I recently had a need for a Drupal fingerprint NSE script for an engagement. Through some research I stumbled upon a promising NSE Lua script to get the job done. Unfortunately, it seems like the author ceased the support for this script and the script was never officially incorporated into the Nmap NSE library. I decided to try and use the script anyways.
Upon attempting to run the script via the Nmap engine, I encountered an "invalid escape sequence" error. Not possessing any Lua programming experience, this error stopped me dead in my tracks. I am hoping someone with Lua experience would be able to help troubleshoot what looks like may be a pretty simple fix to the problem.
The error code is as follows:
root#kali:~# nmap --script=http-drupal-fingerprint.nse --script-args http-drupal-fingerprint.base-url=/ www.placeholder.com
Starting Nmap 7.70 ( https://nmap.org ) at 2018-09-26 12:33 EDT
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:259: /usr/bin/../share/nmap/scripts/http-drupal-fingerprint.nse:47: invalid escape sequence near '"Drupal [4-7].'
stack traceback:
[C]: in function 'assert'
/usr/bin/../share/nmap/nse_main.lua:259: in upvalue 'loadscript'
/usr/bin/../share/nmap/nse_main.lua:601: in field 'new'
/usr/bin/../share/nmap/nse_main.lua:828: in local 'get_chosen_scripts'
/usr/bin/../share/nmap/nse_main.lua:1315: in main chunk
[C]: in ?
QUITTING!
The script was imported into the NSE library as so:
curl -ksL https://raw.githubusercontent.com/r3dh4nds/NSE-Drupal-Fingerprint/master/http-drupal-fingerprint.nse >> /usr/share/nmap/scripts/http-drupal-fingerprint.nse && chmod 0644 /usr/share/nmap/scripts/http-drupal-fingerprint.nse
I am including the original source of the script from SecLists:
https://seclists.org/nmap-dev/2011/q2/490
Any help much appreciated! (Sorry if this question is somehow not formatted correctly, first post)
Drupal detection in Nmap is now done with the http-enum script. You can add --script-args http-enum.category=cms to limit the number of enumeration probes sent to only those which would detect Drupal. You may also be interested in the http-drupal-enum and http-drupal-enum-users scripts, as well as http-form-brute which can brute-force Drupal authentication.
As I suspected it was a simple fix. Removed the invalid escape sequences at:
local expression = "Drupal [4-7]\.[0-9][0-9]?\.?[0-9], "
to
local expression = "Drupal [4-7].[0-9][0-9]?.?[0-9], "
and got rid of that error.
Related
I have Vim 8.0.1365 with Vlime plugin (065b95f) installed and an SBCL (1.2.11) session with the start-vlime.lisp loaded, running on macOS 10.14.6 (18G87).
When I connect from Vim using \cc, the SBCL session shows vlime-sbcl - New connection from #<AIO-SBCL:AIO-FD {10048DFD63} (so the connection works) but then the debugger is invoked with an SB-KERNEL:PARSE-UNKNOWN-TYPE condition signalled.
The debugger restarts are:
0: [REMOVE-FD-HANDLER] Remove #<SB-IMPL::HANDLER INPUT on descriptor 6: #<FUNCTION AIO-SBCL::SOCKET-INPUT-CB>>
1: [ABORT ] Exit debugger, returning to top level.
(VLIME-SBCL::SOCKET-ERROR-CB #<unavailable argument> #<SB-KERNEL:PARSE-UNKNOWN-TYPE {1004BE9B23}>)
I've tried both restart options. Removing the handler gives no response, and aborting returns SBCL to the * prompt.
The connection appears to exist in Vim (though there is no success message) and can be selected when using the \ss command (I tested on (+ 3 3)).
The SWANK window just displays a -- for each use of \ss and an error message below shows:
Error detected while processing function vlime#plugin#SendToREPL[100]..vlime#ui#input#MaybeInput[33]..<SNR>42_CheckInputValidity[2]..<SNR>32_SendToREPLInputComplete:
line 2:
E716: Key not present in Dictionary: ListenerEval, [a:content, function('s:OnListenerEvalComplete')]))
E116: Invalid arguments for function(a:conn.ListenerEval, [a:content, function('s:OnListenerEvalComplete')]))
E116: Invalid arguments for function vlime#WithThread
I don't have much experience with SBCL or Lisp - this is basically a hurdle at the starting line.
What does the first restart option mean?
The PARSE-UNKNOWN-TYPE condition seems uncommon from a Google search, and not at all in relation to Vlime. What are some next steps I can take to work this out?
(Posting the comment as an answer)
A common source of error when dealing with client/server protocols is a mismatch in versions for the different parts involved. The gihub page for vlime lists dependencies and supported implementations, I'd start from there.
Also, try starting sbcl in a standalone terminal (first install quicklisp, use "rlwrap sbcl" for readline support) and then load Swank manually:
(ql:quickload :swank)
Create a server
(swank:create-server :port 4005)
And connect to it, so you can still debug errors from the terminal if there are problems with the client/server interface.
Update 2
I think #faré is right, it's an output translation problem.
