Re: [NSE patch]

[jah <jah () zadkiel plus com>]

On 26/08/2008 01:59, Fyodor wrote:
> One problem is that when I use this in combination with version
> detection, the NSE script fails to get results:
>
> ./nmap -sV --script scripts/netbios-smb-os-discovery.nse 192.168.0.4
> [...]
> PORT    STATE SERVICE      VERSION
> 135/tcp open  msrpc        Microsoft Windows RPC
> 139/tcp open  netbios-ssn
> 445/tcp open  microsoft-ds Microsoft Windows XP microsoft-ds
> MAC Address: 00:0C:29:FA:6E:BD (VMware)
> Service Info: OS: Windows
>
> Host script results:
> |  Discover OS Version over NetBIOS and SMB: OS version cannot be determined.
> |_ Never received a response to SMB Setup AndX Request
> |  Discover OS Version over NetBIOS and SMB: Windows XP
> |_ Discover system time over SMB: 2008-08-25 19:56:53 UTC-7
I've noticed this too and I think that because the script is in the
version category it's actually called twice when you specify it by name
and with -sV:

SCRIPT ENGINE: Matching rules.
SCRIPT ENGINE: Will run C:\Program
Files\Nmap\scripts\netbios-smb-os-discovery.nse against 192.168.1.1
SCRIPT ENGINE: Will run C:\Program
Files\Nmap\scripts\netbios-smb-os-discovery.nse against 192.168.1.1
SCRIPT ENGINE: Running scripts.

Sometimes you get two results as you've observed, I've also seen just
one result along with:

SCRIPT ENGINE: ...gram
Files\Nmap\scripts\netbios-smb-os-discovery.nse:261: attempt to index
global 'socket' (a nil value)

so one instance fails - I've not looked into why, but there's this
immediately before:
Callback: WRITE ERROR [Unknown error (10054)] for EID 59

So aside from the issue in the script, perhaps NSE should prevent a
script running twice when a version category script is called by -sV and
by name?

jah

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org