Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [SCRIPT] IBM DB2 Server Profile export + Version detection

From: David Fifield <david () bamsoftware com>
Date: Tue, 22 Dec 2009 10:17:21 -0700
On Sun, Dec 20, 2009 at 12:29:42AM +0100, Patrik Karlsson wrote:

I ran the script against both Windows and Linux and at first it looked
great. Looking a bit closer I noticed that the server profile ended in
the middle of a node description. Running the script against the same
server several times sometimes ended up with a complete server profile
and other times with just half of it.

My guess is that as your script searches for the beginning of the
profile and breaks the loop once it detects it, you sometimes end up
with incomplete data in the receive buffer, needing to call it again
to retrieve the remaining data. I made some small changes so that it
reads until it finds "\r\n\0" at the end of the receive buffer instead
and then breaks. This change allowed me to get consistent results. If
your interested in the diff let me know.

An even better (or overambitious?) solution might be to read a fixed
length data header of the socket, retrieve the length of the data from
this header, and then read the remaining data from the socket. That
would require protocol documentation/knowledge or some packet analysis
though. I did some initial packet analysis and found some stuff that
was the same in each packet and some bytes that probably contain
length info. 


We had a similar problem with the ssh2 library. It assumed that one
network read would always retrieve a complete packet, which wasn't
always the case.

http://seclists.org/nmap-dev/2009/q2/673

João Correa fixed it by building in a buffer that stores bytes and
returns a packet only when it is complete. It has a nice interface; you
just say

        status, packet = transport.receive_packet(socket)
        if not status then socket:close(); return end
        ...

Here's the message with his patch:

http://seclists.org/nmap-dev/2009/q2/704

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: