Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [nmap-svn] r29203 - nmap-exp/aca/nmap/scripts

From: Patrik Karlsson <patrik () cqure net>
Date: Sat, 14 Jul 2012 20:57:50 +0200
On Sat, Jul 14, 2012 at 6:43 PM, Aleksandar Nikolic
<nikolic.alek () gmail com>wrote:


Hi all,

I've resolved this issue as far as the script is concerned in r29209.

As far as I can tell, the problem was with threads that were stuck while
waiting
for free sockets and/or threads that were asleep.
I've added the code in the main thread that waits for all others to finish.

There is no way to explicitly kill the thread, is there ?

Ass all this is a bit ugly, can i get the value of max-parallelism
from the NSE somehow?
That way , I could create just enough threads and get to warn the user
that the attack won't
work if it can't get enough threads.



I had the same problem with the brute library, wanting to get hold of the
max-parallelism, but it wasn't possible at that time. I think this still
holds true. Also as multiple scrips may be running at the same time
consuming any amount of sockets at a given time, its difficult to make sure
that you really can allocate the maximum set by the max-parallelism value.
I think there was a discussion back then about adding the ability to
request a given amount of sockets by a script, but as there wasn't any real
need (apart from the brute library I mean) I'm not sure where we ended up
with that.

The problem I was having with the brute library was that one thread would
consume a username and password pair in the engine and the lock, due to
socket exhaustion when trying to connect the socket. This would result in
username and password combinations used early in a supplied lists would not
get guessed until at then end, when socket resources were freed up. I
re-architected the library a bit to work around this, by adding the connect
method to the driver, as once the socket is connected we pretty much have
the resource.

I don't think dnet "suffers" from this same restriction, but in this case,
implementing TCP and HTTP on top of that and using pcap to read the
responses is surely not worth it.

Cheers,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: