开源软件构建与测试

We truncated the diff of some files because they were too big. If you want to see the full diff for every file, click here.

Changes of Revision 3

_service:tar_scm:nmap.spec Changed

_service:tar_scm:remove-password-printing.patch Added

@@ -0,0 +1,200 @@
+From fe806cf15853ecdf6fed2af57f21cf55e3b388b8 Mon Sep 17 00:00:00 2001
+From: gaoxingwang <gaoxingwang1@huawei.com>
+Date: Tue, 31 Jan 2023 16:47:32 +0800
+Subject: PATCH remove password printing
+
+---
+ scripts/broadcast-ospf2-discover.nse |  2 +-
+ scripts/cassandra-brute.nse          | 14 +++++++-------
+ scripts/cics-user-brute.nse          |  2 +-
+ scripts/ldap-brute.nse               | 12 ++++++------
+ scripts/nje-pass-brute.nse           |  2 +-
+ scripts/oracle-brute.nse             |  2 +-
+ scripts/tso-brute.nse                |  4 ++--
+ 7 files changed, 19 insertions(+), 19 deletions(-)
+
+diff --git a/scripts/broadcast-ospf2-discover.nse b/scripts/broadcast-ospf2-discover.nse
+index ad3fca0..b33c366 100644
+--- a/scripts/broadcast-ospf2-discover.nse
++++ b/scripts/broadcast-ospf2-discover.nse
+@@ -124,7 +124,7 @@ local ospfDumpHello = function(hello)
+   stdnse.print_debug(2, "| Checksum:          %s", hello.header.chksum)
+   stdnse.print_debug(2, "| Auth Type:         %s", hello.header.auth_type)
+   if hello.header.auth_type == 0x01 then
+-    stdnse.print_debug(2, "| Auth Password:     %s", hello.header.auth_data.password)
++    -- stdnse.print_debug(2, "| Auth Password:     %s", hello.header.auth_data.password)
+   elseif hello.header.auth_type == 0x02 then
+     stdnse.print_debug(2, "| Auth Crypt Key ID: %s", hello.header.auth_data.keyid)
+     stdnse.print_debug(2, "| Auth Data Length:  %s", hello.header.auth_data.length)
+diff --git a/scripts/cassandra-brute.nse b/scripts/cassandra-brute.nse
+index 8363c65..c2dd124 100644
+--- a/scripts/cassandra-brute.nse
++++ b/scripts/cassandra-brute.nse
+@@ -54,21 +54,21 @@ Driver = {
+     local status, err = self.socket:send(string.pack(">I4", #loginstr))
+     local combo = username..":"..password
+     if ( not(status) ) then
+-      local err = brute.Error:new( "couldn't send length:"..combo )
++      local err = brute.Error:new( "couldn't send length:" )
+       err:setAbort( true )
+       return false, err
+     end
+ 
+     status, err = self.socket:send(loginstr)
+     if ( not(status) ) then
+-      local err = brute.Error:new( "couldn't send login packet: "..combo )
++      local err = brute.Error:new( "couldn't send login packet: " )
+       err:setAbort( true )
+       return false, err
+     end
+ 
+     local status, response = self.socket:receive_bytes(22)
+     if ( not(status) ) then
+-      local err = brute.Error:new( "couldn't receive login reply size: "..combo )
++      local err = brute.Error:new( "couldn't receive login reply size: " )
+       err:setAbort( true )
+       return false, err
+     end
+@@ -78,16 +78,16 @@ Driver = {
+     magic = string.sub(response,18,22)
+ 
+     if (magic == cassandra.LOGINSUCC) then
+-      stdnse.debug3("Account SUCCESS: "..combo)
++      stdnse.debug3("Account SUCCESS: ")
+       return true, creds.Account:new(username, password, creds.State.VALID)
+     elseif (magic == cassandra.LOGINFAIL) then
+-      stdnse.debug3("Account FAIL: "..combo)
++      stdnse.debug3("Account FAIL: ")
+       return false, brute.Error:new( "Incorrect password" )
+     elseif (magic == cassandra.LOGINACC) then
+-      stdnse.debug3("Account VALID, but wrong password: "..combo)
++      stdnse.debug3("Account VALID, but wrong password: ")
+       return false, brute.Error:new( "Good user, bad password" )
+     else
+-      stdnse.debug3("Unrecognized packet for "..combo)
++      stdnse.debug3("Unrecognized packet for ")
+       stdnse.debug3("packet hex: %s", stdnse.tohex(response) )
+       stdnse.debug3("size packet hex: %s", stdnse.tohex(size) )
+       stdnse.debug3("magic packet hex: %s", stdnse.tohex(magic) )
+diff --git a/scripts/cics-user-brute.nse b/scripts/cics-user-brute.nse
+index 768813e..559d752 100644
+--- a/scripts/cics-user-brute.nse
++++ b/scripts/cics-user-brute.nse
+@@ -176,7 +176,7 @@ Driver = {
+            self.tn3270:find('TSS7000I')  or
+            self.tn3270:find('TSS7110E Password Has Expired. New Password Missing')  or
+            self.tn3270:find('TSS7001I')  then
+-      stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
++      -- stdnse.verbose("Valid CICS UserID / Password: " .. user .. "/" .. pass)
+       return true, creds.Account:new(user, pass, creds.State.VALID)
+     else
+       -- ok whoa, something happened, print the screen but don't store as valid
+diff --git a/scripts/ldap-brute.nse b/scripts/ldap-brute.nse
+index b239525..085e3a0 100644
+--- a/scripts/ldap-brute.nse
++++ b/scripts/ldap-brute.nse
+@@ -233,7 +233,7 @@ action = function( host, port )
+       -- Login correct, account disabled
+       if not status and response:match("AcceptSecurityContext error, data 533,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
