Andrew's Status Report - #11 of 17

[Andrew Jason Farabee <afarabee () uci edu>]

Accomplishments:

 * Created ncat option "--proxies," which takes a proxy chain
specification string (ie.
'socks4://127.0.0.1:1080,socks4a://127.0.0.1:9050,http://proxy.example.com:9999')
and passes this to nsock_proxychain_new in order to create a proxy
chain and implement the connections.  There was an issue with $ ./ncat
--proxies '' [hostname] resulting in a segfault, so some out of place
code had to be added to ncat_main.c in order to make sure that if
o.proxy_chain_str was specified that the first character wasn't null.
I will look into this more so I can hopefully remove this code. This
issue also effects --proxy and --proxy-type, but since these values
get translated into a string with a necessary "://", it doesn't result
in memory problems.

 * Setup a debian 5 virtual machine running exim 4.69 in order to test
the vulns port of smtp-vuln-cve2010-4344.nse. The first results of the
test are here: https://gist.github.com/andrewfarabee/dffc9e8c245d29271db4
(sorry about the lua syntax highlighting).  Right now I've found an
issue with my usage of ipairs when scanning from outside of my
network, so I am going to try to figure out what is causing that.
Also, if the user specifies
--script-args='smtp-vuln-cve2010-4344.exploit', they will still get a
message asking them to run with this argument in order to exploit.  I
don't think this was introduced in my port since the original script
behaves in the same way. I'm going to look at some packet captures and
debugging output to check if the script is not attempting exploitation
or if it is just not made clear that exploitation was attempted and
failed.

 * Added some error checking/messages to the ncat --proxy,
--proxy-type, --proxies options and a warning that --proxy is
depreciated when in verbose mode. Also switched from safe_malloc and
strcpy/strcat to using the util.c function strbuf_sprintf on David
Fifield's recommendation (Thanks!) for ncat string creation.


Priorities:

 * Try to come up with a cleaner solution to checking that --proxy,
--proxy-type, --proxies arguments are not empty. (Mentioned above)
 * Fix ipairs issue in vulns port of smtp-vuln-cve2010-4344.nse and
figure out if exploitation is being attempted when it should be.
(Mentioned above)
 * Set up code coverage (gcov) and test the patch for issue 157.
 * Carry out more thorough testing of nmap-exp/pasca1/nmap-ncat-socks4a.
 * Re-read the logs of the socks4a meeting and talk to my mentor about
creating an nsock target structure that can handle both hostnames and
ip addresses and start coding.

I hope everyone's week has gotten off to a good start!

Andrew
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/