Re: Uniquely identifying an Nmap install from NSE?

[David Fifield <david () bamsoftware com>]

On Fri, Aug 07, 2009 at 04:41:25PM -0500, Ron wrote:
> I had a conversation with Ed Skoudis at Defcon, and he had a comment on  
> some of my SMB scripts: one of his primary uses for these scripts is  
> teaching, so he can have up to 40 people using the same scripts against  
> the same target, and that won't work well with psexec-style scripts. Up  
> till now, I've written the scripts from the perspective of how I'd use  
> them: one person at a time. That doesn't work as well in the real world.
>
> The issue is, some scripts (like smb-pwdump.nse) create a service on the  
> remote host. I always use the same name for this service, since that  
> makes it possible to clean up later if something fails. But, this  
> creates a race condition where if two people run the same script, it'll  
> fail for one or both of them.
>
> So, the two obvious choices are:
> 1. Leave it the way it is, and accept that it's going to have a race  
> condition
> 2. Randomize the name, making it difficult to clean up

Is the service left running only in an exceptional case (an error)? The
idea behind using a consistent name is to make it easy for a human to go
clean it up if necessary? Or is it that there is a lack of a way for NSE
to store the service name between when it starts the service and when it
shuts it down?

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org