Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap crash

From: Daniel Miller <bonsaiviking () gmail com>
Date: Fri, 20 Feb 2015 10:45:18 -0600
Mike,

I just reproduced the problem: it was caused by pressing Ctrl+C while a
script is sleeping. I reproduced it with a super-simple prerule script
which just sleeps for 10 seconds. Now we just need to come up with a proper
fix.

I do want to caution you that 'http*' includes a few scripts that you
probably don't want to run for just information gathering:

dos (denial of service) category: http-slowloris. This is probably the
script that crashed, since it calls sleep a lot. This will run for 30
minutes by default, and will conflict with other scripts since it tries to
prevent the target from responding to anyone (even NSE!).

brute category: http-brute, http-form-brute, http-iis-short-name-brute,
http-joomla-brute, http-proxy-brute, and http-wordpress-brute. If there are
any authorization forms or 401 codes, some these scripts will try to
brute-force logins. http-iis-short-name-brute will try to brute-force names
of files on the target, too.

external category: http-google-malware, http-icloud-findmyiphone,
http-icloud-sendmsg, http-open-proxy, http-proxy-brute,
http-robtex-reverse-ip, http-robtex-shared-ns, http-virustotal, and
http-xssed. These will all request information about your target from
external sources, or attempt to contact external servers through your
target.

Dan

On Fri, Feb 20, 2015 at 8:18 AM, Mike . <dmciscobgp () hotmail com> wrote:



thanks for looking into this and getting back to me! yes, i can reproduce
this, as i did here:

Initiating NSE at 07:49
NSE Timing: About 3.10% done; ETC: 08:05 (0:16:08 remaining)
NSE Timing: About 3.24% done; ETC: 08:20 (0:30:21 remaining)
NSE Timing: About 3.24% done; ETC: 08:36 (0:45:16 remaining)
NSE Timing: About 3.24% done; ETC: 08:51 (1:00:12 remaining)
Assertion failed: nse_status(nse) == NSE_STATUS_SUCCESS, file
..\nse_nsock.cc, l
ine 737


cmd was:  nmap -n -vv -T4 -Pn -reason -max-retries 2 192.168.0.10  -script
http*


and like i said, not just an nmap crash, but i get the kernel catching it
fron an exception window  on win7

------------------------------
Date: Thu, 19 Feb 2015 14:11:18 -0600
Subject: Re: nmap crash
From: bonsaiviking () gmail com
To: dmciscobgp () hotmail com
CC: dev () nmap org


Mike,

Thanks for the report. I have not seen this, but from digging into the
code, it looks like it could happen if a Nsock timer (such as is created in
stdnse.sleep) is canceled in such a way that still fires the sleep callback
function. I can't really see a way to make that happen, but I'd guess it
has something to do with host timeouts. I see a few different ways ahead:

1. In the meantime, if you are using -T5 and running lots of scripts,
increase your host timeout from the default of 15 minutes, since you
probably don't want it to timeout anyway.

2. We can add an additional condition to the assertion so that
NSE_STATUS_CANCELLED is valid, too. This would result in the thread which
called the cancelled sleep to be resumed, so I don't know if that's what we
want either.

3. We can dig into the specific conditions which caused this crash and
correct the underlying problem. If you want to help with this, please let
us know the exact command line you used, whether you can reproduce the
crash, and any information (open ports, services, etc) about the target
that may be relevant.

Thanks again!
Dan



On Sun, Feb 8, 2015 at 10:14 PM, Mike . <dmciscobgp () hotmail com> wrote:

so in scanning my TIVO box that was said to have standard http ports open
i went ahead with a script scan for http info. ran it as a wildcard and in
the output i got this and an exception thrown



Initiating NSE at 22:10
NSE Timing: About 2.97% done; ETC: 22:27 (0:16:52 remaining)
NSE Timing: About 3.11% done; ETC: 22:42 (0:31:40 remaining)
Assertion failed: nse_status(nse) == NSE_STATUS_SUCCESS, file
..\nse_nsock.cc, l
ine 737



anyone ever see this? ty
m|ke

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: