Bug report:brute.lua and oracle-brute NSE script

[Tod Beardsley <todb () planb-security net>]

I've been messing with the oracle-brute script today in an effort to
get my hands dirty in NSE-land and to solve an immediate problem. I
noticed that oracle-brute's disconnect() method doesn't actually wait
around for the disconnect to occur, which can leave the script in a
state where it continuously fails to reconnect, which then rapidly
decrements the retries counter.

By setting a brute.delay of 0.25 seconds, or by setting brute.retries
to 8000, the problem is avoided

This came up when bruting a local VM running Oracle 10.2.0.1.0 on
Linux (the stock deb package), I don't know if this problem even
manifests in a non-vmnet network, but it certainly will stymie normal
testing. I've confirmed it using nmap from svn trunk.

The problem is around doAuthenticate in brute.lua -- the status fails
when we've not yet /ack'ed the Oracle server's FIN, so we skip down to
the retries decrementor. This condition occurs at exactly 15 attempts
for me, every time (after the 15th fail, i get a pile of un-ack'ed
FINs).

I now have about 4 hours of Lua experience, so I don't know what the
best way is to ensure the disconnect actually happens, but some kind
of ensure around driver:disconnect() will do the trick, i expect.

Sorry for the lack of a patch. This might be a 5 minute fix for
someone who's actually lua-savvy.

Thanks!

-todb
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/