Nmap Development mailing list archives
Re: [NSE] A Lua implementation of NSE
From: Ron <ron () skullsecurity net>
Date: Sat, 17 Jan 2009 22:09:57 -0600
Hey Patrick, I've finally had time to read this posting, since I'm on vacation. I just had a couple quick thoughts...
These are the following ways a thread may yield and whether its host will still be charged time. [...] o A thread blocked on a mutex or condition variable (see nse.condvar) will not be charged time.
This may be fixed in other ways (such as your push/pop_handler) function, but one of the things that saved a lot of trouble when me and Brandon were testing was the fact that a thread that was stuck on a mutex (that is, waiting on a mutex that would never be released) would eventually time out, and the execution would end. Am I correct in thinking that, if you pushed that change, deadlocked scripts would never finish? I think it's good if there's some way for scripts stuck in a mutex to get out, eventually, if there isn't one. The fact that your push/pop_handler would let me handle an error condition gracefully means that I can properly release my mutexes if something bad happens, so that deadlock situation should never happen, but there's always that chance.
IV. The NSE API ...
This reminded me of something I was thinking about that isn't really related to your current changes (although you DID ask for other things). This may already be possible, I don't know enough about Lua, but I'll ask anyway. Here's the situation: I have two scripts (smb-brute and smb-pwdump). smb-brute will bruteforce accounts and find weak passwords. smb-pwdump will use those accounts to log in and dump the password hashes for all users on that system. And what I'd like to do: I'd like to feed those hashes, discovered by smb-pwdump, back into smb-brute for other servers (at least, other servers in the current hostgroup). I don't want the scan against any server to end until every password in the dictionary plus every password discovered from other systems has been tried. If one of the discovered passwords works against a system, every system should be attempted with those passwords until we stop gaining ground. Does that make sense? So basically, the execution of all scans against the current hostgroup are dependent on each other. Is that something that can currently be done? I'm not opposed to combining those two scripts (smb-brute and smb-pwdump), since they're both password-stealers, but that isn't really the issue. The issue is more with how different parallel instances of the same script communicates. Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] A Lua implementation of NSE Patrick Donnelly (Jan 06)
- Re: [NSE] A Lua implementation of NSE Brandon Enright (Jan 07)
- Re: [NSE] A Lua implementation of NSE David Fifield (Jan 15)
- Re: [NSE] A Lua implementation of NSE--detailed review David Fifield (Jan 16)
- Re: [NSE] A Lua implementation of NSE--detailed review Patrick Donnelly (Jan 17)
- Re: [NSE] A Lua implementation of NSE--detailed review Patrick Donnelly (Jan 17)
- Re: [NSE] A Lua implementation of NSE--detailed review David Fifield (Jan 18)
- Re: [NSE] A Lua implementation of NSE--detailed review Patrick Donnelly (Jan 20)
- Re: [NSE] A Lua implementation of NSE--detailed review Patrick Donnelly (Jan 17)
- Re: [NSE] A Lua implementation of NSE Ron (Jan 17)
- Re: [NSE] A Lua implementation of NSE--chance for deadlock David Fifield (Jan 18)
- Re: [NSE] A Lua implementation of NSE--chance for deadlock Patrick Donnelly (Jan 20)
- Re: [NSE] A Lua implementation of NSE Patrick Donnelly (Jan 20)
- Re: [NSE] A Lua implementation of NSE Fyodor (Jan 20)
- Re: [NSE] A Lua implementation of NSE--chance for deadlock David Fifield (Jan 18)