Nmap Development mailing list archives
Re: Services matched by script--show a service fingerprint?
From: ambarisha b <b.ambarisha () gmail com>
Date: Sun, 3 Apr 2011 03:34:38 +0530
Hi, I have looked into this, but as far as I could read, it should be working as intended i.e if there is a match in the scripts, the fingerprint doesn't get displayed.From the code, when we run a service probe against a port , we're saving the results(if any) using the setServiceProbeResults() whose last parameter is the fingerprint.If the fingerprint wasn't properly matched we're passing it on to the setServiceProbeResults() otherwise we just pass NULL which means the fingerprint wouldn't be displayed as it was matched..So,what is currently happening,in this particular case, is that service_scan will set the fingerprint for the port.But after that when the skype2-version.nse script is run , it will try to set what it has found for the port.If there is a match it will pass the fingerprint argument as NULL which will overwrite the previously set fingerprint.Finally, we wouldn't be printing the fingerprint and there shouldn't be a problem. To verify this,I set up a skype2.1Beta on a local test bed and tried to fingerprint the service.This was what I got :[See port 6666] $nmap -sV localhost Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-03 02:56 IST Nmap scan report for localhost (127.0.0.1) Host is up (0.00040s latency). Other addresses for localhost (not scanned): 127.0.0.1 rDNS record for 127.0.0.1: localhost.localdomain Not shown: 989 closed ports PORT STATE SERVICE VERSION 21/tcp open ftp Pure-FTPd 22/tcp open ssh OpenSSH 5.5p1 Debian 4ubuntu5 (protocol 2.0) 25/tcp open smtp Sendmail 8.14.3/8.14.3/Debian-9.2ubuntu1 80/tcp open http Apache httpd 2.2.16 ((Ubuntu)) 443/tcp open https? 587/tcp open smtp Sendmail 8.14.3/8.14.3/Debian-9.2ubuntu1 631/tcp open ipp CUPS 1.4 3306/tcp open mysql MySQL 5.1.49-1ubuntu8.1 6666/tcp open skype2 Skype 8000/tcp open socks5 (No authentication; connection failed) 49152/tcp open upnp Portable SDK for UPnP devices 1.6.6 (kernel 2.6.35-28-generic; UPnP 1.0) Service Info: Host: localhost6.localdomain6; OSs: Linux, Unix Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 156.36 seconds (I couldn't make it run on 80 and 443 because a webserver was running which was not to be disturbed.So, I modified my skypev2-version.nse's port rule to run against 6666 also.This is with the SVN build and the bug was on 5.50) The fingerprint was not printed.I could verify that service_scan is generating a fingerprint to submit, but it isn't getting displayed ultimately.It is being overridden by the skype script's "NULL" fingerprint. What do you say? Cheers Ambarish On Fri, Apr 1, 2011 at 8:41 AM, David Fifield <david () bamsoftware com> wrote:
On Sun, Mar 27, 2011 at 02:39:03PM -0700, David Fifield wrote:Dhruval Gandhi's screenshot at http://seclists.org/nmap-dev/2011/q1/1014 shows port 80 being matched as skype2 by the skypev2-version.nse script, but a service fingerprint is being shown anyway. We usually get a bunch of Skype service submissions in each batch, which I have to ignore because service detection can't match it (that's what skypev2-version.nse is for, after all). I thought that perhaps the script was failing for some reason, but now I see that if a service produces output, it can cause a fingerprint to be displayed even when a script later matches the service. Should it work this way? How about hiding the fingerprint (and request to submit it) when a service is hardmatched by NSE?Okay, we've had some agreement that the fingerprint shouldn't be shown in this case. I'm going to suggest that this would make a good starter task for a feature creeper / bug wrangler in the Summer of Code. So, you applicants, this is a nice easy problem to analyze and solve. First, you need to find where the service fingerprint is printed, then look at the conditions that make it be printed or not, and modify the condition so that it is false when there is a service match from a script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: Services matched by script--show a service fingerprint? ambarisha b (Apr 02)
- Re: Services matched by script--show a service fingerprint? David Fifield (Apr 02)