Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ncat File Transfer Brokenness

From: David Fifield <david () bamsoftware com>
Date: Tue, 2 Mar 2010 12:27:46 -0700
On Tue, Mar 02, 2010 at 12:48:03AM -0700, David Fifield wrote:

On Sat, Feb 27, 2010 at 02:46:18PM -0800, David Millis wrote:

The following terminated early leaving files varying between 8 ad
40k in size.

ncat -vvvn -e "cmd /c \"type somefile.zip\"" --send-only 192.168.1.1 1234
UnixUtils' cat.exe was similarly affected.

NCAT DEBUG: Executing: cmd /c "type ghost.exe"
NCAT DEBUG: Creating named pipe "\\.\pipe\ncat-0"
NCAT DEBUG: Register subprocess 00000728 at index 0.
NCAT DEBUG: Subprocess ended with exit code 259.
NCAT DEBUG: Unregister subprocess 00000728 from index 0.
NCAT DEBUG: Terminating subprocesses
NCAT DEBUG: max_index 1


I started to check this out. What's happening is an error 10035,
WSAEWOULDBLOCK. That's breaking the subprocess loop, which is why the
exit code is 259, or STILL_ACTIVE, because the process hasn't really
stopped.

This same problem had been observed on Unix. Venkat Sanaka fixed it last
year by making the socket blocking before execing the subprocess. The
same code should work for Windows but apparently it isn't.

http://seclists.org/nmap-dev/2009/q2/635


I figured out the problem. On Windows we're using the WSAEventSelect
function, which, as I didn't know before, puts the socket into
non-blocking mode. So even though we're making the socket blocking,
WSAEventSelect is undoing it. I wasn't sure of the best way to fix it. I
just made the socket blocking again before every socket send, and it
works.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: