Special characters in script-args

[Ron <ron () skullsecurity net>]

Hi all,

I posted this to the #nmap channel a few days ago, but I wasn't around 
to see if there was an answer. So I figured I'd ask it here.

If a --script-arg contains a special characters, such as a colon, 
parsing the arguments will fail with a cryptic error. So if somebody is 
trying to use a hash to log in, and passes this string, it'll fail:
 --script-args=smbuser=admin,smbhash=abc123:abc123

Similarily if a user gives the password on the commandline, like this, 
it'll fail:
 --script-args=smbuser=admin,smbpass=pass^word

The solution that I use is to pass escaped quotes, like 
smbpass=\"pass^word\", but I don't expect that an ordinary user would 
know to do that (or understand the Lua stackdump when they don't). Is 
there something we can do to make this easier?

(Sorry if this came up in an earlier discussion -- I haven't had a home 
Internet connection for awhile, so I haven't been following bigger threads)

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org