Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NSE Script to exploit the Windows Vista and 7 SMB 2.0 remote BSOD bug?

From: Ron <ron () skullsecurity net>
Date: Mon, 14 Sep 2009 09:32:58 -0500
You are correct, it's returning 'nil'.
The NSEDoc doesn't say anything about returning nil, though, it only says the call returns 'true' or 'false'.[1] All my scripts explicitly check for a 'false' return value. If it's going to stay like this, I suggest updating NSEDoc. 

Ron

[1] http://nmap.org/nsedoc/lib/nmap.html#connect


On 09/13/2009 04:39 PM, David Fifield wrote:

On Thu, Sep 10, 2009 at 10:42:54AM -0500, Ron wrote:

I can trigger the DoS pretty easily, but I'm having trouble telling if
the server was taken offline. The connect() and send() calls seem to be
returning the wrong result (a packetlogger tells me that the server
isn't responding, yet connect() returns true). I've attached the script
that *should* return the correct results, but it only returns "TEST!"
for me, which tells me that the connect() is succeeding.

        if(status == false) then
                socket:close()
                return true, VULNERABLE
        end


Try using "if not status" instead of "if status == false". The socket
operation could be returning nil.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: