Nmap Development mailing list archives
Re: nmap issue
From: "Mike pattrick" <mpattrick () rhinovirus org>
Date: Fri, 16 May 2008 18:36:20 -0400
Oops, I sent the previous copy of this to Fyodor only instead of the nmap-dev list. I guess this is a completely loaded suggestion as implementation would be difficult, but you could bypass UAC if nmap's scanner was implemented as a service. Sincerely, Michael Patrick
On Fri, May 16, 2008 at 5:52 PM, Fyodor <fyodor () insecure org> wrote:On Thu, May 15, 2008 at 05:06:03PM -0700, Gianluca Varenni wrote:Did you run nmap/zenmap with elevated privileges (if UAC is enabled)? You need to start the application (or the command line prompt used to launch it) by right-clicking on it and using "Run as administrator".Thanks Gianluca. It looks like this was indeed his problem, and it is one we have encountered numerous times before. So I'd like to throw this question out to nmap-dev: What should we do about UAC? I'm certainly no Vista expert, but I just read up on UAC at: http://en.wikipedia.org/wiki/User_Account_Control So it seems that when people click on Nmap or run it from the command-line, Vista no longer gives Nmap administrator rights by default, even if the user is logged in as an administrator. When Nmap gets to opening the ethernet device with Dnet's eth_open() function, that function seems to fail due to requiring administrator access. Here is one idea for potentially fixing this: 1) We can compile Nmap with a "manifest" embedded with the requestedExecutionLevel set to 'highestAvailable' so that UAC confirmation will be requested at startup if the user is an admin. 2) We need to then test if the user has proper admin privileges. If so, we go forward as normal. If not, we set o.isr00t to 0 just as we would do if run with --unprivileged. Maybe we should print a warning in this case (at least in verbose mode) because Nmap really is crippled in this situation. So that is one approach we can take. Anyone have better/different ideas? Anyone have Windows Vista and want to work on implementing this? Cheers, -Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- nmap issue Chris Detzel (May 15)
- RE: nmap issue Aaron Leininger (May 15)
- RE: nmap issue Chris Detzel (May 15)
- Re: nmap issue Gianluca Varenni (May 15)
- RE: nmap issue Chris Detzel (May 16)
- Re: nmap issue Fyodor (May 16)
- Message not available
- Re: nmap issue Mike pattrick (May 16)
- Re: nmap issue Brandon Enright (May 16)
- Re: nmap issue Gianluca Varenni (May 16)
- RE: nmap issue Rob Nicholls (May 17)
- Re: nmap issue bensonk (May 17)
- RE: nmap issue Rob Nicholls (May 17)
- Re: nmap issue bensonk (May 17)
- Unofficial WinPcap Installer Issue Rob Nicholls (May 19)
- Re: Unofficial WinPcap Installer Issue jah (May 19)
- Re: Unofficial WinPcap Installer Issue Gianluca Varenni (May 19)
- RE: Unofficial WinPcap Installer Issue Rob Nicholls (May 19)
- RE: nmap issue Chris Detzel (May 15)
- RE: nmap issue Aaron Leininger (May 15)