Nmap Development mailing list archives
Re: Special characters in script-args
From: Fyodor <fyodor () insecure org>
Date: Fri, 15 May 2009 16:04:05 -0700
On Fri, May 15, 2009 at 02:06:33PM -0500, Ron wrote:
If a --script-arg contains a special characters, such as a colon, parsing the arguments will fail with a cryptic error. So if somebody is trying to use a hash to log in, and passes this string, it'll fail: --script-args=smbuser=admin,smbhash=abc123:abc123 Similarily if a user gives the password on the commandline, like this, it'll fail: --script-args=smbuser=admin,smbpass=pass^word
Hi Ron. Good find. This is a side effect of the new, more powerful --script syntax. It basically ends up executing the --script-args in Lua. I agree that it should be fixed to accept a wider range of characters and give a more useful error message if it does fail for some reason. I've added this to nmap/docs/TODO, though that is only the easy step. Someone has to actually write the patch :). Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Special characters in script-args Ron (May 15)
- Re: Special characters in script-args Fyodor (May 15)
- Re: Special characters in script-args Patrick Donnelly (May 15)