Nmap Development mailing list archives
Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts
From: Aleksandar Nikolic <nikolic.alek () gmail com>
Date: Sat, 14 Jul 2012 14:49:12 +0200
Also , you don't need a vulnerable server to see this behavior. Just run the script against any http server. With --max-parallelism set to default it can't DoS the server. But , in case you do need a vulnerable server, let me know and I'll send you the address of my test server off list. On Sat, Jul 14, 2012 at 2:46 PM, Aleksandar Nikolic <nikolic.alek () gmail com> wrote:
Here's the output at the end of the script run NSE Timing: About 1.96% done; ETC: 17:33 (2:55:32 remaining) NSE: MAIN THREAD: (attack against <target>): HTTP stream started. NSE: MONITOR: <target> still up, answer received. NSE: MONITOR: <target> still up, answer received. NSE: MONITOR: <target> still up, answer received. NSE Timing: About 1.96% done; ETC: 17:58 (3:20:36 remaining) NSE: MONITOR: <target> still up, answer received. NSE: MONITOR: <target> still up, answer received. NSE: MONITOR: <target> still up, answer received. NSE Timing: About 1.96% done; ETC: 18:24 (3:45:41 remaining) NSE: MONITOR: <target> still up, answer received. NSE: MONITOR: <target> still up, answer received. NSE Timing: About 1.96% done; ETC: 18:50 (4:10:45 remaining) NSE: MONITOR: <target> still up, answer received. NSE: Finished http-slowloris against <target>:80. NSE: Finished http-slowloris against <target>:80. NSE: Script Engine Scan Aborted. An error was thrown by the engine: d:\workspace\nmap-exp\aca\nmap\mswin32\Debug/nse_main.lua:332: attempt to index field '?' (a nil value) stack traceback: d:\workspace\nmap-exp\aca\nmap\mswin32\Debug/nse_main.lua:332: in function 'close' d:\workspace\nmap-exp\aca\nmap\mswin32\Debug/nse_main.lua:932: in function 'run' d:\workspace\nmap-exp\aca\nmap\mswin32\Debug/nse_main.lua:1242: in function <d:\workspace\nmap-exp\aca\nmap\mswin32\Debug/nse_main.lua:1149> [C]: in ? Nmap scan report for <target> (<target>) Host is up, received echo-reply (0.10s latency). rDNS record for <target>: <target> Scanned at 2012-07-14 14:34:11 Central Europe Daylight Time for 307s PORT STATE SERVICE REASON 80/tcp open http syn-ack Final times for host: srtt: 104000 rttvar: 94500 to: 482000 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Read from d:\workspace\nmap-exp\aca\nmap\mswin32\Debug: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 312.80 seconds Raw packets sent: 2 (72B) | Rcvd: 2 (72B) Assertion failed: nse_status(nse) == NSE_STATUS_SUCCESS, file d:\workspace\nmap-exp\aca\nmap\nse_nsock.cc, line 689 ea@WIN /d/workspace/nmap-exp/aca/nmap/mswin32/Debug $ It happens regardless if the attack worked or not. If it worked, it does report it as vulnerable. But this is on windows and this script will never work on windows ... It does happen when the main thread exists, at which point some of the worker threads are sleep()ing. Also, error is the same on linux too. The original script was a mess, and I'm still cleaning it up so there might be something left that triggers this. But never the less, a script shouldn't cause an assert to fail. I'll be looking more into this today and if you have any suggestion, please share. Aleksandar On Sat, Jul 14, 2012 at 12:09 AM, Aleksandar Nikolic <nikolic.alek () gmail com> wrote:I am running this with the latest code in the trunk. I guessed the same as Patrik suggested, but haven't yet investigated it. The main thread does finishes before the rest of the workers. Probably has something to do with that as I create many threads. And it does crash _after_ the script returns the results. Will make a full report tomorrow. On Sat, Jul 14, 2012 at 12:01 AM, Patrick Donnelly <batrick () batbytes com> wrote:On Fri, Jul 13, 2012 at 5:15 PM, Patrik Karlsson <patrik () cqure net> wrote:Not sure which script this is, but if the script is asserting after it returns the script results and if it makes use of threads, it's likely that the parent thread returns before the worker threads have stopped. I've observed this behavior numerous times in the past. Kind of says something about my coding *cough* :)The parent should be able to complete before workers. If you are encountering some error then that is a bug. -- - Patrick Donnelly
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Henri Doreau (Jul 13)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrik Karlsson (Jul 13)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrick Donnelly (Jul 13)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Henri Doreau (Jul 13)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Aleksandar Nikolic (Jul 13)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Aleksandar Nikolic (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Aleksandar Nikolic (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Aleksandar Nikolic (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrik Karlsson (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrick Donnelly (Jul 13)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrick Donnelly (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Aleksandar Nikolic (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrick Donnelly (Jul 14)
- Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts Patrik Karlsson (Jul 13)