Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: A couple more issues with http.lua

From: Joao Correa <joao () livewire com br>
Date: Fri, 21 Aug 2009 20:20:22 -0300
On Fri, Aug 21, 2009 at 4:53 PM, Ron<ron () skullsecurity net> wrote:

If nobody has any issues with this, I'll go ahead and commit it tonight or
tomorrow.

For the first issue (443 not being listed), it looks like it and 22 were
listed in the original release of the code, but at some point somebody
removed them and added some others. If there was an actual reason for
removing 443, please let me know; otherwise, I'll assume it was an accident.


Hi Ron, I removed port 22 from the list. Indeed port 443 was removed by mistake.

I think it is alright to commit the changes.

Thanks a lot again!
João


Thanks!
Ron


On 08/20/2009 10:14 AM, Ron wrote:


Hi all,

I was getting some weird errors when scanning some SSL-only servers (in
particular, an embedded Arcsight system that runs some form of Apache
Tomcat). I eventually realized it was trying to start a non-SSL
conection on port 443. I traced it back to this code:
--
local function is_ssl(port_number)
local common_ssl_ports = {465, 989, 990, 992, 993, 994, 995, 587,
6697, 6679, 8443}
...
--

The issue is that "tcp" is given priority over "ssl", since port 443 is
missing from the list, and also that the server responds to a HTTP
request on a HTTPS port with a 400 Bad Request, making Nmap think it
worked. So I added 443 to that list (and I'll commit that change, unless
there's some reason it was left off?), and now I get this error:
--
NSE: http-enum against x.x.x.125:443 threw an error!
./nselib/http.lua:629: attempt to concatenate local 'limit' (a nil
value)
stack traceback:
./nselib/http.lua:629: in function 'pipeline'
./scripts/http-enum.nse:169: in function
<./scripts/http-enum.nse:42>
(tail call): ?
--

I traced it back to this line:
--
if response.header["keep-alive"] then
local max = string.match( response.header["keep-alive"], "max\=(%d*)")
return max
else
return 40
end
--

While the server returns this:
--
status-line: HTTP/1.1 404 Not Found
header:
connection: Keep-Alive
keep-alive: timeout=15
date: Thu, 20 Aug 2009 15:07:31 GMT
content-type: text/html; charset=iso-8859-1
server: Apache
status: 404
cookies:
body:
--

So, the match is failing and 'nil' is being returned. The fix for it
would be checking if max is nil and returning 40 if it is.

I've made both those changes and tested them against a few known bad
systems. They seem to work fine. A diff is attached; let me know if you
want me to apply it.

Ron

(PS: Sorry if the linebreaks get screwed up, I am forwarding this from
Outlook)


------------------------------------------------------------------------


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: