PageRenderTime 42ms CodeModel.GetById 10ms RepoModel.GetById 0ms app.codeStats 0ms

/nselib/smtp.lua

https://github.com/prakashgamit/nmap
Lua | 675 lines | 448 code | 68 blank | 159 comment | 64 complexity | 624f8f41bf500d0a6a438c434b2dc320 MD5 | raw file
Possible License(s): BSD-3-Clause, GPL-2.0, LGPL-2.0, LGPL-2.1 
    

  1. ---
    2. 

  2. -- Simple Mail Transfer Protocol (SMTP) operations.
    3. 

  3. --
    4. 

  4. -- @copyright Same as Nmap--See http://nmap.org/book/man-legal.html
    5. 

  5. 

  6. local base64 = require "base64"
    7. 

  7. local comm = require "comm"
    8. 

  8. local nmap = require "nmap"
    9. 

  9. local sasl = require "sasl"
    10. 

  10. local stdnse = require "stdnse"
    11. 

  11. local string = require "string"
    12. 

  12. local table = require "table"
    13. 

  13. _ENV = stdnse.module("smtp", stdnse.seeall)
    14. 

  14. 

  15. local ERROR_MESSAGES = {
    16. 

  16.   ["EOF"]     = "connection closed",
    17. 

  17.   ["TIMEOUT"] = "connection timeout",
    18. 

  18.   ["ERROR"]   = "failed to receive data"
    19. 

  19. }
    20. 

  20. 

  21. local SMTP_CMD = {
    22. 

  22.   ["EHLO"] = {
    23. 

  23.     cmd = "EHLO",
    24. 

  24.     success = {
    25. 

  25.       [250] = "Requested mail action okay, completed",
    26. 

  26.     },
    27. 

  27.     errors = {
    28. 

  28.       [421] = "<domain> Service not available, closing transmission channel",
    29. 

  29.       [500] = "Syntax error, command unrecognised",
    30. 

  30.       [501] = "Syntax error in parameters or arguments",
    31. 

  31.       [504] = "Command parameter not implemented",
    32. 

  32.       [550] = "Not implemented",
    33. 

  33.     },
    34. 

  34.   },
    35. 

  35.   ["HELP"] = {
    36. 

  36.     cmd = "HELP",
    37. 

  37.     success = {
    38. 

  38.       [211] = "System status, or system help reply",
    39. 

  39.       [214] = "Help message",
    40. 

  40.     },
    41. 

  41.     errors = {
    42. 

  42.       [500] = "Syntax error, command unrecognised",
    43. 

  43.       [501] = "Syntax error in parameters or arguments",
    44. 

  44.       [502] = "Command not implemented",
    45. 

  45.       [504] = "Command parameter not implemented",
    46. 

  46.       [421] = "<domain> Service not available, closing transmission channel",
    47. 

  47.     },
    48. 

  48.   },
    49. 

  49.   ["AUTH"] = {
    50. 

  50.     cmd = "AUTH",
    51. 

  51.     success = {[334] = ""},
    52. 

  52.     errors = {
    53. 

  53.       [501] = "Authentication aborted",
    54. 

  54.     },
    55. 

  55.   },
    56. 

  56.   ["MAIL"] = {
    57. 

  57.     cmd = "MAIL",
    58. 

  58.     success = {
    59. 

  59.       [250] = "Requested mail action okay, completed",
    60. 

  60.     },
    61. 

  61.     errors = {
    62. 

  62.       [451] = "Requested action aborted: local error in processing",
    63. 

  63.       [452] = "Requested action not taken: insufficient system storage",
    64. 

  64.       [500] = "Syntax error, command unrecognised",
    65. 

  65.       [501] = "Syntax error in parameters or arguments",
    66. 

  66.       [421] = "<domain> Service not available, closing transmission channel",
    67. 

  67.       [552] = "Requested mail action aborted: exceeded storage allocation",
    68. 

  68.     },
    69. 

  69.   },
    70. 

  70.   ["RCPT"] = {
    71. 

  71.     cmd = "RCPT",
    72. 

  72.     success = {
    73. 

  73.       [250] = "Requested mail action okay, completed",
    74. 

  74.       [251] = "User not local; will forward to <forward-path>",
    75. 

  75.     },
    76. 

  76.     errors = {
    77. 

  77.       [450] = "Requested mail action not taken: mailbox unavailable",
    78. 

  78.       [451] = "Requested action aborted: local error in processing",
    79. 

  79.       [452] = "Requested action not taken: insufficient system storage",
    80. 

  80.       [500] = "Syntax error, command unrecognised",
    81. 

  81.       [501] = "Syntax error in parameters or arguments",
    82. 

  82.       [503] = "Bad sequence of commands",
    83. 

  83.       [521] = "<domain> does not accept mail [rfc1846]",
    84. 

  84.       [421] = "<domain> Service not available, closing transmission channel",
    85. 

  85.     },
    86. 

  86.   },
    87. 

  87.   ["DATA"] = {
    88. 

  88.     cmd = "DATA",
    89. 

  89.     success = {
    90. 

  90.       [250] = "Requested mail action okay, completed",
    91. 

  91.       [354] = "Start mail input; end with <CRLF>.<CRLF>",
    92. 

  92.     },
    93. 

  93.     errors = {
    94. 

  94.       [451] = "Requested action aborted: local error in processing",
    95. 

  95.       [554] = "Transaction failed",
    96. 

  96.       [500] = "Syntax error, command unrecognised",
    97. 

  97.       [501] = "Syntax error in parameters or arguments",
    98. 

  98.       [503] = "Bad sequence of commands",
    99. 

  99.       [421] = "<domain> Service not available, closing transmission channel",
    100. 

  100.       [552] = "Requested mail action aborted: exceeded storage allocation",
    101. 

  101.       [554] = "Transaction failed",
    102. 

  102.       [451] = "Requested action aborted: local error in processing",
    103. 

  103.       [452] = "Requested action not taken: insufficient system storage",
    104. 

  104.     },
    105. 

  105.   },
    106. 

  106.   ["STARTTLS"] = {
    107. 

  107.     cmd = "STARTTLS",
    108. 

  108.     success = {
    109. 

  109.       [220] = "Ready to start TLS"
    110. 

  110.     },
    111. 

  111.     errors = {
    112. 

  112.       [501] = "Syntax error (no parameters allowed)",
    113. 

  113.       [454] = "TLS not available due to temporary reason",
    114. 

  114.     },
    115. 

  115.   },
    116. 

  116.   ["RSET"] = {
    117. 

  117.     cmd = "RSET",
    118. 

  118.     success = {
    119. 

  119.       [200] = "nonstandard success response, see rfc876)",
    120. 

  120.       [250] = "Requested mail action okay, completed",
    121. 

  121.     },
    122. 

  122.     errors = {
    123. 

  123.       [500] = "Syntax error, command unrecognised",
    124. 

  124.       [501] = "Syntax error in parameters or arguments",
    125. 

  125.       [504] = "Command parameter not implemented",
    126. 

  126.       [421] = "<domain> Service not available, closing transmission channel",
    127. 

  127.     },
    128. 

  128.   },
    129. 

  129.   ["VRFY"] = {
    130. 

  130.     cmd = "VRFY",
    131. 

  131.     success = {
    132. 

  132.       [250] = "Requested mail action okay, completed",
    133. 

  133.       [251] = "User not local; will forward to <forward-path>",
    134. 

  134.     },
    135. 

  135.     errors = {
    136. 

  136.       [500] = "Syntax error, command unrecognised",
    137. 

  137.       [501] = "Syntax error in parameters or arguments",
    138. 

  138.       [502] = "Command not implemented",
    139. 

  139.       [504] = "Command parameter not implemented",
    140. 

  140.       [550] = "Requested action not taken: mailbox unavailable",
    141. 

  141.       [551] = "User not local; please try <forward-path>",
    142. 

  142.       [553] = "Requested action not taken: mailbox name not allowed",
    143. 

  143.       [421] = "<domain> Service not available, closing transmission channel",
    144. 

  144.     },
    145. 

  145.   },
    146. 

  146.   ["EXPN"] = {
    147. 

  147.     cmd = "EXPN",
    148. 

  148.     success = {
    149. 

  149.       [250] = "Requested mail action okay, completed",
    150. 

  150.     },
    151. 

  151.     errors = {
    152. 

  152.       [550] = "Requested action not taken: mailbox unavailable",
    153. 

  153.       [500] = "Syntax error, command unrecognised",
    154. 

  154.       [501] = "Syntax error in parameters or arguments",
    155. 

  155.       [502] = "Command not implemented",
    156. 

  156.       [504] = "Command parameter not implemented",
    157. 

  157.       [421] = "<domain> Service not available, closing transmission channel",
    158. 

  158.     },
    159. 

  159.   },
    160. 

  160. }
    161. 

  161. ---
    162. 

  162. -- Returns a domain to be used in the SMTP commands that need it. If the
    163. 

  163. -- user specified one through the script argument <code>smtp.domain</code>
    164. 

  164. -- this function will return it. Otherwise it will try to find the domain
    165. 

  165. -- from the typed hostname and from the rDNS name. If it still can't find 
    166. 

  166. -- one it will return the nmap.scanme.org by default.
    167. 

  167. --
    168. 

  168. -- @param host The host table
    169. 

  169. -- @return The hostname to be used by the different SMTP commands.
    170. 

  170. get_domain = function(host)
    171. 

  171.   local nmap_domain = "nmap.scanme.org"
    172. 

  172. 

  173.   -- Use the user provided options.
    174. 

  174.   local result = stdnse.get_script_args("smtp.domain")
    175. 

  175.   if not result then
    176. 

  176.     if type(host) == "table" then
    177. 

  177.       if host.targetname then
    178. 

  178.         result = host.targetname
    179. 

  179.       elseif (host.name and #host.name ~= 0) then
    180. 

  180.         result = host.name
    181. 

  181.       end
    182. 

  182.     end
    183. 

  183.   end
    184. 

  184. 

  185.   return result or nmap_domain
    186. 

  186. end
    187. 

  187. 

  188. --- Gets the authentication mechanisms that are listed in the response
    189. 

  189. -- of the client's EHLO command.
    190. 

  190. --
    191. 

  191. -- @param response The response of the client's EHLO command.
    192. 

  192. -- @return An array of authentication mechanisms on success, or nil
    193. 

  193. --         when it can't find authentication.
    194. 

  194. get_auth_mech = function(response)
    195. 

  195.   local list = {}
    196. 

  196. 

  197.   for _, line in pairs(stdnse.strsplit("\r?\n", response)) do
    198. 

  198.     local authstr = line:match("%d+%-AUTH%s(.*)$")
    199. 

  199.     if authstr then
    200. 

  200.       for mech in authstr:gmatch("[^%s]+") do
    201. 

  201.         table.insert(list, mech)
    202. 

  202.       end
    203. 

  203.       return list
    204. 

  204.     end
    205. 

  205.   end
    206. 

  206. 

  207.   return nil
    208. 

  208. end
    209. 

  209. 

  210. --- Checks the SMTP server reply to see if it supports the previously
    211. 

  211. -- sent SMTP command.
    212. 

  212. --
    213. 

  213. -- @param cmd The SMTP command that was sent to the server
    214. 

  214. -- @param reply The SMTP server reply
    215. 

  215. -- @return true if the reply indicates that the SMTP command was
    216. 

  216. --         processed by the server correctly, or false on failures.
    217. 

  217. -- @return message The reply returned by the server on success, or an
    218. 

  218. --         error message on failures.
    219. 

  219. check_reply = function(cmd, reply)
    220. 

  220.   local code, msg = string.match(reply, "^([0-9]+)%s*")
    221. 

  221.   if code then
    222. 

  222.     cmd = cmd:upper()
    223. 

  223.     code = tonumber(code)
    224. 

  224.     if SMTP_CMD[cmd] then
    225. 

  225.       if SMTP_CMD[cmd].success[code] then
    226. 

  226.         return true, reply
    227. 

  227.       end
    228. 

  228.     else
    229. 

  229.       stdnse.print_debug(3,
    230. 

  230.           "SMTP: check_smtp_reply failed: %s not supported", cmd)
    231. 

  231.       return false, string.format("SMTP: %s %s", cmd, reply)
    232. 

  232.     end
    233. 

  233.   end
    234. 

  234.   stdnse.print_debug(3,
    235. 

  235.       "SMTP: check_smtp_reply failed: %s %s", cmd, reply)
    236. 

  236.   return false, string.format("SMTP: %s %s", cmd, reply)
    237. 

  237. end
    238. 

  238. 

  239. 

  240. --- Queries the SMTP server for a specific service.
    241. 

  241. --
    242. 

  242. -- This is a low level function that can be used to have more control
    243. 

  243. -- over the data exchanged. On network errors the socket will be closed.
    244. 

  244. -- This function automatically adds <code>CRLF<code> at the end.
    245. 

  245. --
    246. 

  246. -- @param socket connected to the server
    247. 

  247. -- @param cmd The SMTP cmd to send to the server
    248. 

  248. -- @param data The data to send to the server
    249. 

  249. -- @param lines The minimum number of lines to receive, default value: 1.
    250. 

  250. -- @return true on success, or nil on failures.
    251. 

  251. -- @return response The returned response from the server on success, or
    252. 

  252. --         an error message on failures.
    253. 

  253. query = function(socket, cmd, data, lines)
    254. 

  254.   if data then
    255. 

  255.     cmd = cmd.." "..data
    256. 

  256.   end
    257. 

  257. 

  258.   local st, ret = socket:send(string.format("%s\r\n", cmd))
    259. 

  259.   if not st then
    260. 

  260.     socket:close()
    261. 

  261.     stdnse.print_debug(3, "SMTP: failed to send %s request.", cmd)
    262. 

  262.     return st, string.format("SMTP failed to send %s request.", cmd)
    263. 

  263.   end
    264. 

  264. 

  265.   st, ret = socket:receive_lines(lines or 1)
    266. 

  266.   if not st then
    267. 

  267.     socket:close()
    268. 

  268.     stdnse.print_debug(3, "SMTP %s: failed to receive data: %s.",
    269. 

  269.                     cmd, (ERROR_MESSAGES[ret] or 'unspecified error'))
    270. 

  270.     return st, string.format("SMTP %s: failed to receive data: %s",
    271. 

  271.                     cmd, (ERROR_MESSAGES[ret] or 'unspecified error'))
    272. 

  272.   end
    273. 

  273. 

  274.   return st, ret
    275. 

  275. end
    276. 

  276. 

  277. --- Connects to the SMTP server based on the provided options.
    278. 

  278. --
    279. 

  279. -- @param host The host table
    280. 

  280. -- @param port The port table
    281. 

  281. -- @param opts The connection option table, possible options:
    282. 

  282. --    ssl: try to connect using TLS
    283. 

  283. --    timeout: generic timeout value
    284. 

  284. --    recv_before: receive data before returning
    285. 

  285. --    lines: a minimum number of lines to receive
    286. 

  286. -- @return socket The socket descriptor, or nil on errors
    287. 

  287. -- @return response The response received on success and when
    288. 

  288. --   the recv_before is set, or the error message on failures.
    289. 

  289. connect = function(host, port, opts)
    290. 

  290.   if opts.ssl then
    291. 

  291.     local socket, _, _, ret = comm.tryssl(host, port, '', opts)
    292. 

  292.     if not socket then
    293. 

  293.       return socket, (ERROR_MESSAGES[ret] or 'unspecified error') 
    294. 

  294.     end
    295. 

  295.     return socket, ret
    296. 

  296.   else
    297. 

  297.     local timeout, recv, lines
    298. 

  298.     local socket = nmap.new_socket()
    299. 

  299. 

  300.     if opts then
    301. 

  301.       recv = opts.recv_before
    302. 

  302.       timeout = opts.timeout
    303. 

  303.       lines = opts.lines
    304. 

  304.     end
    305. 

  305.     socket:set_timeout(timeout or 8000)
    306. 

  306. 

  307.     local st, ret = socket:connect(host, port, port.protocol)
    308. 

  308.     if not st then
    309. 

  309.       socket:close()
    310. 

  310.       return st, (ERROR_MESSAGES[ret] or 'unspecified error')
    311. 

  311.     end
    312. 

  312. 

  313.     if recv then
    314. 

  314.       st, ret = socket:receive_lines(lines or 1)
    315. 

  315.       if not st then
    316. 

  316.         socket:close()
    317. 

  317.         return st, (ERROR_MESSAGES[ret] or 'unspecified error')
    318. 

  318.       end
    319. 

  319.     end
    320. 

  320. 

  321.   return socket, ret
    322. 

  322.   end
    323. 

  323. end
    324. 

  324. 

  325. --- Switches the plain text connection to be protected by the TLS protocol
    326. 

  326. -- by using the SMTP STARTTLS command.
    327. 

  327. -- 
    328. 

  328. -- The socket will be reconnected by using SSL. On network errors or if the
    329. 

  329. -- SMTP command fails, the connection will be closed and the socket cleared.
    330. 

  330. --
    331. 

  331. -- @param socket connected to server.
    332. 

  332. -- @return true on success, or nil on failures.
    333. 

  333. -- @return message On success this will contain the SMTP server response
    334. 

  334. --         to the client's STARTTLS command, or an error message on failures.
    335. 

  335. starttls = function(socket)
    336. 

  336.   local st, reply, ret
    337. 

  337.   
    338. 

  338.   st, reply = query(socket, "STARTTLS")
    339. 

  339.   if not st then
    340. 

  340.     return st, reply
    341. 

  341.   end
    342. 

  342. 

  343.   st, ret = check_reply('STARTTLS', reply)
    344. 

  344.   if not st then
    345. 

  345.     quit(socket)
    346. 

  346.     return st, ret
    347. 

  347.   end
    348. 

  348. 

  349.   st, ret = socket:reconnect_ssl()
    350. 

  350.   if not st then
    351. 

  351.     socket:close()
    352. 

  352.     return st, ret
    353. 

  353.   end
    354. 

  354. 

  355.   return true, reply
    356. 

  356. end
    357. 

  357. 

  358. --- Sends the EHLO command to the SMTP server.
    359. 

  359. -- 
    360. 

  360. -- On network errors or if the SMTP command fails, the connection
    361. 

  361. -- will be closed and the socket cleared.
    362. 

  362. --
    363. 

  363. -- @param socket connected to server
    364. 

  364. -- @param domain to use in the EHLO command.
    365. 

  365. -- @return true on sucess, or false on failures.
    366. 

  366. -- @return response returned by the SMTP server on success, or an
    367. 

  367. --         error message on failures.
    368. 

  368. ehlo = function(socket, domain)
    369. 

  369.   local st, ret, response
    370. 

  370.   st, response = query(socket, "EHLO", domain)
    371. 

  371.   if not st then
    372. 

  372.     return st, response
    373. 

  373.   end
    374. 

  374. 

  375.   st, ret = check_reply("EHLO", response)
    376. 

  376.   if not st then
    377. 

  377.     quit(socket)
    378. 

  378.     return st, ret
    379. 

  379.   end
    380. 

  380. 

  381.   return st, response
    382. 

  382. end
    383. 

  383. 

  384. --- Sends the HELP command to the SMTP server.
    385. 

  385. -- 
    386. 

  386. -- On network errors or if the SMTP command fails, the connection
    387. 

  387. -- will be closed and the socket cleared.
    388. 

  388. --
    389. 

  389. -- @param socket connected to server
    390. 

  390. -- @return true on success, or false on failures.
    391. 

  391. -- @return response returned by the SMTP server on success, or an
    392. 

  392. --         error message on failures.
    393. 

  393. help = function(socket)
    394. 

  394.   local st, ret, response
    395. 

  395.   st, response = query(socket, "HELP")
    396. 

  396. 

  397.   if not st then
    398. 

  398.     return st, response
    399. 

  399.   end
    400. 

  400. 

  401.   st, ret = check_reply("HELP", response)
    402. 

  402.   if not st then
    403. 

  403.     quit(socket)
    404. 

  404.     return st, ret
    405. 

  405.   end
    406. 

  406. 

  407.   return st, response
    408. 

  408. end
    409. 

  409. 

  410. --- Sends the MAIL command to the SMTP server.
    411. 

  411. --
    412. 

  412. -- On network errors or if the SMTP command fails, the connection
    413. 

  413. -- will be closed and the socket cleared.
    414. 

  414. --
    415. 

  415. -- @param socket connected to server.
    416. 

  416. -- @param address of the sender.
    417. 

  417. -- @param esmtp_opts The additional ESMTP options table, possible values:
    418. 

  418. --    size:     a decimal value to represent the message size in octets.
    419. 

  419. --    ret:      include the message in the DSN, should be 'FULL' or 'HDRS'.
    420. 

  420. --    envid:    envelope identifier, printable characters that would be
    421. 

  421. --              transmitted along with the message and included in the
    422. 

  422. --              failed DSN.
    423. 

  423. --    transid:  a globally unique case-sensitive value that identifies
    424. 

  424. --              this particular transaction.
    425. 

  425. -- @return true on success, or false on failures.
    426. 

  426. -- @return response returned by the SMTP server on success, or an
    427. 

  427. --         error message on failures.
    428. 

  428. mail = function(socket, address, esmtp_opts)
    429. 

  429.   local st, ret, response
    430. 

  430. 

  431.   if esmtp_opts and next(esmtp_opts) then
    432. 

  432.     local data = ""
    433. 

  433.     -- we do not check for strange values, read the NSEDoc.
    434. 

  434.     for k,v in pairs(esmtp_opts) do
    435. 

  435.       k = k:upper()
    436. 

  436.       data = string.format("%s %s=%s", data, k, v)
    437. 

  437.     end
    438. 

  438.     st, response = query(socket, "MAIL",
    439. 

  439.                       string.format("FROM:<%s>%s",
    440. 

  440.                       address, data))
    441. 

  441.   else
    442. 

  442.     st, response = query(socket, "MAIL",
    443. 

  443.                       string.format("FROM:<%s>", address))
    444. 

  444.   end
    445. 

  445. 

  446.   if not st then
    447. 

  447.     return st, response
    448. 

  448.   end
    449. 

  449. 

  450.   st, ret = check_reply("MAIL", response)
    451. 

  451.   if not st then
    452. 

  452.     quit(socket)
    453. 

  453.     return st, ret
    454. 

  454.   end
    455. 

  455. 

  456.   return st, response
    457. 

  457. end
    458. 

  458. 

  459. --- Sends the RCPT command to the SMTP server.
    460. 

  460. --
    461. 

  461. -- On network errors or if the SMTP command fails, the connection
    462. 

  462. -- will be closed and the socket cleared.
    463. 

  463. --
    464. 

  464. -- @param socket connected to server.
    465. 

  465. -- @param address of the recipient.
    466. 

  466. -- @return true on success, or false on failures.
    467. 

  467. -- @return response returned by the SMTP server on success, or an
    468. 

  468. --         error message on failures.
    469. 

  469. recipient = function(socket, address)
    470. 

  470.   local st, ret, response
    471. 

  471. 

  472.   st, response = query(socket, "RCPT",
    473. 

  473.                       string.format("TO:<%s>", address))
    474. 

  474. 

  475.   if not st then
    476. 

  476.     return st, response
    477. 

  477.   end
    478. 

  478. 

  479.   st, ret = check_reply("RCPT", response)
    480. 

  480.   if not st then
    481. 

  481.     quit(socket)
    482. 

  482.     return st, ret
    483. 

  483.   end
    484. 

  484. 

  485.   return st, response
    486. 

  486. end
    487. 

  487. 

  488. --- Sends data to the SMTP server.
    489. 

  489. --
    490. 

  490. -- This function will automatically adds <code><CRLF>.<CRLF></code> at the
    491. 

  491. -- end. On network errors or if the SMTP command fails, the connection
    492. 

  492. -- will be closed and the socket cleared.
    493. 

  493. --
    494. 

  494. -- @param socket connected to server.
    495. 

  495. -- @param data to be sent.
    496. 

  496. -- @return true on success, or false on failures.
    497. 

  497. -- @return response returned by the SMTP server on success, or an
    498. 

  498. --         error message on failures.
    499. 

  499. datasend = function(socket, data)
    500. 

  500.   local st, ret, response
    501. 

  501. 

  502.   st, response = query(socket, "DATA")
    503. 

  503.   if not st then
    504. 

  504.     return st, response
    505. 

  505.   end
    506. 

  506. 

  507.   st, ret = check_reply("DATA", response)
    508. 

  508.   if not st then
    509. 

  509.     quit(socket)
    510. 

  510.     return st, ret
    511. 

  511.   end
    512. 

  512. 

  513.   if data then
    514. 

  514.     st, response = query(socket, data.."\r\n.")
    515. 

  515.     if not st then
    516. 

  516.       return st, response
    517. 

  517.     end
    518. 

  518. 

  519.     st, ret = check_reply("DATA", response)
    520. 

  520.     if not st then
    521. 

  521.       quit(socket)
    522. 

  522.       return st, ret
    523. 

  523.     end
    524. 

  524.   end
    525. 

  525. 

  526.   return st, response
    527. 

  527. end
    528. 

  528. 

  529. --- Sends the RSET command to the SMTP server.
    530. 

  530. --
    531. 

  531. -- On network errors or if the SMTP command fails, the connection
    532. 

  532. -- will be closed and the socket cleared.
    533. 

  533. --
    534. 

  534. -- @param socket connected to server.
    535. 

  535. -- @return true on success, or false on failures.
    536. 

  536. -- @return response returned by the SMTP server on success, or an
    537. 

  537. --         error message on failures.
    538. 

  538. reset = function(socket)
    539. 

  539.   local st, ret, response
    540. 

  540.   st, response = query(socket, "RSET")
    541. 

  541. 

  542.   if not st then
    543. 

  543.     return st, response
    544. 

  544.   end
    545. 

  545. 

  546.   st, ret = check_reply("RSET", response)
    547. 

  547.   if not st then
    548. 

  548.     quit(socket)
    549. 

  549.     return st, ret
    550. 

  550.   end
    551. 

  551. 

  552.   return st, response
    553. 

  553. end
    554. 

  554. 

  555. --- Sends the VRFY command to verify the validity of a mailbox.
    556. 

  556. --
    557. 

  557. -- On network errors or if the SMTP command fails, the connection
    558. 

  558. -- will be closed and the socket cleared.
    559. 

  559. --
    560. 

  560. -- @param socket connected to server.
    561. 

  561. -- @param mailbox to verify.
    562. 

  562. -- @return true on success, or false on failures.
    563. 

  563. -- @return response returned by the SMTP server on success, or an
    564. 

  564. --         error message on failures.
    565. 

  565. verify = function(socket, mailbox)
    566. 

  566.   local st, ret, response
    567. 

  567.   st, response = query(socket, "VRFY", mailbox)
    568. 

  568.   
    569. 

  569.   st, ret = check_reply("VRFY", response)
    570. 

  570.   if not st then
    571. 

  571.     quit(socket)
    572. 

  572.     return st, ret
    573. 

  573.   end
    574. 

  574. 

  575.   return st, response
    576. 

  576. end
    577. 

  577. 

  578. --- Sends the QUIT command to the SMTP server, and closes the socket.
    579. 

  579. --
    580. 

  580. -- @param socket connected to server.
    581. 

  581. quit = function(socket)
    582. 

  582.   stdnse.print_debug(3, "SMTP: sending 'QUIT'.")
    583. 

  583.   socket:send("QUIT\r\n")
    584. 

  584.   socket:close()
    585. 

  585. end
    586. 

  586. 

  587. --- Attempts to authenticate with the SMTP server. The supported authentication
    588. 

  588. --  mechanisms are: LOGIN, PLAIN, CRAM-MD5, DIGEST-MD5 and NTLM.
    589. 

  589. --
    590. 

  590. -- @param socket connected to server.
    591. 

  591. -- @param username SMTP username.
    592. 

  592. -- @param password SMTP password.
    593. 

  593. -- @param mech Authentication mechanism.
    594. 

  594. -- @return true on success, or false on failures.
    595. 

  595. -- @return response returned by the SMTP server on success, or an
    596. 

  596. --         error message on failures.
    597. 

  597. 

  598. login = function(socket, username, password, mech)
    599. 

  599. 	assert(mech == "LOGIN" or mech == "PLAIN" or mech == "CRAM-MD5" 
    600. 

  600. 			or mech == "DIGEST-MD5" or mech == "NTLM",
    601. 

  601. 			("Unsupported authentication mechanism (%s)"):format(mech or "nil"))
    602. 

  602. 	local status, response = query(socket, "AUTH", mech)
    603. 

  603. 	if ( not(status) ) then
    604. 

