Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Please help test WDB/VxWorks NSE script

From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 12 Aug 2010 18:57:01 +0200
Hi,

A not very thorough check suggests that the problem occurs here:
local comm = rpc.Comm:new("wdb", 1)

When a new instance of the Comm class is created a lookup of the program name is performed against nmap-rpc using
Util.ProgNameToNumber

wdb isn't in that file and would have to be added in order for it to work properly.

Regards,
//Patrik

On 12 aug 2010, at 18.41, Ron wrote:


Just started running it against our environment, though I don't think we have any wdb. I got this error a lot:

NSE: wdb-version against x.x.x.x:17185 threw an error!
./nselib/rpc.lua:264: bad argument #5 to 'pack' (number expected, got nil)
stack traceback:
       [C]: in function 'pack'
       ./nselib/rpc.lua:264: in function 'CreateHeader'
       ./nselib/rpc.lua:394: in function 'EncodePacket'
       ./scripts/wdb-version.nse:44: in function 'request'
       ./scripts/wdb-version.nse:102: in function <./scripts/wdb-version.nse:93>
       (tail call): ?

Thoughts?


On Thu, 12 Aug 2010 11:07:40 -0500 Daniel Miller
<bonsaiviking () gmail com> wrote:

Howdy, list!

I have written an NSE script for version detection of the Wind River 
Debugger (WDB), commonly found on embedded VxWorks devices, and
recently brought to light by H. D. Moore [1] at Black Hat. I based it
off of the Metasploit wdbrpc_version scanner module, as well as my
own research. The script is attached.

Big problem: I do not have access to a device running VxWorks with
WDB enabled. So I really can't tell if the script will work, or if I
still have bugs. Please help me test this! Anyone with access to such
a device (or who can point me to an Internet-accessible device with
the service running) should just run it like:

nmap -sU -p 17185 --script=wdb-version.nse $TARGET

In the meantime, I will be working on setting the service version
from the script (right now, it just dumps the information it grabs
from the service).

Thanks,
Dan

[1] http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html



-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: