Nmap impress-remote-discover NSE Script
This page contains detailed information about how to use the impress-remote-discover NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
| Select: |
|---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/impress-remote-discover.nse
Script categories: intrusive, brute
Target service / protocol: impress-remote, tcp
Target network port(s): 1599
List of CVEs: -
Script Description
The impress-remote-discover.nse script tests for the presence of the LibreOffice Impress Remote server. Checks if a PIN is valid if provided and will bruteforce the PIN if requested.
When a remote first contacts Impress and sends a client name and PIN, the user must open the "Slide Show -> Impress Remote" menu and enter the matching PIN at the prompt, which shows the client name. Subsequent connections with the same client name may then use the same PIN without user interaction. If no PIN has been set for the session, each PIN attempt will result in a new prompt in the "Impress Remote" menu. Brute-forcing the PIN, therefore, requires that the user has entered a PIN for the same client name, and will result in lots of extra prompts in the "Impress Remote" menu.
Impress-remote-discover NSE Script Arguments
This is a full list of arguments supported by the impress-remote-discover.nse script:
impress-remote-discover.bruteforce
No value needed (default is false).
String value of the client name (default is Firefox OS).
PIN number for the remote (default is 0000).
- - -
To use these script arguments, add them to the Nmap command line using the --script-args arg1=value,[arg2=value,..] syntax. For example:
nmap --script=impress-remote-discover --script-args impress-remote-discover.bruteforce=value,impress-remote-discover.client=value <target>Impress-remote-discover NSE Script Example Usage
Here's an example of how to use the impress-remote-discover.nse script:
nmap -p 1599 --script impress-remote-discover <host>
Impress-remote-discover NSE Script Example Output
Here's a sample output from the impress-remote-discover.nse script:
PORT STATE SERVICE Version
1599/tcp open impress-remote LibreOffice Impress remote 4.3.3.2
| impress-remote-discover:
| Impress Version: 4.3.3.2
| Remote PIN: 0000
|_ Client Name used: Firefox OS
Impress-remote-discover NSE Script Example XML Output
There is no sample XML output for this module. However, by providing the -oX <file> option, Nmap will produce a XML output and save it in the file.xml file.
Author
- Jer Hiebert
References
- https://nmap.org/nsedoc/scripts/impress-remote-discover.html
- https://github.com/nmap/nmap/tree/master/scripts/impress-remote-discover.nse
See Also
Visit Nmap NSE Library for more scripts.
The impress-remote-discover.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
Client argument must be a string.
Here is a relevant code snippet related to the "Client argument must be a string." error message:
51: local client_name = stdnse.get_script_args(SCRIPT_NAME .. ".client")
52: if client_name then
53: stdnse.debug("Client name provided: %s", client_name)
54: -- Sanity check the value from the user.
55: if type(client_name) ~= "string" then
56: return false, "Client argument must be a string."
57: end
58: end
59: args.client_name = client_name or "Firefox OS"
60:
61: local bruteforce = stdnse.get_script_args(SCRIPT_NAME .. ".bruteforce")
PIN argument must be a number.
Here is a relevant code snippet related to the "PIN argument must be a number." error message:
70: local pin = stdnse.get_script_args(SCRIPT_NAME .. ".pin")
71: if pin then
72: -- Sanity check the value from the user.
73: pin = tonumber(pin)
74: if type(pin) ~= "number" then
75: return false, "PIN argument must be a number."
76: elseif pin < 0 or pin > 9999 then
77: return false, "PIN argument must be in range between 0000 and 9999 inclusive."
78: elseif bruteforce then
79: return false, "When bruteforcing is enabled, a PIN cannot be set."
80: end
PIN argument must be in range between 0000 and 9999 inclusive.
Here is a relevant code snippet related to the "PIN argument must be in range between 0000 and 9999 inclusive." error message:
72: -- Sanity check the value from the user.
73: pin = tonumber(pin)
74: if type(pin) ~= "number" then
75: return false, "PIN argument must be a number."