  604. 		return false, "ERROR: Failed to send AUTH to server"
    605. 

  605. 	end
    606. 

  606. 

  607. 	if ( mech == "LOGIN" ) then
    608. 

  608. 		local tmp = response:match("334 (.*)")
    609. 

  609. 		if ( not(tmp) ) then
    610. 

  610. 			return false, "ERROR: Failed to decode LOGIN response"
    611. 

  611. 		end
    612. 

  612. 		tmp = base64.dec(tmp):lower()
    613. 

  613. 		if ( not(tmp:match("^username")) ) then
    614. 

  614. 			return false, ("ERROR: Expected \"Username\", but received (%s)"):format(tmp)
    615. 

  615. 		end
    616. 

  616. 		status, response = query(socket, base64.enc(username))
    617. 

  617. 		if ( not(status) ) then
    618. 

  618. 			return false, "ERROR: Failed to read LOGIN response"
    619. 

  619. 		end
    620. 

  620. 		tmp = response:match("334 (.*)")
    621. 

  621. 		if ( not(tmp) ) then
    622. 

  622. 			return false, "ERROR: Failed to decode LOGIN response"
    623. 

  623. 		end
    624. 

  624. 		tmp = base64.dec(tmp):lower()
    625. 

  625. 		if ( not(tmp:match("^password")) ) then
    626. 

  626. 			return false, ("ERROR: Expected \"password\", but received (%s)"):format(tmp)
    627. 

  627. 		end
    628. 

  628. 		status, response = query(socket, base64.enc(password))
    629. 

  629. 		if ( not(status) ) then
    630. 

  630. 			return false, "ERROR: Failed to read LOGIN response"
    631. 

  631. 		end
    632. 

  632. 		if ( response:match("^235") ) then
    633. 

  633. 			return true, "Login success"
    634. 

  634. 		end
    635. 

  635. 		return false, response
    636. 

  636. 	end
    637. 

  637. 	
    638. 

  638. 	
    639. 

  639. 	if ( mech == "NTLM" ) then
    640. 

  640. 		-- sniffed of the wire, seems to always be the same
    641. 

  641. 		-- decodes to some NTLMSSP blob greatness
    642. 

  642. 		status, response = query(socket, "TlRMTVNTUAABAAAAB7IIogYABgA3AAAADwAPACgAAAAFASgKAAAAD0FCVVNFLUFJUi5MT0NBTERPTUFJTg==")
    643. 

  643. 		if ( not(status) ) then return false, "ERROR: Failed to receieve NTLM challenge" end 
    644. 

  644. 	end
    645. 

  645. 	
    646. 

  646. 	
    647. 

  647. 	local chall = response:match("^334 (.*)")
    648. 

  648. 	chall = (chall and base64.dec(chall))
    649. 

  649. 	if (not(chall)) then return false, "ERROR: Failed to retrieve challenge" end
    650. 

  650. 

  651. 	-- All mechanisms expect username and pass
    652. 

  652. 	-- add the otheronce for those who need them
    653. 

  653. 	local mech_params = { username, password, chall, "smtp" }
    654. 

  654. 	local auth_data = sasl.Helper:new(mech):encode(table.unpack(mech_params))
    655. 

  655. 	auth_data = base64.enc(auth_data)
    656. 

  656. 	
    657. 

  657. 	status, response = query(socket, auth_data)
    658. 

  658. 	if ( not(status) ) then
    659. 

  659. 		return false, ("ERROR: Failed to authenticate using SASL %s"):format(mech)
    660. 

  660. 	end
    661. 

  661. 	
    662. 

  662. 	if ( mech == "DIGEST-MD5" ) then
    663. 

  663. 		local rspauth = response:match("^334 (.*)")
    664. 

  664. 		if ( rspauth ) then
    665. 

  665. 			rspauth = base64.dec(rspauth)
    666. 

  666. 			status, response = query(socket,"")
    667. 

  667. 		end
    668. 

  668. 	end
    669. 

  669. 	
    670. 

  670. 	if ( response:match("^235") ) then return true, "Login success"	end
    671. 

  671. 		
    672. 

  672. 	return false, response
    673. 

  673. end
    674. 

  674. 

  675. return _ENV;
    676. 

  676.