Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Brute library bug in enumeration mode

From: Phil <mainframed767 () gmail com>
Date: Tue, 16 Aug 2016 21:25:53 -0700
Thats unfortunate it was never fixed. Dev admins, is there a specific reason this wasn’t patched? Should patches be 
submitted through github now? Just curious on the current process.

Thanks for the update Eli.



On Aug 16, 2016, at 12:27 PM, Eli Shemer <eli.shemer () greensql com> wrote:

Hey Phil,

I addressed this problem a couple of weeks ago, but I got no response from the mailing list.
You can try to apply my patch at the bottom of the mail.

Have a good day.

---------- Forwarded message ----------
From: Eli Shemer <eli.shemer () greensql com <mailto:eli.shemer () greensql com>>
Date: Fri, Jul 29, 2016 at 10:18 PM
Subject: brute script - bad argument error
To: dev () nmap org <mailto:dev () nmap org>, patrik () cqure net <mailto:patrik () cqure net>


On the current svn branch, I ran:
nmap -d  -sV --script http-brute.nse -p 80 localhost

and I got this error:
NSE: http-brute against localhost (127.0.0.1:80 <http://127.0.0.1/>) threw an error!
/usr/local/nmap/bin/../share/nmap/nselib/brute.lua:721: bad argument #3 to 'format' (number has no integer 
representation)
stack traceback:
        [C]: in function 'string.format'
        /usr/local/nmap/bin/../share/nmap/nselib/brute.lua:721: in method 'start'
        /usr/local/nmap/share/nmap/scripts/http-brute.nse:163: in function 
</usr/local/nmap/share/nmap/scripts/http-brute.nse:132>
        (...tail calls...)


This patch fixed it for me
[root@localhost nmap]# diff nselib/brute.lua  /usr/local/nmap/bin/../share/nmap/nselib/brute.lua
721c721
<     result.Statistics = ("Performed %d guesses in %d seconds, average tps: %d"):format( self.counter, time_diff, 
tps )
---

    result.Statistics = ("Performed %d guesses in %d seconds, average tps: %f"):format( self.counter, time_diff, 
tps )




and I got the following output in the second run.

|_  Statistics: Performed 50009 guesses in 32 seconds, average tps: 1614.547619
|


On Tue, Aug 16, 2016 at 7:12 PM, Phil <mainframed767 () gmail com <mailto:mainframed767 () gmail com>> wrote:
Just updated to most recent version on a blank vm to test this. Basically, when using a script that uses:
engine.options.passonly = true
the script dies with:

/usr/local/bin/../share/nmap/nselib/brute.lua:721: bad argument #3 to 'format' (number has no integer representation)
stack traceback:
      [C]: in function 'string.format'
      /usr/local/bin/../share/nmap/nselib/brute.lua:721: in method 'start'
      tso-enum.nse:204: in function <tso-enum.nse:193>
      (...tail calls...)

Line 721 from brute.lua is:
result.Statistics = ("Performed %d guesses in %d seconds, average tps: %d"):format( self.counter, time_diff, tps )

The source for the script I’m using is here: https://github.com/zedsec390/NMAP/blob/master/tso-enum.nse 
<https://github.com/zedsec390/NMAP/blob/master/tso-enum.nse>

Version info:

Nmap version 7.25SVN ( https://nmap.org <https://nmap.org/> )
Platform: x86_64-unknown-linux-gnu
Compiled with: liblua-5.3.3 libpcre-8.38 nmap-libpcap-1.7.3 nmap-libdnet-1.12 ipv6
Compiled without: openssl
Available nsock engines: epoll poll select



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev <https://nmap.org/mailman/listinfo/dev>
Archived at http://seclists.org/nmap-dev/ <http://seclists.org/nmap-dev/>



--
Eli Shemer | Software Engineer | GreenSQL |Office: +972-3-687-0033 <> | Mobile:+ 972-54-617-5724 <>| eli.shemer () 
greensql com <mailto:eli.shemer () greensql com> www.greensql.com <http://www.greensql.com/>

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: