Re: [PATCH] showOwner.nse script causing infinite loop

["DePriest, Jason R." <jrdepriest () gmail com>]

On Sat, May 24, 2008 at 9:12 AM, jah <> wrote:
> On 24/05/2008 06:44, DePriest, Jason R. wrote:
>
> Hello,
>
> I am running a scan on a Debian GNU/Linux box with -sSCUV and it hits
> a loop and just keeps going and going.  The --script-trace doesn't
> tell me which script is trying to run.
>
> Is there an easy way to get nmap to tell me what it's doing when it
> just keeps doing it over and over again.
>
> It basically does this
> [output]
> NSOCK (56.4820s) nsock_loop() started (timeout=50ms). 1 events pending
> NSOCK (56.4820s) wait_for_events
> [/output]
> as long as I'll let it run.  I let it go for about 15 minutes before
> killing it the first time.
>
> If I just use -sSUV, it works fine.  It must not be one of the scripts
> that runs for a version scan, I suppose.
>
> Hi Jason,
>
> I've managed to reproduce the issue.  I walked away from my machine for
> about three minutes and came back to a 1GB output file.
> According to RFC1413 ident requests should be for fully specified TCP ports
> and whilst I can't say exactly what the problem is, I've found the
> following:
> The portrule for showOwner:
>
> portrule = function(host, port)
>     local identd, decision
>
>     local auth_port = { number=113, protocol="tcp" }
>     identd = nmap.get_port_state(host, auth_port)
>
>     if
>         identd ~= nil
>         and identd.state == "open"
>     then
>         decision = true
>     else
>         decision = false
>     end
>
>     return decision
> end
>
> If, underneath and identd.state == "open", we prevent open|filtered ports
> being selected:
> and port.state == "open"
> then the infinite loop doesn't happen so it looks like the issue was due to
> open|filtered ports.  Strangely enough, I found that the example of a port
> rule in the reference guide [1] show this filtering for open ports, but when
> the script was first committed to SVN, it wasn't present.
> Looking through the results, I see only ident info for TCP ports so in
> addition I've used
> and port.protocol == "tcp"
> which should cover all bases.
>
> Attached is showOwner.patch, please see if it works for you.
>
> Regards,
>
> jah
>
> [1] - http://nmap.org/book/nse-tutorial.html#nse-tutorial-rule

Typo in your patch.

LUA INTERPRETER in nse_main.cc:606:
/usr/local/share/nmap/scripts/showOwner.nse:22: attempt to index
global 'prot' (a nil value)

I changed it manually to and port.state == "open"
which also matches the tutorial rule.

Worked beautifully after that.

Thanks.

-Jason

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org