Nmap Development mailing list archives
Re: Buffering problems in ssh2.lua
From: Fyodor <fyodor () insecure org>
Date: Sat, 13 Jun 2009 15:37:02 -0700
On Fri, Jun 12, 2009 at 10:25:06PM -0600, David Fifield wrote:
You can reliably reproduce it with this neat Ncat hack:
ncat -l 3000 --sh-exec "ncat scanme.nmap.org 22 | perl -e 'while (sysread(STDIN, \$line, 100)) { syswrite(STDOUT,
\$line); sleep 1; }'"
The Perl script breaks the TCP stream into packets containing no more
than 100 bytes. Just scan port 3000 on localhost (with version
detection) and it will proxy to port 22 on scanme, the reply broken into
small chunks.
I'm so awed by your Ncat command that I can't think of anything to say about the actual problem you're reporting :).
Does anyone want to try fixing this? There really should be a read_packet abstraction in the ssh2 library, with an internal buffer that only returns a packet when it is complete. A description of the packet format is at http://tools.ietf.org/html/rfc4253#section-6 .
Who wants to give this a try? I added it to the Nmap TODO (for the upcoming dev branch). Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Buffering problems in ssh2.lua David Fifield (Jun 12)
- Re: Buffering problems in ssh2.lua Fyodor (Jun 13)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 14)
- Message not available
- Message not available
- Message not available
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 14)
- Re: Buffering problems in ssh2.lua David Fifield (Jun 15)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 15)
- Re: Buffering problems in ssh2.lua David Fifield (Jun 16)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 27)
- Re: Buffering problems in ssh2.lua Joao Correa (Jun 14)
- Re: Buffering problems in ssh2.lua Fyodor (Jun 13)