Nmap Development mailing list archives
Re: [NSE] How brute scripts and UN/PW scripts interact with creds
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 29 Dec 2011 20:15:44 +0100
On Thu, Dec 29, 2011 at 7:41 PM, Patrik Karlsson <patrik () cqure net> wrote:
On Thu, Dec 29, 2011 at 7:12 PM, David Fifield <david () bamsoftware com>wrote:On Wed, Dec 28, 2011 at 09:38:16PM -0500, Brendan Byrd wrote:On Wed, Dec 28, 2011 at 11:00 AM, Patrik Karlsson <patrik () cqure net>wrote:Make sure to check out the latest snmp-brute that was committed a fewdaysago.Looking at it now. Looks like it's just changes to the communitystring DBreader, so I'm try to get that merged in with my own code.At first I thought: wouldn't you achieve this by putting these 7-8 community strings in a community dictionary file(snmp-brute.communitiesdb)and running snmp-brute and whatever other snmp script you would likeoutputfrom? As all snmp scripts should depend on snmp-brute it should findtheproper string and have it for the other scripts running once itfinishes.Besides the thing below, there's another problem: snmp-brute, and infact,probably most of the brute scripts, don't appear to be "thread safe". We're talking when NMap executes 128 brute scripts for 128 hosts. The sending of packets appear to work just fine. However, when ahost-specificreceiver thread tells pcap that it needs to find a specific packet fromitshost, Pcap will happily discard all of the good responses from everyotherhost until it has found the right packet for the host that this single thread is worried about. There's no real way of fixing this via Lua. The script is justexecutingcode similar to this: pcap:pcap_open(host.interface, 104, false, "src host " .. host.ip .. "andudp and port " .. port.number) ... -- Yay, mass discards! local status, plen, l2, l3, _ = pcap:pcap_receive()Are you sure about this? The pcap bindings have been designed not to have the problem you describe. I did a test with two scripts that capture all packets using a filter string of "ip", and both the scripts see the same packets, even when run at the same time. I attached the scripts. I ran them like this: $ sudo ./nmap -e eth0 --script=test-a,test-b -d2 Does the same thing happen when you do 20 simultaneous hosts, rather than 128? I can more easily imagine that is is caused by a limit on the number of BPF handles or something like that. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/I guess the change I made, adding the source port to the BPF filter doesn't hurt? Anyway, I'm having trouble running your scripts as they instantly crash, it seems to be a problem in the packet library. I think I've tracked it down to a SSL session to twitter. Any TCP/IP guru that would like to debug? Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77
Never mind, increased the snaplen from 64 in your scripts and it all worked well. Both scripts see all traffic like you said. //Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 23)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 25)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds David Fifield (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 29)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Brendan Byrd (Dec 28)
- Re: [NSE] How brute scripts and UN/PW scripts interact with creds Patrik Karlsson (Dec 25)