Nmap Development mailing list archives
lua brocken in nse script
From: Seth Graham <sadgart () gmail com>
Date: Wed, 1 Sep 2010 13:24:46 +0200
Hi to everybody, I'm working in a litlle nse script to find proxys with method CONNECT available. I've test it with some parameters contexts and it works fine, but when it's working with a very large ip range it crash. I don't know if it is a nse engine problem (with multithreading maybe?), a problem in my litle script or in lua libraries. I write you a Segfault debug to improbe some solution. Lets go. ============================== =========== aaru ~ # gdb /usr/bin/nmap warning: Can not parse XML syscalls information; XML support was disabled at compile time. GNU gdb (Gentoo 7.0.1 p1) 7.0.1 Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i686-pc-linux-gnu". For bug reporting instructions, please see: <http://bugs.gentoo.org/>... Reading symbols from /usr/bin/nmap...done. (gdb) set args -n -sS -PS8080 -iR 0 --script=irc-proxy -p 8080 (gdb) run Starting program: /usr/bin/nmap -n -sS -PS8080 -iR 0 --script=irc-proxy -p 8080 Starting Nmap 5.21 ( http://nmap.org ) at 2010-09-01 00:09 CEST RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 RTTVAR has grown to over 2.3 seconds, decreasing to 2.0 Program received signal SIGSEGV, Segmentation fault. 0xb7db55c5 in traverseproto (g=0x836a030, f=0x83b4eb8) at lgc.c:207 207 markvalue(g, &f->k[i]); (gdb) bt #0 0xb7db55c5 in traverseproto (g=0x836a030, f=0x83b4eb8) at lgc.c:207 #1 0xb7db5c4d in propagatemark (g=0x836a030) at lgc.c:310 #2 0xb7db6684 in singlestep (L=0x8369fc0) at lgc.c:566 #3 0xb7db682e in luaC_step (L=0x8369fc0) at lgc.c:617 #4 0xb7dadac5 in lua_pushlstring (L=0x8369fc0, s=0xbfff9c2c ":\321\360o\300\237\066\bd;:\b|;:\b\300\237\066\b\030q@\b\224\235\213\b", len=4) at lapi.c:447 #5 0x080bdad1 in set_hostinfo(lua_State*, Target*) () #6 0x080b477b in run_main(lua_State*) () #7 0xb7db3a4c in luaD_precall (L=0x8369fc0, func=0x83a3b34, nresults=0) at ldo.c:319 #8 0xb7db3c9e in luaD_call (L=0x8369fc0, func=0x83a3b34, nResults=0) at ldo.c:376 #9 0xb7dae7fd in f_Ccall (L=0x8369fc0, ud=0xbfff9e64) at lapi.c:846 #10 0xb7db2da1 in luaD_rawrunprotected (L=0x8369fc0, f=0xb7dae74a <f_Ccall>, ud=0xbfff9e64) at ldo.c:116 #11 0xb7db4069 in luaD_pcall (L=0x8369fc0, func=0xb7dae74a <f_Ccall>, u=0xbfff9e64, old_top=12, ef=0) at ldo.c:463 #12 0xb7dae85a in lua_cpcall (L=0x8369fc0, func=0x80b4625 <run_main(lua_State*)>, ud=0xbfffbe88) at lapi.c:856 #13 0x080b45c4 in script_scan(std::vector<Target*, std::allocator<Target*>
&) ()
#14 0x0806339b in nmap_main(int, char**) () #15 0x0805e470 in main () (gdb) bt full #0 0xb7db55c5 in traverseproto (g=0x836a030, f=0x83b4eb8) at lgc.c:207 i = 0 #1 0xb7db5c4d in propagatemark (g=0x836a030) at lgc.c:310 p = 0x83b4eb8 o = 0x83b4eb8 #2 0xb7db6684 in singlestep (L=0x8369fc0) at lgc.c:566 g = 0x836a030 #3 0xb7db682e in luaC_step (L=0x8369fc0) at lgc.c:617 g = 0x836a030 lim = 448 #4 0xb7dadac5 in lua_pushlstring (L=0x8369fc0, s=0xbfff9c2c ":\321\360o\300\237\066\bd;:\b|;:\b\300\237\066\b\030q@\b\224\235\213\b", len=4) at lapi.c:447 No locals. #5 0x080bdad1 in set_hostinfo(lua_State*, Target*) () No symbol table info available. #6 0x080b477b in run_main(lua_State*) () No symbol table info available. #7 0xb7db3a4c in luaD_precall (L=0x8369fc0, func=0x83a3b34, nresults=0) at ldo.c:319 ci = 0x81072a8 n = -1210365744 cl = 0x844b430 funcr = 12 #8 0xb7db3c9e in luaD_call (L=0x8369fc0, func=0x83a3b34, nResults=0) at ldo.c:376 No locals. #9 0xb7dae7fd in f_Ccall (L=0x8369fc0, ud=0xbfff9e64) at lapi.c:846 c = 0xbfff9e64 cl = 0x844b430 #10 0xb7db2da1 in luaD_rawrunprotected (L=0x8369fc0, f=0xb7dae74a <f_Ccall>, ud=0xbfff9e64) at ldo.c:116 lj = {previous = 0x0, b = {{__jmpbuf = {-1210241036, 4096, 138169520, -1073766920, -120156276, -1313343076}, __mask_was_saved = 0, __saved_mask = {__val = {200, 143544128, 143560512, 143560512, 3081885361, 3081885344, 3081885184, 0, 0, 0, 0, 3082439430, 2, 1, 2, 135110906, 134746292, 0, 135110906, 3221200360, 3083318192, 16, 2049, 16408, 143756920, 143527776, 0, 17, 536979648, 3083318144, 3083313140, 3083318144}}}}, status = 0} #11 0xb7db4069 in luaD_pcall (L=0x8369fc0, func=0xb7dae74a <f_Ccall>, u=0xbfff9e64, old_top=12, ef=0) at ldo.c:463 status = -1212515300 oldnCcalls = 0 old_ci = 0 old_allowhooks = 1 '\001' old_errfunc = 0 #12 0xb7dae85a in lua_cpcall (L=0x8369fc0, func=0x80b4625 <run_main(lua_State*)>, ud=0xbfffbe88) at lapi.c:856 c = {func = 0x80b4625 <run_main(lua_State*)>, ud = 0xbfffbe88} status = 134746292 #13 0x080b45c4 in script_scan(std::vector<Target*, std::allocator<Target*>
&) ()
No symbol table info available. #14 0x0806339b in nmap_main(int, char**) () No symbol table info available. #15 0x0805e470 in main () No symbol table info available. (gdb) ================================================= The irc-proxy script is: ============================ description=[[ Checks if an HTTP proxy has method CONNECT for IRC servers. - Not use proxy library - ]] --- -- @args proxy.url Url that will be requested to the proxy -- @output -- @usage -- nmap --script irc-proxy author = "Seth" license = "Same as Nmap--See http://nmap.org/book/man-legal.html" categories = {"default", "discovery", "external", "intrusive"} require "shortport" require "os" portrule = shortport.port_or_service({8123,3128,8000,8080},{'polipo','squid-http','http-proxy'}) local function send(socket, str) socket:send(str) stdnse.print_debug(">> " .. str) end local function receive(socket) local _, str_ os.execute("sleep 5") _, str = socket:receive() stdnse.print_debug("<< " .. str) return str end local function check_code(result) if result then if result:match( "\r?\n\r?\n" ) then result = result:match( "^(.-)\r?\n\r?\n(.*)$" ) end if string.match(result:lower(),"^http/%d\.%d%s*200") then return true end end return false end local function check_gline(result) if result then if string.match(result:lower(),"(.*)error(.*)g-lined(.*)") then return true end end return false end action = function(host, port) local result = "" stdnse.print_debug("##################################") local socket = nmap.new_socket() socket:set_timeout(10000) local try = nmap.new_try(function() socket:close() end) try(socket:connect(host.ip, port.number)) if socket then local str send(socket, "CONNECT foo.bar:6667 HTTP/1.0\r\n\r\n") str = receive(socket) if check_code(str) then result = "Connection to HISPANO" send(socket, "USER ident 8 * :name\r\n") send(socket, "NICK nick\r\n\r\n") str = receive(socket) send(socket, "PONG :" .. string.sub(str, -18, -2) .. "\r\n") str = receive(socket) if check_gline(str) then result = result .. " is G-lined\n" else result = result .. " is ESTABLISHED!! <- " .. host.ip .. ":" .. port.number .. "\n" .. str .. "\n" end else result = "Method CONNECT not supported\n" end socket:close() end stdnse.print_debug("##################################") return result end =================================== Some tip to work in correct way? Regards, Seth _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- lua brocken in nse script Seth Graham (Sep 01)
- Re: lua brocken in nse script Patrick Donnelly (Sep 01)
- Re: lua brocken in nse script Seth Graham (Sep 01)
- Re: lua brocken in nse script Patrick Donnelly (Sep 01)
- Re: lua brocken in nse script Seth Graham (Sep 01)
- Re: lua brocken in nse script Seth Graham (Sep 01)
- Re: lua brocken in nse script Patrick Donnelly (Sep 01)