Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap issue

From: Fyodor <fyodor () insecure org>
Date: Fri, 16 May 2008 14:52:36 -0700
On Thu, May 15, 2008 at 05:06:03PM -0700, Gianluca Varenni wrote:

Did you run nmap/zenmap with elevated privileges (if UAC is enabled)?

You need to start the application (or the command line prompt used to launch 
it) by right-clicking on it and using "Run as administrator".


Thanks Gianluca.  It looks like this was indeed his problem, and it is
one we have encountered numerous times before.  So I'd like to throw
this question out to nmap-dev: What should we do about UAC?

I'm certainly no Vista expert, but I just read up on UAC at:

http://en.wikipedia.org/wiki/User_Account_Control

So it seems that when people click on Nmap or run it from the
command-line, Vista no longer gives Nmap administrator rights by
default, even if the user is logged in as an administrator.  When Nmap
gets to opening the ethernet device with Dnet's eth_open() function,
that function seems to fail due to requiring administrator access.

Here is one idea for potentially fixing this:

1) We can compile Nmap with a "manifest" embedded with the
   requestedExecutionLevel set to 'highestAvailable' so that UAC
   confirmation will be requested at startup if the user is an admin.

2) We need to then test if the user has proper admin privileges.  If
   so, we go forward as normal.  If not, we set o.isr00t to 0 just as
   we would do if run with --unprivileged.  Maybe we should print a
   warning in this case (at least in verbose mode) because Nmap really
   is crippled in this situation.

So that is one approach we can take.  Anyone have better/different
ideas?  Anyone have Windows Vista and want to work on implementing
this?

Cheers,
-Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: