Nmap Development mailing list archives
Special characters in script-args
From: Ron <ron () skullsecurity net>
Date: Fri, 15 May 2009 14:06:33 -0500
Hi all,I posted this to the #nmap channel a few days ago, but I wasn't around to see if there was an answer. So I figured I'd ask it here.
If a --script-arg contains a special characters, such as a colon, parsing the arguments will fail with a cryptic error. So if somebody is trying to use a hash to log in, and passes this string, it'll fail:
--script-args=smbuser=admin,smbhash=abc123:abc123Similarily if a user gives the password on the commandline, like this, it'll fail:
--script-args=smbuser=admin,smbpass=pass^wordThe solution that I use is to pass escaped quotes, like smbpass=\"pass^word\", but I don't expect that an ordinary user would know to do that (or understand the Lua stackdump when they don't). Is there something we can do to make this easier?
(Sorry if this came up in an earlier discussion -- I haven't had a home Internet connection for awhile, so I haven't been following bigger threads)
Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Special characters in script-args Ron (May 15)
- Re: Special characters in script-args Fyodor (May 15)
- Re: Special characters in script-args Patrick Donnelly (May 15)