Nmap Development mailing list archives
Re: parsing of script-args is broken
From: jah <jah () zadkiel plus com>
Date: Mon, 18 May 2009 00:04:47 +0100
On 16/05/2009 01:30, Patrick Donnelly wrote:
On Sun, May 10, 2009 at 7:23 AM, Patrick Donnelly <batrick () batbytes com> wrote:A key, value, or array value may be a sequence of characters except '{', '}', ',', '=', and all space characters. You may overcome this restriction by using quotes (single or double) to allow all characters within the quotation marks. You may also use the quote delimiter inside the sequence so long as it is escaped by a backslash.
Hi Patrick, I am using the sargs5.patch (on windows) and can only pass a value containing a comma to --script-args by nesting single quotes within double quotes around the value: --script-args smbuser=somebody,smbpass="'.n,m '" ... NSE: SMB: Extended login as \somebody succeeded ... or the other way round: --script-args smbuser=somebody,smbpass='".n,m "' or even mismatched: --script-args smbuser=somebody,smbpass="'.n,m "' If I use single quotes only: C:\Program Files\Nmap\nse_main.lua:539: Value at ''.n,m}' is invalid or is unterminated by a valid seperator stack traceback: [C]: in function 'error' C:\Program Files\Nmap\nse_main.lua:539: in function 'parse_value' C:\Program Files\Nmap\nse_main.lua:553: in function 'parse_table' C:\Program Files\Nmap\nse_main.lua:593: in main chunk [C]: ? QUITTING! I think this just a windows oddity because it treats single quotes as just a character . If I use double quotes only, the value containing the comma is truncated before the comma so it becomes the value ".n" NSE: SMB: Extended login as \somebody failed (NT_STATUS_LOGON_FAILURE) Using a Linux or a Cygwin terminal and supplying either single or double quotes also results in truncation of the value, but nested quotes work OK (mismatched quotes don't work) It appears that the double quotes are always stripped from the command processor (irrespective of whether they're the inner or outer quotes) so in nse_main.lua they match the pattern for unquoted strings: local uqi, uqj, uqm = find(str, "^%s*([^'\"%s{},=][^%s{},=]*)%s*[},=]", start); which treats the comma as a separator of key/value pairs and so any characters after the comma are turned into a new key/value pair. Is this behaviour as you intended? Regards, jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- parsing of script-args is broken jah (Apr 26)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)
- Re: parsing of script-args is broken jah (Apr 27)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)
- patch looks good jah (Apr 27)
- Re: parsing of script-args is broken David Fifield (Apr 30)
- Re: parsing of script-args is broken Patrick Donnelly (May 01)
- Re: parsing of script-args is broken Patrick Donnelly (May 10)
- Re: parsing of script-args is broken Patrick Donnelly (May 15)
- Re: parsing of script-args is broken Ron (May 17)
- Re: parsing of script-args is broken jah (May 17)
- Re: parsing of script-args is broken Patrick Donnelly (May 17)
- Re: parsing of script-args is broken jah (May 18)
- Re: parsing of script-args is broken jah (Apr 27)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)