Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Special characters in script-args

From: Fyodor <fyodor () insecure org>
Date: Fri, 15 May 2009 16:04:05 -0700
On Fri, May 15, 2009 at 02:06:33PM -0500, Ron wrote:


If a --script-arg contains a special characters, such as a colon, 
parsing the arguments will fail with a cryptic error. So if somebody is 
trying to use a hash to log in, and passes this string, it'll fail:
 --script-args=smbuser=admin,smbhash=abc123:abc123

Similarily if a user gives the password on the commandline, like this, 
it'll fail:
 --script-args=smbuser=admin,smbpass=pass^word


Hi Ron.  Good find.  This is a side effect of the new, more powerful
--script syntax.  It basically ends up executing the --script-args in
Lua.  I agree that it should be fixed to accept a wider range of
characters and give a more useful error message if it does fail for
some reason.  I've added this to nmap/docs/TODO, though that is only
the easy step.  Someone has to actually write the patch :).

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: