Nmap Development mailing list archives
Re: Nmap crashing
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 12 Jan 2016 08:26:15 -0600
Dan, We made a change based on Gisle's observations, but I don't think it's at the root of your crash. I've made a debug build that I would like you to run to see if it still crashes. I'll send you the link off-list since it's not an official release. If it does crash, I would like to see if you can generate a dump with the instructions at [1]. That would help us narrow down exactly what is causing the crash. Thanks, Dan [1] https://msdn.microsoft.com/en-us/library/windows/desktop/bb787181%28v=vs.85%29.aspx On Sat, Jan 9, 2016 at 12:26 PM, Dan Baxter <danthemanbaxter () gmail com> wrote:
Anything new on this issue? I don't know what to expect. Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? "A sword never kills anybody; it is a tool in the killers hands."-Lucius Annaeus Seneca, c.4BC-65AD On Mon, Jan 4, 2016 at 11:19 AM, Dan Baxter <danthemanbaxter () gmail com> wrote:Great. Here are the outputs of the requested runs. Sorry about not CC'ing the list. I missed that the first time. Starting Nmap 7.00 ( https://nmap.org ) at 2016-01-04 11:15 Eastern Standard Time Winpcap present, dynamic linked to: WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008) NPF service is already running. Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.2. Fetchfile found C:\Program Files (x86)\Nmap/nse_main.lua Fetchfile found C:\Program Files (x86)\Nmap/nselib/lpeg-utility.lua Fetchfile found C:\Program Files (x86)\Nmap/nselib/stdnse.lua Fetchfile found C:\Program Files (x86)\Nmap/nselib/strict.lua Fetchfile found C:\Program Files (x86)\Nmap/scripts\script.db NSE: Arguments from CLI: Fetchfile found C:\Program Files (x86)\Nmap/scripts\test_crash.nse NSE: Script test_crash.nse was selected by file path. NSE: Loaded 1 scripts for scanning. NSE: Loaded 'C:\Program Files (x86)\Nmap/scripts\test_crash.nse'. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 11:15 NSE: Starting test_crash M:2F07230. NSE: [test_crash M:2F07230] Begin NSE: [test_crash M:2F07230] Connecting to 224.0.0.1:12345/udp nmap --iflist Starting Nmap 7.00 ( https://nmap.org ) at 2016-01-04 11:16 Eastern Standard Time ************************INTERFACES************************ DEV (SHORT) IP/MASK TYPE UP MTU MAC eth0 (eth0) fe80::c099:3fce:aa34:26d3/64 ethernet down 1500 5C:E0:C5:6D:E5:DF eth0 (eth0) 169.254.38.211/4 ethernet down 1500 5C:E0:C5:6D:E5:DF eth1 (eth1) fe80::6800:fe8:f99d:9727/64 ethernet down 1500 5C:E0:C5:6D:E5:E2 eth1 (eth1) 169.254.151.39/4 ethernet down 1500 5C:E0:C5:6D:E5:E2 eth2 (eth2) fe80::d0c:2f32:fcf7:9bbb/64 ethernet up 1500 5C:E0:C5:6D:E5:DE eth2 (eth2) 10.90.204.11/22 ethernet up 1500 5C:E0:C5:6D:E5:DE eth3 (eth3) fe80::21a6:445c:c034:3cdf/64 ethernet down 1500 34:E6:D7:86:ED:60 eth3 (eth3) 169.254.60.223/4 ethernet down 1500 34:E6:D7:86:ED:60 lo0 (lo0) ::1/128 loopback up -1 lo0 (lo0) 127.0.0.1/8 loopback up -1 tun0 (tun0) fe80::5efe:a5a:cc0b/128 point2point down 1280 tun1 (tun1) fe80::ffff:ffff:fffe/0 point2point down 1280 tun2 (tun2) 2002:9f8c:d50d:8102:4080:f6f4:2394:be19/64 point2point up 1280 tun2 (tun2) 2002:9f8c:d50d:8102:d8a2:ce6f:81c3:375a/64 point2point up 1280 tun2 (tun2) fe80::4080:f6f4:2394:be19/64 point2point up 1280 DEV WINDEVICE eth0 \Device\NPF_{D4E3DDCA-7C2F-4EF6-8E54-912837F4E75B} eth0 \Device\NPF_{D4E3DDCA-7C2F-4EF6-8E54-912837F4E75B} eth1 \Device\NPF_{51E77356-8C24-4FE2-A78A-1370D82D86AC} eth1 \Device\NPF_{51E77356-8C24-4FE2-A78A-1370D82D86AC} eth2 \Device\NPF_{0FE48A9F-F513-4710-A982-2BF26E633F2E} eth2 \Device\NPF_{0FE48A9F-F513-4710-A982-2BF26E633F2E} eth3 \Device\NPF_{FFE251AE-EFC8-4AF9-8C5F-90A93B6FA30D} eth3 \Device\NPF_{FFE251AE-EFC8-4AF9-8C5F-90A93B6FA30D} lo0 <none> lo0 <none> tun0 <none> tun1 <none> tun2 <none> tun2 <none> tun2 <none> **************************ROUTES************************** DST/MASK DEV METRIC GATEWAY 255.255.255.255/32 eth0 261 255.255.255.255/32 eth3 261 10.90.204.11/32 eth2 276 10.90.207.255/32 eth2 276 255.255.255.255/32 eth2 276 255.255.255.255/32 eth1 296 127.0.0.1/32 lo0 306 127.255.255.255/32 lo0 306 255.255.255.255/32 lo0 306 10.90.204.0/22 eth2 276 127.0.0.0/8 lo0 306 224.0.0.0/4 eth3 261 224.0.0.0/4 eth0 261 224.0.0.0/4 eth2 276 224.0.0.0/4 eth1 296 224.0.0.0/4 lo0 306 0.0.0.0/0 eth2 20 10.90.204.1 fe80::c099:3fce:aa34:26d3/128 eth0 261 fe80::21a6:445c:c034:3cdf/128 eth3 261 fe80::d0c:2f32:fcf7:9bbb/128 eth2 276 fe80::6800:fe8:f99d:9727/128 eth1 296 ::1/128 lo0 306 fe80::4080:f6f4:2394:be19/128 tun2 306 fe80::ffff:ffff:fffe/128 tun1 306 fe80::5efe:a5a:cc0b/128 tun0 306 2002:9f8c:d50d:8102:d8a2:ce6f:81c3:375a/128 tun2 306 2002:9f8c:d50d:8102:4080:f6f4:2394:be19/128 tun2 306 fe80::/64 eth0 261 fe80::/64 eth3 261 fe80::/64 eth2 276 fe80::/64 eth1 296 2002:9f8c:d50d::/64 tun2 306 fe80::f587:ea7e:cace:8200 2002:9f8c:d50d:8000::/64 tun2 306 fe80::f587:ea7e:cace:8200 fe80::/64 tun2 306 fe80::/64 tun1 306 2002:9f8c:d50e::/64 tun2 306 fe80::f587:ea7e:cace:8200 2002:9f8c:d50d:8102::/64 tun2 306 2002:9f8c:d50d:8000::/49 tun2 306 fe80::f587:ea7e:cace:8200 2001::/32 tun1 306 2002::/16 tun2 4146 fe80::f587:ea7e:cace:8200 ff00::/8 eth0 261 ff00::/8 eth3 261 ff00::/8 eth2 276 ff00::/8 eth1 296 ff00::/8 tun2 306 ff00::/8 lo0 306 ff00::/8 tun1 306 ::/0 tun1 306 ::/0 tun2 4146 fe80::f587:ea7e:cace:8200 Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? "A sword never kills anybody; it is a tool in the killers hands."-Lucius Annaeus Seneca, c.4BC-65AD On Mon, Jan 4, 2016 at 11:07 AM, Daniel Miller <bonsaiviking () gmail com> wrote:Dan, This is promising, since only one script was started before crashing. That *should* mean that that script is solely responsible for the crash. We can verify by selecting it by name: nmap -Pn -d2 --script mrinfo -sn I also copied the relevant portions of the script (up until the first debug statement that does not appear) into a separate script, test_crash.nse, which I attached to this message. If you can run this script with the same options it should tell us exactly which function call is crashing: nmap -Pn -d2 --script test_crash.nse -sn It would also be helpful to have the output of nmap --iflist and any information about your system that may be out-of-the-ordinary. I cannot reproduce the bug on Windows 8.1 running on VirtualBox. Dan P.S. please remember to CC dev () nmap org so that other users and developers can benefit from the discussion. On Mon, Jan 4, 2016 at 8:54 AM, Dan Baxter <danthemanbaxter () gmail com> wrote:It did crash. Here's the output. Starting Nmap 7.00 ( https://nmap.org ) at 2016-01-04 09:52 Eastern Standard Time Winpcap present, dynamic linked to: WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008) NPF service is already running. Fetchfile found C:\Program Files (x86)\Nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.2.<snip loading of 209 scripts by category>NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 09:53 NSE: Starting mrinfo M:2B03CA0. Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? "A sword never kills anybody; it is a tool in the killers hands."-Lucius Annaeus Seneca, c.4BC-65AD On Mon, Jan 4, 2016 at 9:50 AM, Daniel Miller <bonsaiviking () gmail com> wrote:Dan, Thanks for the bug report. This may be similar to a bug that has been reported a couple times before ([1] and [2]). One user tracked this down to something related to the -S feature, but I need to determine which script is the trigger. If you can provide the full output of the following command up until it crashes, that would be ideal: nmap -Pn -d2 --script-trace --script "discovery and safe" -sn If this does not actually crash for you, change the script invocation to "safe" or replace -sn with scanme.nmap.org as necessary, but I think this will be sufficient to reproduce. Dan [1] http://seclists.org/nmap-dev/2015/q3/341 [2] http://seclists.org/nmap-dev/2015/q4/159 On Thu, Dec 31, 2015 at 9:13 AM, Dan Baxter <danthemanbaxter () gmail comwrote:Hi, I'm running Nmap 7.00 on a Windows 8.1 x64 system. Every time I run a scan with "Safe" scripts enabled, the Nmap will crash during the Script Pre-scanning stage. I can run other script flags, such as Default, Vuln, Malware, but Safe or Discovery will cause it to die. C:\windows\system32>nmap -Pn -v --script "safe" scanme.nmap.org Starting Nmap 7.00 ( https://nmap.org ) at 2015-12-31 10:12 Eastern Standard Time NSE: Loaded 289 scripts for scanning. NSE: Script Pre-scanning. Initiating NSE at 10:12 NSE: [broadcast-ataoe-discover] No interface supplied, use -e NSE: [url-snarf] no network interface was supplied, aborting ... NSE: [targets-xml] Need to supply a file name with the targets-xml.iX argument NSE: broadcast-sonicwall-discover no network interface was supplied, aborting ... NSE: [mtrace] A source IP must be provided through fromip argument. C:\windows\system32> Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? "A sword never kills anybody; it is a tool in the killers hands."-Lucius Annaeus Seneca, c.4BC-65AD _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Nmap crashing Dan Baxter (Jan 04)
- Re: Nmap crashing Daniel Miller (Jan 04)
- Message not available
- Re: Nmap crashing Daniel Miller (Jan 04)
- Re: Nmap crashing Daniel Miller (Jan 04)
- Re: Nmap crashing Dan Baxter (Jan 05)
- Re: Nmap crashing Dan Baxter (Jan 11)
- Re: Nmap crashing Daniel Miller (Jan 12)
- Message not available
- Re: Nmap crashing Daniel Miller (Jan 04)
- Re: Nmap crashing Gisle Vanem (Jan 04)
- Re: Nmap crashing Daniel Miller (Jan 04)