Nmap Development mailing list archives
Bug in ncat?
From: Pierluigi Vittori <pierluigi.vittori () gmail com>
Date: Thu, 26 Jun 2014 16:18:31 +0200
Hi there, I think I found a small bug in ncat, namely in the code that builds the authentication string in the socks5 protocol. The original code writes the PLEN byte in the wrong position and then gets overwritten by the password string itself. Here's the patch, it works for me with my authenticated ss5 server: diff -u -r nmap-6.46.orig/ncat/ncat_connect.c ../nmap-6.46/ncat/ncat_connect.c --- nmap-6.46.orig/ncat/ncat_connect.c 2014-02-20 22:22:22.000000000 +0100 +++ ../nmap-6.46/ncat/ncat_connect.c 2014-06-26 08:07:36.682892626 +0200 @@ -723,7 +723,7 @@ memcpy(socks5auth.data+1,username,strlen(username)); len = 2 + strlen(username); // (version + strlen) + username - socks5auth.data[len]=strlen(password); + socks5auth.data[len-1]=strlen(password); memcpy(socks5auth.data+len,password,strlen(password)); len += 1 + strlen(password); Hope it helps. Ciao, Pierluigi _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Bug in ncat? Pierluigi Vittori (Jul 01)
- Re: Bug in ncat? Daniel Miller (Jul 25)