Nmap Development mailing list archives
Re: Special characters in script-args
From: Patrick Donnelly <batrick () batbytes com>
Date: Fri, 15 May 2009 18:56:23 -0600
Hello Ron, On Fri, May 15, 2009 at 1:06 PM, Ron <ron () skullsecurity net> wrote:
Hi all, I posted this to the #nmap channel a few days ago, but I wasn't around to see if there was an answer. So I figured I'd ask it here. If a --script-arg contains a special characters, such as a colon, parsing the arguments will fail with a cryptic error. So if somebody is trying to use a hash to log in, and passes this string, it'll fail: --script-args=smbuser=admin,smbhash=abc123:abc123 Similarily if a user gives the password on the commandline, like this, it'll fail: --script-args=smbuser=admin,smbpass=pass^word The solution that I use is to pass escaped quotes, like smbpass=\"pass^word\", but I don't expect that an ordinary user would know to do that (or understand the Lua stackdump when they don't). Is there something we can do to make this easier? (Sorry if this came up in an earlier discussion -- I haven't had a home Internet connection for awhile, so I haven't been following bigger threads)
We have been discussing this in [1]. I have a tentative patch [2] that tries to solve all of these problems. I encourage you to give the patch a try and report how it worked for you. [1] http://seclists.org/nmap-dev/2009/q2/0204.html [2] http://seclists.org/nmap-dev/2009/q2/0380.html -- -Patrick Donnelly "Let all men know thee, but no man know thee thoroughly: Men freely ford that see the shallows." - Benjamin Franklin _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Special characters in script-args Ron (May 15)
- Re: Special characters in script-args Fyodor (May 15)
- Re: Special characters in script-args Patrick Donnelly (May 15)