Nmap Development mailing list archives
Re: nmap crash
From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 20 Feb 2015 10:45:18 -0600
Mike, I just reproduced the problem: it was caused by pressing Ctrl+C while a script is sleeping. I reproduced it with a super-simple prerule script which just sleeps for 10 seconds. Now we just need to come up with a proper fix. I do want to caution you that 'http*' includes a few scripts that you probably don't want to run for just information gathering: dos (denial of service) category: http-slowloris. This is probably the script that crashed, since it calls sleep a lot. This will run for 30 minutes by default, and will conflict with other scripts since it tries to prevent the target from responding to anyone (even NSE!). brute category: http-brute, http-form-brute, http-iis-short-name-brute, http-joomla-brute, http-proxy-brute, and http-wordpress-brute. If there are any authorization forms or 401 codes, some these scripts will try to brute-force logins. http-iis-short-name-brute will try to brute-force names of files on the target, too. external category: http-google-malware, http-icloud-findmyiphone, http-icloud-sendmsg, http-open-proxy, http-proxy-brute, http-robtex-reverse-ip, http-robtex-shared-ns, http-virustotal, and http-xssed. These will all request information about your target from external sources, or attempt to contact external servers through your target. Dan On Fri, Feb 20, 2015 at 8:18 AM, Mike . <dmciscobgp () hotmail com> wrote:
thanks for looking into this and getting back to me! yes, i can reproduce this, as i did here: Initiating NSE at 07:49 NSE Timing: About 3.10% done; ETC: 08:05 (0:16:08 remaining) NSE Timing: About 3.24% done; ETC: 08:20 (0:30:21 remaining) NSE Timing: About 3.24% done; ETC: 08:36 (0:45:16 remaining) NSE Timing: About 3.24% done; ETC: 08:51 (1:00:12 remaining) Assertion failed: nse_status(nse) == NSE_STATUS_SUCCESS, file ..\nse_nsock.cc, l ine 737 cmd was: nmap -n -vv -T4 -Pn -reason -max-retries 2 192.168.0.10 -script http* and like i said, not just an nmap crash, but i get the kernel catching it fron an exception window on win7 ------------------------------ Date: Thu, 19 Feb 2015 14:11:18 -0600 Subject: Re: nmap crash From: bonsaiviking () gmail com To: dmciscobgp () hotmail com CC: dev () nmap org Mike, Thanks for the report. I have not seen this, but from digging into the code, it looks like it could happen if a Nsock timer (such as is created in stdnse.sleep) is canceled in such a way that still fires the sleep callback function. I can't really see a way to make that happen, but I'd guess it has something to do with host timeouts. I see a few different ways ahead: 1. In the meantime, if you are using -T5 and running lots of scripts, increase your host timeout from the default of 15 minutes, since you probably don't want it to timeout anyway. 2. We can add an additional condition to the assertion so that NSE_STATUS_CANCELLED is valid, too. This would result in the thread which called the cancelled sleep to be resumed, so I don't know if that's what we want either. 3. We can dig into the specific conditions which caused this crash and correct the underlying problem. If you want to help with this, please let us know the exact command line you used, whether you can reproduce the crash, and any information (open ports, services, etc) about the target that may be relevant. Thanks again! Dan On Sun, Feb 8, 2015 at 10:14 PM, Mike . <dmciscobgp () hotmail com> wrote: so in scanning my TIVO box that was said to have standard http ports open i went ahead with a script scan for http info. ran it as a wildcard and in the output i got this and an exception thrown Initiating NSE at 22:10 NSE Timing: About 2.97% done; ETC: 22:27 (0:16:52 remaining) NSE Timing: About 3.11% done; ETC: 22:42 (0:31:40 remaining) Assertion failed: nse_status(nse) == NSE_STATUS_SUCCESS, file ..\nse_nsock.cc, l ine 737 anyone ever see this? ty m|ke _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- nmap crash Mike . (Feb 08)
- Re: nmap crash Daniel Miller (Feb 19)
- Message not available
- Re: nmap crash Daniel Miller (Feb 20)
- Re: nmap crash Henri Doreau (Feb 21)
- Message not available
- Re: nmap crash Daniel Miller (Feb 19)