Nmap Development mailing list archives
Re: bug in irc-brute
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 19 Jan 2012 01:41:11 +0100
On Wed, Jan 18, 2012 at 11:27 AM, Sabian Syionide <kryptrulzalot () hotmail com
wrote:
Hi there, I can't seem to get this script to work under any circumstance. as an example my server uses unrealircd v:3.2.9 To make this as simple as possible I'm attempting to crack a test account using ONLY the exact right user/pass in the file. Therefore it can't possible get wrong on anything other than first guess. So.. the problem? :: nmap -d --script irc-brute.nse -p 6667 xxx.xxx.xxx.xxx Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2012-01-18 01:16 AKST --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating Ping Scan at 01:16 Scanning irc.hostename.org (xxx.xxx.xxx.xxx) [4 ports] Packet capture filter (device wlan0): dst host 192.168.xxx.xxx and (icmp or icmp6 or ((tcp or udp or sctp) and (src host xxx.xxx.xxx.xxx))) We got a ping packet back from xxx.xxx.xxx.xxx: id = 37077 seq = 0 checksum = 28458 Completed Ping Scan at 01:16, 0.20s elapsed (1 total hosts) Overall sending rates: 19.99 packets / s, 759.50 bytes / s. mass_rdns: Using DNS server 192.168.227.1 Initiating Parallel DNS resolution of 1 host. at 01:16 mass_rdns: 0.17s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 01:16, 0.17s elapsed DNS resolution of 1 IPs took 0.17s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 01:16 Scanning irc.domain.org (xxx.xxx.xxx.xxx) [1 port] Packet capture filter (device wlan0): dst host 192.168.x.x and (icmp or icmp6 or ((tcp or udp or sctp) and (src host xxx.xxx.xxx.xxx))) Discovered open port 6667/tcp on xxx.xxx.xxx.xxx Completed SYN Stealth Scan at 01:16, 0.20s elapsed (1 total ports) Overall sending rates: 5.00 packets / s, 220.14 bytes / s. NSE: Script scanning xxx.xxx.xxx.xxx NSE: Starting runlevel 1 (of 1) scan. NSE: Starting irc-brute against xxx.xxx.xxx.xxx:6667. Initiating NSE at 01:16 NSE: irc-brute against xxx.xxx.xxx.xxx:6667 threw an error! /usr/local/share/nmap/scripts/irc-brute.nse:115: bad argument #1 to 'format' (number expected, got nil) stack traceback: [C]: in function 'format' /usr/local/share/nmap/scripts/irc-brute.nse:115: in function 'needsPassword' /usr/local/share/nmap/scripts/irc-brute.nse:121: in function </usr/local/share/nmap/scripts/irc-brute.nse:119> (tail call): ? Completed NSE at 01:17, 15.41s elapsed /snip/ And with other daemons I simply get: /snip/ 6667/tcp open irc syn-ack | irc-brute: |_ ERROR: Failed to check password requirements, unknown code (1) Final times for host: srtt: 192256 rttvar: 144491 to: 770220 /snip/ I can't code lua. I can understand most of it but.. not really sure what's going on here. I keep an eye on my inbox incase anybody responds to this, sincerely, myself. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Hi Sabian, Would you mind trying to run the script in debug mode and with the --packet-trace argument and send us the results? This way we can see the communication between Nmap and the server and it will help us track down the problem. Cheers, Patrik -- Patrik Karlsson http://www.cqure.net http://twitter.com/nevdull77 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- bug in irc-brute Sabian Syionide (Jan 18)
- Re: bug in irc-brute Patrik Karlsson (Jan 18)