Home page logo
/
nmap-dev logo
Nmap Development Mailing List

Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to Nmap and related projects.

List Archives

Jan–MarApr–JunJul–SepOct–Dec
201012481035660
20099288461116732
20085689111038809
2007305509479832
2006410497447326
2005175257202251
200417380131178
20035811314191
200258905977
20011835146
20007720

Latest Posts

Re: nmap potentially vulnerable to Windows DLL Hijacking Nikhil Mittal (Sep 05)
    I surely will test nmap latest build and later the other programs.

    >>You can write what you like, but there is no vulnerability here
    I disagree. Exploitability is very less but you cannot discard the vulnerability altogether.

    >>it might have become vulnerable if such associations were added in the future.
    That is exactly my point.

    Thanks for fixing it because I really love nmap. Keep up the...

Re: [patch] openssl/md2 issue autoconf files configure.ac configure nse_openssl.cc David Fifield (Sep 04)
I did this in r20088. Thanks for your help, both of you. I have assumed
that other structs don't have to be renamed, like sctp_hdr and
sctp_chunkhdr_init_ack.

David Fifield

Re: NMAP hangs on MIPS David Fifield (Sep 04)
Good investigation. These should be pretty fast operations; I don't
think optimization would make that much of a difference. What c++
library are you using? Is it different than libstdc++?

David Fifield

Re: nmap potentially vulnerable to Windows DLL Hijacking David Fifield (Sep 04)
Follow the instructions at http://nmap.org/book/install.html#inst-svn.
svn co --username guest --password "" svn://svn.insecure.org/nmap

You can write what you like, but there is no vulnerability here, at
least as far as I understand DLL hijacking. Even though Nmap loads
airpcap.dll with an insufficiently qualified path (through WinPcap), its
lack of file name extension associations means that an attacker doesn't
have a way to get...

Re: [Ncat] I'd like to contribute a feature David Fifield (Sep 04)
I don't think it will be that hard. You can see that in ncat_listen.c,
there is special code that handles stdin and stdout; stdin and stdout
are treated like a special kind of "client." You would start a
subprocess with netrun and then treat its file handles specially also. I
think, in essence, that you want to replace the Ncat server's stdin and
stdout with that of another process. You are right that --exec doesn't
work that way.

You...

Re: [NSE] scan traceroute hops David Fifield (Sep 04)
I agree. It's possible that a newtargets script could also be external,
but none of those under discussion seem like they should be to me.

David Fifield

Re: [NSE] scan traceroute hops David Fifield (Sep 04)
I think it's ready too, but we should give some thought to the name. I
think it would be a good idea to establish a common naming convention
for scripts whose only purpose is to expand the list of targets. Maybe
something like targets-traceroute.nse.

No, that is not what external is for. It's for hostrule and portrule
scripts that contact hosts other than their target. The user already has
the newtargets switch to control it.

I don't think this...

Re: [NSE] scan traceroute hops Kris Katterjohn (Sep 04)
I don't think so, at least not always (or rather, I don't think adding
targets really matters). For example, I don't think my resolveall[1]
script should be external because it does what Nmap would do anyway (and
in the same way), it just doesn't discard extra addresses. Also I don't
think my patch[2] for the snmp-interfaces script to add interface
addresses to the target queue really qualifies either because it doesn't
do anything...

Re: Nmap stable Aborting... David Fifield (Sep 04)
Yes, I think this was fixed in 5.30BETA1. From http://nmap.org/svn/CHANGELOG:

o Fixed an assertion failure which could occur when connecting to an
SSL server:
nsock_core.c:199: socket_count_write_dec: Assertion `(iod->writesd_count) > 0' failed.
This was observed when running the http-enum script but could
possibly have happened in other situations. Thanks to Brandon for
reporting the bug and testing. [David]

David Fifield

Re: [NSE] scan traceroute hops Djalal Harouni (Sep 04)
Hi Henri,

Pls find attached a new version of the script with some small improvements.
* I've added a small check to not add the current scanned IP (host.ip).
* I've improved some debug messages.

I think that this script is ready to be merged.

Other notes:
* Perhaps we should add the category 'external' to scripts that add new
targets to Nmap, however I'm not sure on this.

* When showing Nmap scan results, I think that the traceroute results...

Nmap stable Aborting... Richard Miles (Sep 04)
Hi,

I was using nmap last stable version on my network and it aborted, I
tested 4 times and got the same unexpected result.

NSE: smb-brute: Blank password for 'albert' => 'FAIL' (probably valid)
NSE: smb-brute: Blank password for 'fred' => 'FAIL' (probably valid)
NSE: smb-brute: Blank password for 'gold' => 'FAIL' (probably valid)
nmap: nsock_core.c:199: socket_count_write_dec: Assertion
`(iod->writesd_count) > 0' failed.
Aborted...

Ncrack RDP test not (Sep 04)
command: ncrack -U user.txt -P pass.txt -p rdp -d10 -g CL=1,cd=5s -oN
result.txt 75.68.71.180
tested on Windows 2003 Server from Windows XP SP3
Wireshark dump file uploaded here:
http://rapidshare.com/files/417035486/rdp.pcap
http://depositfiles.com/files/qksjl711a
http://sendfile.su/161007
http://openfile.ru/686824/

Re: Ncrack RDP test ithilgore (Sep 04)
Can you get a network traffic capture of the session with wireshark?
Analyzing these data will be very helpful in spotting the problem.

Thanks,
ithilgore

Re: nmap potentially vulnerable to Windows DLL Hijacking David Fifield (Sep 03)
The vulnerability doesn't affect Nmap by default because Nmap does not
register any file name extensions for itself. You are right, though,
that airpcap.dll is insufficiently qualified and is being searched for
in the current directory, among other places. I verified this using
procmon.exe and the instructions at
http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
("Dynamic-Link Library Security").

If you manually create a...

Re: Ncrack RDP test not (Sep 03)
Hi, ithilgore
without option 'to', I have the same error

Some time it crash on:

or:

I try bruteforce Windows 2003 Server, XP SP2-SP3, 2000 Server SP4 - no
result, only crash.
all tests conducted with Windows XP SP3

With respect,
ROleg

More Lists

Dozens of other network security lists are archived at SecLists.Org.


[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]