++        -- stdnse.verbose2("%s:%s => Valid credentials, account disabled", fq_username, password:len()>0 and password or "<empty>" )
+         credTable:add(fq_username,password, creds.State.DISABLED_VALID)
+         break
+       end
+@@ -241,7 +241,7 @@ action = function( host, port )
+       -- Login correct, user must change password
+       if not status and response:match("AcceptSecurityContext error, data 773,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, password must be changed at next logon", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.CHANGEPW)
+         break
+       end
+@@ -249,7 +249,7 @@ action = function( host, port )
+       -- Login correct, user account expired
+       if not status and response:match("AcceptSecurityContext error, data 701,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, account expired", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.EXPIRED)
+         break
+       end
+@@ -257,7 +257,7 @@ action = function( host, port )
+       -- Login correct, user account logon time restricted
+       if not status and response:match("AcceptSecurityContext error, data 530,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in at current time", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.TIME_RESTRICTED)
+         break
+       end
+@@ -265,7 +265,7 @@ action = function( host, port )
+       -- Login correct, user account can only log in from certain workstations
+       if not status and response:match("AcceptSecurityContext error, data 531,") then
+         table.insert( valid_accounts, string.format("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>" ) )
+-        stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
++        -- stdnse.verbose2("%s:%s => Valid credentials, account cannot log in from current host", fq_username, password:len()>0 and password or "<empty>")
+         credTable:add(fq_username,password, creds.State.HOST_RESTRICTED)
+         break
+       end
+@@ -275,7 +275,7 @@ action = function( host, port )
+         status = is_valid_credential( socket, context )
+         if status then
+           table.insert( valid_accounts, string.format("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>" ) )
+-          stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
++          -- stdnse.verbose2("%s:%s => Valid credentials", fq_username, password:len()>0 and password or "<empty>")
+           -- Add credentials for other ldap scripts to use
+           if nmap.registry.ldapaccounts == nil then
+             nmap.registry.ldapaccounts = {}
+diff --git a/scripts/nje-pass-brute.nse b/scripts/nje-pass-brute.nse
+index 5cb29f6..1213906 100644
+--- a/scripts/nje-pass-brute.nse
++++ b/scripts/nje-pass-brute.nse
+@@ -113,7 +113,7 @@ Driver = {
+     -- When we send an 'I' record, if the password is invalid it will reply with a 'B' record
+     -- B in EBCDIC is 0xC2
+     if data:sub(19,19) ~= "\xc2" then
+-      stdnse.verbose(2,"Valid NJE Password: %s", password)
++      -- stdnse.verbose(2,"Valid NJE Password: %s", password)
+       return true, creds.Account:new("Password", password, creds.State.VALID)
+     end
+     return false, brute.Error:new( "Invalid Password" )
+diff --git a/scripts/oracle-brute.nse b/scripts/oracle-brute.nse
+index 8a94987..1fb4b0e 100644
+--- a/scripts/oracle-brute.nse
++++ b/scripts/oracle-brute.nse
+@@ -156,7 +156,7 @@ Driver =
+       return true, creds.Account:new(username .. " as sysdba", password, creds.State.VALID)
+     -- check for any other message
+     elseif ( data:match("ORA-%d+")) then
+-      stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
++      -- stdnse.debug3("username: %s, password: %s, error: %s", username, password, data )
+       return false, brute.Error:new(data)
+     -- any other errors are likely communication related, attempt to re-try
+     else
+diff --git a/scripts/tso-brute.nse b/scripts/tso-brute.nse
+index ff52c0c..2690a13 100644
+--- a/scripts/tso-brute.nse
++++ b/scripts/tso-brute.nse
+@@ -99,7 +99,7 @@ Driver = {
+     local skip = self.options'skip'
+     stdnse.debug(2,"Getting to TSO")
+     local run = stringaux.strsplit(";%s*", commands)
+-    stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
++    -- stdnse.verbose(2,"Trying User ID/Password: %s/%s", user, pass)
+     for i = 1, #run do
+       stdnse.debug(2,"Issuing Command (#%s of %s): %s", i, #run ,runi)
+       if i == #run and runi:upper():find("LOGON APPLID") and skip then
+@@ -159,7 +159,7 @@ Driver = {
+       return false,  brute.Error:new( "User ID not authorized to use TSO" )
+     else
+       -- It's a valid account so lets try a password
+-      stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
++      -- stdnse.debug(2,"%s is a valid TSO User ID. Trying Password: %s", string.upper(user), pass)
+       if always_logon then
+         local writeable = self.tn3270:writeable()
+         -- This turns on the 'reconnect' which may boot users off
+-- 
+2.33.0

_service Changed