Nmap Development mailing list archives
A couple more issues with http.lua
From: Ron <ron () skullsecurity net>
Date: Thu, 20 Aug 2009 10:14:39 -0500
Hi all, I was getting some weird errors when scanning some SSL-only servers (in particular, an embedded Arcsight system that runs some form of Apache Tomcat). I eventually realized it was trying to start a non-SSL conection on port 443. I traced it back to this code: -- local function is_ssl(port_number) local common_ssl_ports = {465, 989, 990, 992, 993, 994, 995, 587, 6697, 6679, 8443} ... -- The issue is that "tcp" is given priority over "ssl", since port 443 is missing from the list, and also that the server responds to a HTTP request on a HTTPS port with a 400 Bad Request, making Nmap think it worked. So I added 443 to that list (and I'll commit that change, unless there's some reason it was left off?), and now I get this error: -- NSE: http-enum against x.x.x.125:443 threw an error! ./nselib/http.lua:629: attempt to concatenate local 'limit' (a nil value) stack traceback: ./nselib/http.lua:629: in function 'pipeline' ./scripts/http-enum.nse:169: in function <./scripts/http-enum.nse:42> (tail call): ? -- I traced it back to this line: -- if response.header["keep-alive"] thenlocal max = string.match( response.header["keep-alive"], "max\=(%d*)")
return max else return 40 end -- While the server returns this: -- status-line: HTTP/1.1 404 Not Found header: connection: Keep-Alive keep-alive: timeout=15 date: Thu, 20 Aug 2009 15:07:31 GMT content-type: text/html; charset=iso-8859-1 server: Apache status: 404 cookies: body: -- So, the match is failing and 'nil' is being returned. The fix for it would be checking if max is nil and returning 40 if it is.I've made both those changes and tested them against a few known bad systems. They seem to work fine. A diff is attached; let me know if you want me to apply it.
Ron(PS: Sorry if the linebreaks get screwed up, I am forwarding this from Outlook)
Attachment:
http-ssl-fixes.diff
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- A couple more issues with http.lua Ron (Aug 20)
- Re: A couple more issues with http.lua Ron (Aug 21)
- Re: A couple more issues with http.lua Joao Correa (Aug 21)
- Re: A couple more issues with http.lua Ron (Aug 21)