Re: [NSE] p2p-conficker crashes when scanning IPv6

[Ron <ron () skullsecurity net>]

I don't believe Conficker supported IPv6. At least, none of the writeups I've seen mentioned it. 

Ron

On Mon, 11 Jun 2012 09:08:25 -0500 Daniel Miller <bonsaiviking () gmail com> wrote:
> Hi List,
>
> So here's the crash I got:
>
> ./scripts/p2p-conficker.nse:578: bad argument #2 to 'pack' (number 
> expected, got nil)
> stack traceback:
>          [C]: in function 'pack'
>          ./scripts/p2p-conficker.nse:578: in function 
> <./scripts/p2p-conficker.nse:540>
>          (...tail calls...)
>
> Argument #2 is "ip", which comes from host.ip, after passing through 
> ipOps.todword(), which returns nil, since it only supports IPv4. I
> don't know if Conficker supported IPv6, but I think reasonable logic
> would be to check for nmap.registry.args.realip, and if that is not
> set and we are scanning IPv6, then bail. Here's my take on a patch,
> but I don't know enough about the script to know if this is an
> acceptable approach:
>
> Index: scripts/p2p-conficker.nse
> ===================================================================
> --- scripts/p2p-conficker.nse   (revision 28902)
> +++ scripts/p2p-conficker.nse   (working copy)
> @@ -571,6 +571,8 @@
>          -- Use the provided IP, if it exists
>          if(nmap.registry.args.realip ~= nil) then
>                  ip = nmap.registry.args.realip
> +  elseif(nmap.address_family() == 'inet6') then
> +    return nil -- Can't generate ports based on IPv6 address
>          end
>
>          -- Reverse the IP's endianness
>
>
> Dan
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/