So I declared the evironment variable ASDF_OUTPUT_TRANSLATIONS and set it to E:/. Now (asdf:require-system "my-system") yields a different error: Uneven number of components in source to destination mapping: "E:/" which led me to this SO-topic.
Unfortunately, his solution doesn't work for me. So I tried the other answer and set ASDF_OUTPUT_TRANSLATIONS to (:output-translations (t "E:/")). Now I get yet another error:
Invalid source registry (:OUTPUT-TRANSLATIONS (T "E:/")).
One and only one of
:INHERIT-CONFIGURATION or
:IGNORE-INHERITED-CONFIGURATION
is required.
(will be skipped)
Original Posting
I have a simple system definition but can't get ASDF to load it.
(asdf-version 3.1.5, sbcl 1.3.12 (upgraded to 1.3.18 AMD64), slime 2.19, Windows 10)
What I have tried so far
Following the ASDF manual: "4.1 Configuring ASDF to find your systems"
There it says:
For Windows users, and starting with ASDF 3.1.5, start from your
%LOCALAPPDATA%, which is usually ~/AppData/Local/ (but you can ask in
a CMD.EXE terminal echo %LOCALAPPDATA% to make sure) and underneath
create a subpath config/common-lisp/source-registry.conf.d/
That's exactly what I did:
Echoing %LOCALAPPDATA% which evaluates to C:\Users\my-username\AppData\Local
Underneath I created the subfolders config\common-lisp\source-registry.conf.d\ (In total: C:\Users\my-username\AppData\Local\config\common-lisp\source-registry.conf.d\
The manual continues:
there create a file with any name of your choice but with the type conf, for instance 50-luser-lisp.conf; in this file, add the following line to tell ASDF to recursively scan all the subdirectories under /home/luser/lisp/ for .asd files: (:tree "/home/luser/lisp/")
That’s enough. You may replace /home/luser/lisp/ by wherever you want to install your source code.
In the source-registry.conf.d folder I created the file my.conf and put in it (:tree "C:/Users/my-username/my-systems/"). This folder contains a my-system.asd.
And here comes the weird part:
If I now type (asdf:require-system "my-system") in the REPL I get the following error:
Can't create directory C:\Users\my-username\AppData\Local\common-lisp\sbcl-1.3.12-win-x86\C\Users\my-username\my-systems\C:\
So the problem is not that ASDF doesn't find the file, it does -- but (whatever the reason) it tries to create a really weird subfolder hierarchy which ultimately fails because at the end it tries to create the folder C: but Windows doesn't allow foldernames containing a colon.
Another approach: (push path asdf:*central-registry*)
If I try
> (push #P"C:/Users/my-username/my-systems/" asdf:*central-registry*)
(#P"C:/Users/my-username/my-systems/"
#P"C:/Users/my-username/AppData/Roaming/quicklisp/quicklisp/")
> (asdf:require-system "my-system")
I get the exact same error.
I don't know what to do.
Update
Because of the nature of the weird path ASDF was trying to create I thought maybe I could bypass the problem by specifying a relative path instead of an absolute one.
So I tried
(:tree "\\Users\\my-username\\my-systems")
in my conf file. Still the same error.
Ahem. It looks like an output-translations problem.
I don't have a Windows machine right now, but this all used to work last time I tried.
Can you setup some ad hoc output-translations for now that will make it work?
I'm trying to set up Lighttpd + lua + fastcgi to run web interface on an embedded MIPS board. But the important part here, I guess is Lua.
When trying to run /usr/local/bin/wsapi.fcgi (which is lua script) I get this error:
/usr/bin/lua: error loading module 'lfcgi' from file '/usr/local/lib/lua/5.1/lfcgi.so':
File not found
stack traceback:
[C]: ?
[C]: in function 'require'
/usr/local/share/lua/5.1/wsapi/fastcgi.lua:9: in main chunk
[C]: in function 'require'
/usr/local/bin/wsapi.fcgi:9: in main chunk
[C]: ?
Which is really strange, because ls shows that file is there and all permissions are ok:
# ls -l /usr/local/lib/lua/5.1/lfcgi.so
-rwxr-xr-x 1 0 0 21152 /usr/local/lib/lua/5.1/lfcgi.so
And which is more frustrating, if I actually remove the file, lua shows a different error, which means that first error wasn't really caused by lua unable to locate file properly.
So I'm a bit lost here, looks like the error message is misleading and problem isn't really the file being not found, but what...
P.S. The error comes from file wsapi/fastcgi.lua, from line 9 which looks like this:
local lfcgi = require"lfcgi"
- maybe there is something wrong with require syntax? I'm no expert in lua so I can't tell.
Ok, I figured it out. It turned out to be a missing dependency, as #Ctx suggested.
readelf -d lfcgi.so | grep NEEDED
shows that it needs libfcgi.so.0 which is a symlink to libfcgi.so and I only have the last one, not the symlink.
After creating the symlink it is working now (actually it comes with another error, but it is a different story :P).
By the way - the error message is really confusing - it looks like the file lfcgi.so is missing, when in fact it is one of its dependencies that is causing the problem.
I have always used erlang stdlib library zip:unzip/1 successfully. Last night i hit a bar with this error:
E:\WimaxStatsParser-1.1>erl
Eshell V5.9.2 (abort with ^G)
1> zip:unzip("e:/WimaxStatsParser-1.1/in/SomeZipFile.zip").
{error,bad_central_directory}
2>
Some one help explain the cause for this ? and how i get around it ?
ADDITIONS
I got some other error on another file: {error,bad_eocd}. Please explain this as well.
I am not able to reproduce your problem with the information you give. There are 2 functions that may send this error:
get_cd_loop/5 and get_name_extra_comment/4 in stdlib-1.18.2/src/zip.erl .
it should be easy to debug
copy the file zip.erl, zip.hrl, file.hrl in a working directory,
compile with debug_info option, you will get the error message "Can't load module that resides in sticky dir", leave the VM
copy zip.beam in the stdlib.../ebin
restart the VM in the working directory, you can now add breakpoint in the zip.erl source.
BR
Pascal.
I am trying to evaluate the answer provided here, and am getting the error: "A file with name ASDF-INSTALL does not exist" when using clisp:
dsm#localhost:~$ clisp -q
[1]> (require :asdf-install)
*** - LOAD: A file with name ASDF-INSTALL does not exist
The following restarts are available:
ABORT :R1 ABORT
Break 1 [2]> :r1
[3]> (quit)
dsm#localhost:~$
cmucl throws a similar error:
dsm#localhost:~$ cmucl -q
Warning: #<Command Line Switch "q"> is an illegal switch
CMU Common Lisp CVS release-19a 19a-release-20040728 + minimal debian patches, running on crap-pile
With core: /usr/lib/cmucl/lisp.core
Dumped on: Sat, 2008-09-20 20:11:54+02:00 on localhost
For support see http://www.cons.org/cmucl/support.html Send bug reports to the debian BTS.
or to pvaneynd#debian.org
type (help) for help, (quit) to exit, and (demo) to see the demos
Loaded subsystems:
Python 1.1, target Intel x86
CLOS based on Gerd's PCL 2004/04/14 03:32:47
* (require :asdf-install)
Error in function REQUIRE: Don't know how to load ASDF-INSTALL
[Condition of type SIMPLE-ERROR]
Restarts:
0: [ABORT] Return to Top-Level.
Debug (type H for help)
(REQUIRE :ASDF-INSTALL NIL)
Source:
; File: target:code/module.lisp
(ERROR "Don't know how to load ~A" MODULE-NAME)
0] (quit)
dsm#localhost:~$
But sbcl works perfectly:
dsm#localhost:~$ sbcl -q
This is SBCL 1.0.11.debian, an implementation of ANSI Common Lisp.
More information about SBCL is available at <http://www.sbcl.org/>.
SBCL is free software, provided as is, with absolutely no warranty.
It is mostly in the public domain; some portions are provided under
BSD-style licenses. See the CREDITS and COPYING files in the
distribution for more information.
* (require :asdf-install)
; loading system definition from
; /usr/lib/sbcl/sb-bsd-sockets/sb-bsd-sockets.asd into #<PACKAGE "ASDF0">
; registering #<SYSTEM SB-BSD-SOCKETS {AB01A89}> as SB-BSD-SOCKETS
; registering #<SYSTEM SB-BSD-SOCKETS-TESTS {AC67181}> as SB-BSD-SOCKETS-TESTS
("SB-BSD-SOCKETS" "ASDF-INSTALL")
* (quit)
Any ideas on how to fix this? I found this post on the internet, but using that didn't work either.
The instructions you got mentioned SBCL explicitely, so it's expected that they'll work better using SBCL, I suppose. Some other Lisps don't come with ASDF or don't hook it up to CL:REQUIRE. In the former case, you'll have load ASDF yourself beforehand. In the latter case, you'll need to call (asdf:oos 'asdf:load-op ) instead of (require ).
wget http://cclan.cvs.sourceforge.net/checkout/cclan/asdf/asdf.lisp
It worth checking out clbuild. http://common-lisp.net/project/clbuild/
To get a lisp webserver up and running. You only need:
darcs get http://common-lisp.net/project/clbuild/clbuild
cd clbuild
chmod +x ./clbuild
./clbuild check
./clbuild build slime hunchentoot
./clbuild preloaded
Now a lisp repl will start. There you write:
* (hunchentoot:start-server :port 8080)
Testing that the server answer:
wget -O - http://localhost:8080/
<html><head><title>Hunchentoot</title></head>
<body><h2>Hunchentoot Default Page</h2>
<p>This is the Hunchentoot default page....
try this before anything else:
(require :asdf)
you can steal some ideas from the environment we use. it's available at: darcsweb
see environment.lisp that loads and sets up asdf for us. (sbcl has asdf already loaded)
use clc:clc-require in clisp. Refer to 'man common-lisp-controller'. I had the same error in clisp and resolved it by using clc:clc-require. sbcl works fine with just require though.