Nmap Development mailing list archives
Re: parsing of script-args is broken
From: Patrick Donnelly <batrick () batbytes com>
Date: Sun, 17 May 2009 19:55:19 -0600
Hi Jah, On Sun, May 17, 2009 at 5:04 PM, jah <jah () zadkiel plus com> wrote:
On 16/05/2009 01:30, Patrick Donnelly wrote:
On Sun, May 10, 2009 at 7:23 AM, Patrick Donnelly <batrick () batbytes com>
wrote:
A key, value, or array value may be a sequence of characters except
'{', '}', ',', '=', and all space characters. You may overcome this
restriction by using quotes (single or double) to allow all characters
within the quotation marks. You may also use the quote delimiter
inside the sequence so long as it is escaped by a backslash.
Hi Patrick,
I am using the sargs5.patch (on windows) and can only pass a value
containing a comma to --script-args by nesting single quotes within double
quotes around the value:
--script-args smbuser=somebody,smbpass="'.n,m '"
...
NSE: SMB: Extended login as \somebody succeeded
...
or the other way round:
--script-args smbuser=somebody,smbpass='".n,m "'
or even mismatched:
--script-args smbuser=somebody,smbpass="'.n,m "'
If I use single quotes only:
C:\Program Files\Nmap\nse_main.lua:539: Value at ''.n,m}' is invalid or is
unterminated by a valid seperator
stack traceback:
[C]: in function 'error'
C:\Program Files\Nmap\nse_main.lua:539: in function 'parse_value'
C:\Program Files\Nmap\nse_main.lua:553: in function 'parse_table'
C:\Program Files\Nmap\nse_main.lua:593: in main chunk
[C]: ?
QUITTING!
I think this just a windows oddity because it treats single quotes as just a
character . If I use double quotes only, the value containing the comma is
truncated before the comma so it becomes the value ".n"
NSE: SMB: Extended login as \somebody failed (NT_STATUS_LOGON_FAILURE)
Using a Linux or a Cygwin terminal and supplying either single or double
quotes also results in truncation of the value, but nested quotes work OK
(mismatched quotes don't work)
It appears that the double quotes are always stripped from the command
processor (irrespective of whether they're the inner or outer quotes) so in
nse_main.lua they match the pattern for unquoted strings:
local uqi, uqj, uqm = find(str,
"^%s*([^'\"%s{},=][^%s{},=]*)%s*[},=]", start);
which treats the comma as a separator of key/value pairs and so any
characters after the comma are turned into a new key/value pair.
Is this behaviour as you intended?
Unless I'm terribly mistaken, this looks like the shell is separating your argument to --script-args into two arguments instead of one. I'm not very familiar with the Windows shell, but I believe that single quotes are treated like any other non-special character (as you hinted). This is the reason surrounding the argument in only single quotes failed. --script-args smbuser=somebody,smbpass='.n,m ' The second single quote is treated as an extra argument (I'm not sure what Nmap will do with a single quote argument). To look at all your other examples specifically: --script-args smbuser=somebody,smbpass="'.n,m '" This works because you surround the space in quotes, forcing it to be included in the argument to --script-args. The single quotes are just like any other character. The string in double quotes is concatenated with "smbuser=somebody,smbpass=". Remember most shells (apparently including Windows) will concatenate adjacent strings not separated by spaces. --script-args smbuser=somebody,smbpass='".n,m "' This works similar to above. The single quote is considered part of the first string to concatenate: "smbuser=somebody,smbpass='", the second string is ".n,m ", and the third string is simply the single quotes. --script-args smbuser=somebody,smbpass="'.n,m "' Again, the shell concatenates the strings: (1) "smbuser=somebody,smbpass=" (2) "'.n,m " (3) "'" Linux and Cygwin will both strip the quotes, similar to how Windows strips the double quotes. If you properly escape the quotes at the shell you will get the appropriate arguments: ./nmap --script-args smbuser=somebody,smbpass="\".n,m\ \"" localhost Notice I escaped the space as well, otherwise the shell treats the final quote as a separate argument to Nmap (which is the error you are getting). Personally, I always surround the argument to --script-args (on Linux) in double quotes and use single quotes to delimit any strings with the invalid characters (commas, curly braces, etc.). This should also work on windows. Hope that cleared things up! Regards, -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: parsing of script-args is broken, (continued)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)
- Re: parsing of script-args is broken jah (Apr 27)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)
- patch looks good jah (Apr 27)
- Re: parsing of script-args is broken David Fifield (Apr 30)
- Re: parsing of script-args is broken Patrick Donnelly (May 01)
- Re: parsing of script-args is broken Patrick Donnelly (May 10)
- Re: parsing of script-args is broken Patrick Donnelly (May 15)
- Re: parsing of script-args is broken Ron (May 17)
- Re: parsing of script-args is broken jah (May 17)
- Re: parsing of script-args is broken Patrick Donnelly (May 17)
- Re: parsing of script-args is broken jah (May 18)
- Re: parsing of script-args is broken jah (Apr 27)
- Re: parsing of script-args is broken Patrick Donnelly (Apr 27)