76: elseif pin < 0 or pin > 9999 then
77: return false, "PIN argument must be in range between 0000 and 9999 inclusive."
78: elseif bruteforce then
79: return false, "When bruteforcing is enabled, a PIN cannot be set."
80: end
81: end
82: args.pin = pin or 0
When bruteforcing is enabled, a PIN cannot be set.
Here is a relevant code snippet related to the "When bruteforcing is enabled, a PIN cannot be set." error message:
74: if type(pin) ~= "number" then
75: return false, "PIN argument must be a number."
76: elseif pin < 0 or pin > 9999 then
77: return false, "PIN argument must be in range between 0000 and 9999 inclusive."
78: elseif bruteforce then
79: return false, "When bruteforcing is enabled, a PIN cannot be set."
80: end
81: end
82: args.pin = pin or 0
83:
84: return true, args
Failed to create buffer from socket: %s
Here is a relevant code snippet related to the "Failed to create buffer from socket: %s" error message:
94: socket:set_timeout(5000)
95:
96: local buffer, err = stdnse.make_buffer(socket, "\n")
97: if err then
98: socket:close()
99: stdnse.debug1("Failed to create buffer from socket: %s", err)
100: return
101: end
102: socket:send("LO_SERVER_CLIENT_PAIR\n" .. client_name .. "\n" .. pin .. "\n\n")
103:
104: return buffer, socket
Failed to receive line from socket: %s
Here is a relevant code snippet related to the "Failed to receive line from socket: %s" error message:
111: -- so we loop through lines until we get to that one
112: for j=0,3 do
113: line, err = buffer()
114: if not line then
115: socket:close()
116: stdnse.debug1("Failed to receive line from socket: %s", err)
117: return
118: end
119:
120: if string.match(line, "^LO_SERVER_INFO$") then
121: line, err = buffer()
Failed to parse version from socket.
Here is a relevant code snippet related to the "Failed to parse version from socket." error message:
127: return output
128: end
129: end
130:
131: socket:close()
132: stdnse.debug1("Failed to parse version from socket.")
133: return
134: end
135:
136: local check_pin = function(host, port, client_name, pin)
137: local buffer, socket = remote_connect(host, port, client_name, pin)
Failed to receive line from socket: %s
Here is a relevant code snippet related to the "Failed to receive line from socket: %s" error message:
140: end
141:
142: local line, err = buffer()
143: if not line then
144: socket:close()
145: stdnse.debug1("Failed to receive line from socket: %s", err)
146: return
147: end
148:
149: if string.match(line, "^LO_SERVER_SERVER_PAIRED$") then
150: return remote_version(buffer, socket, client_name, pin)
Failed to receive line from socket: %s
Here is a relevant code snippet related to the "Failed to receive line from socket: %s" error message:
170: end
171:
172: local line, err = buffer()
173: if not line then
174: socket:close()
175: stdnse.debug1("Failed to receive line from socket: %s", err)
176: return
177: end
178:
179: if string.match(line, "^LO_SERVER_SERVER_PAIRED$") then
180: return remote_version(buffer, socket, client_name, pin)
Failed to bruteforce PIN.
Here is a relevant code snippet related to the "Failed to bruteforce PIN." error message:
181: end
182:
183: socket:close()
184: end
185:
186: stdnse.debug1("Failed to bruteforce PIN.")
187: return
188: end
189:
190: action = function(host, port)
191: -- Parse and sanity check the command line arguments.
ERROR: %s
Here is a relevant code snippet related to the "ERROR: %s" error message:
189:
190: action = function(host, port)
191: -- Parse and sanity check the command line arguments.
192: local status, options = parse_args()
193: if not status then
194: stdnse.verbose1("ERROR: %s", options)
195: return stdnse.format_output(false, options)
196: end
197:
198: local result
199: if options.bruteforce then
Version
This page has been created based on Nmap version 7.92.
Go back to menu.
