Nmap Development mailing list archives
Andrew's Status Report - #11 of 17
From: Andrew Jason Farabee <afarabee () uci edu>
Date: Mon, 13 Jul 2015 23:46:36 -0700
Accomplishments: * Created ncat option "--proxies," which takes a proxy chain specification string (ie. 'socks4://127.0.0.1:1080,socks4a://127.0.0.1:9050,http://proxy.example.com:9999') and passes this to nsock_proxychain_new in order to create a proxy chain and implement the connections. There was an issue with $ ./ncat --proxies '' [hostname] resulting in a segfault, so some out of place code had to be added to ncat_main.c in order to make sure that if o.proxy_chain_str was specified that the first character wasn't null. I will look into this more so I can hopefully remove this code. This issue also effects --proxy and --proxy-type, but since these values get translated into a string with a necessary "://", it doesn't result in memory problems. * Setup a debian 5 virtual machine running exim 4.69 in order to test the vulns port of smtp-vuln-cve2010-4344.nse. The first results of the test are here: https://gist.github.com/andrewfarabee/dffc9e8c245d29271db4 (sorry about the lua syntax highlighting). Right now I've found an issue with my usage of ipairs when scanning from outside of my network, so I am going to try to figure out what is causing that. Also, if the user specifies --script-args='smtp-vuln-cve2010-4344.exploit', they will still get a message asking them to run with this argument in order to exploit. I don't think this was introduced in my port since the original script behaves in the same way. I'm going to look at some packet captures and debugging output to check if the script is not attempting exploitation or if it is just not made clear that exploitation was attempted and failed. * Added some error checking/messages to the ncat --proxy, --proxy-type, --proxies options and a warning that --proxy is depreciated when in verbose mode. Also switched from safe_malloc and strcpy/strcat to using the util.c function strbuf_sprintf on David Fifield's recommendation (Thanks!) for ncat string creation. Priorities: * Try to come up with a cleaner solution to checking that --proxy, --proxy-type, --proxies arguments are not empty. (Mentioned above) * Fix ipairs issue in vulns port of smtp-vuln-cve2010-4344.nse and figure out if exploitation is being attempted when it should be. (Mentioned above) * Set up code coverage (gcov) and test the patch for issue 157. * Carry out more thorough testing of nmap-exp/pasca1/nmap-ncat-socks4a. * Re-read the logs of the socks4a meeting and talk to my mentor about creating an nsock target structure that can handle both hostnames and ip addresses and start coding. I hope everyone's week has gotten off to a good start! Andrew _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Andrew's Status Report - #11 of 17 Andrew Jason Farabee (Jul 13)
- Re: Andrew's Status Report - #11 of 17 Jacek Wielemborek (Jul 14)