnects from the server. -- -- @name Comm.close close = function(self) assert(self.socket) self.socket:close() self.socket = nil end, --- Continue in-progress newstyle handshake with server. -- -- @name Comm.connect_new -- -- @param len Number of bytes to receive. -- -- @return status True on success, false on failure. -- @return response String representing bytes received on success, -- string containing the error message on failure. connect_new = function(self) local status, flags = self:receive(2) if not status then stdnse.debug1("Failed to receive handshake flags from server: %s", flags) self:close() return false end -- Receive and parse the handshake flags from the server, and use -- them to build the client flags. local hflags, pos = (">I2"):unpack(flags) if pos ~= 3 then stdnse.debug1("Failed to unpack handshake flags from server.") self:close() return false end local cflags = 0x0000 if hflags & NBD.handshake_flags.FIXED_NEWSTYLE then cflags = cflags | NBD.client_flags.C_FIXED_NEWSTYLE self.protocol.negotiation = "fixed newstyle" end self.protocol.zero_pad = "required" if hflags & NBD.handshake_flags.NO_ZEROES then cflags = cflags | NBD.client_flags.C_NO_ZEROES self.protocol.zero_pad = "optional" end -- Send the client flags to the server. local req = (">I4"):pack(cflags) local status, err = self:send(req) if not status then stdnse.debug1("Failed to send client flags: %s", err) self:close() return false end return true end, --- Continue in-progress oldstyle handshake with server. -- -- @name Comm.connect_old -- -- @return response String representing bytes received on success, -- string containing the error message on failure. connect_old = function(self) local status, size = self:receive(8) if not status then stdnse.debug1("Failed to receive size of exported block device from server: %s", size) self:close() return false end local size, pos = (">I8"):unpack(size) if pos ~= 9 then stdnse.debug1("Failed to unpack size of exported block device from server.") self:close() return false end local status, hflags = self:receive(4) if not status then stdnse.debug1("Failed to receive handshake flags from server: %s", hflags) self:close() return false end local hflags, pos = (">I4"):unpack(hflags) if pos ~= 5 then stdnse.debug1("Failed to unpack handshake flags from server.") self:close() return false end local status, pad = self:receive(124) if not status then stdnse.debug1("Failed to receive zero pad from server: %s", pad) self:close() return false end self.exports["(default)"] = { size = size, hflags = hflags, } return true end, --- Receives an option reply. -- -- @name Comm.receive_opt_rep -- -- @return reply Table representing option reply on success, false -- on failure. receive_opt_rep = function(self) -- Receive the static header of the option. local status, hdr = self:receive(20) if not status then stdnse.debug1("Failed to receive option reply header: %s", hdr) return false end local len, pos = (">I4"):unpack(hdr, 17) if pos ~= 21 then stdnse.debug1("Failed to parse option reply header during receive.") return false end local magic = hdr:sub(1, 8) if magic ~= NBD.magic.option then stdnse.debug1("First 64 bits of option reply don't match expected magic: %s", stdnse.tohex(magic, {separator = ":"})) return false end if len == 0 then return self:parse_opt_rep(hdr) end -- Receive the variable body of the option. local status, body = self:receive(len) if not status then stdnse.debug1("Failed to receive option reply: %s", body) return false end return self:parse_opt_rep(hdr .. body) end, --- Builds an option request. -- -- @name Comm.build_opt_req -- -- @param name String naming the option type. -- @param options Table containing options. -- -- @return req String representing the option request. build_opt_req = function(self, name, options) assert(type(name) == "string") if not options then options = {} end assert(type(options) == "table") local otype = NBD.opt_req_types[name] assert(otype) local payload = "" if name == "EXPORT_NAME" then assert(options.export_name) payload = options.export_name end return NBD.magic.cliserv_magic_new .. (">I4s4"):pack(otype, payload) end, --- Parses an option reply. -- -- @name Comm.parse_opt_rep -- -- @param buf String to be parsed. -- @param rep Table representing the fields of the reply that have -- already been parsed by the caller. -- -- @return reply Table representing option reply on success, false -- on failure. parse_opt_rep = function(self, buf) assert(type(buf) == "string") if 20 - 1 > #buf then stdnse.debug1("Buffer is too short to be parsed as an option reply.") return false end local magic, otype, rtype, rlen, pos = (">c8I4I4I4"):unpack(buf) if magic ~= NBD.magic.option then stdnse.debug1("First 64 bits of option reply don't match expected magic: %s", stdnse.tohex(magic, {separator = ":"})) return false end local otype_name = find_key(NBD.opt_req_types, otype) local rtype_name = find_key(NBD.opt_rep_types, rtype) local rep = { otype = otype, otype_name = otype_name, rtype = rtype, rtype_name = rtype_name, } if pos + rlen - 1 > #buf then stdnse.debug1("Option reply payload length extends past end of buffer.") return false end if rtype_name == "ACK" then return rep end if rtype_name == "SERVER" then if rlen < 4 then stdnse.debug1("SERVER option reply payload length must be 4 or greater, but is %d.", rlen) return false end local nlen, pos = (">I4"):unpack(buf, pos) if pos + nlen - 1 > #buf then stdnse.debug1("SERVER option reply payload name length extends past end of buffer.") return false end -- An empty name represents the default export. local name = "" if nlen > 0 then name = buf:sub(pos, pos + nlen - 1) pos = pos + nlen end rep.export_name = name return rep end return rep end, --- Parses the transmission flags describing an export. -- -- @name Comm.parse_transmission_flags -- -- @param flags Transmission flags sent by server. -- -- @return Table of parsed flags as keys. parse_transmission_flags = function(self, flags) assert(type(flags) == "number") -- This flag must always be set according to the standard. if (flags & NBD.transmission_flags.HAS_FLAGS) == 0 then stdnse.debug1("Transmission flags were not in a valid format, skipping.") return {} end local tbl = {} for k, v in pairs(NBD.transmission_flags) do if (flags & v) ~= 0 then tbl[k] = true end end return tbl end, } --- Finds a key corresponding with a value. -- -- @name find_key -- -- @param tbl Table in which to search. -- @param val Value to search for. -- -- @return key String on success, nil on failure find_key = function(tbl, val) assert(type(tbl) == "table") assert(val ~= nil) for k, v in pairs(tbl) do if v == val then return k end end return nil end return _ENV;