Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: -p option doesn't reject certain invalid inputs

-p option doesn't reject certain invalid inputs

From: David Fifield <david_at_bamsoftware.com>
Date: Wed, 28 May 2008 08:49:22 -0600

Hello,

I found that the -p option doesn't reject stray ] characters in its
input, and in fact ignores anything after it finds one.

~$ nmap -p 123,4 localhost
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
4/tcp closed unknown
123/tcp closed ntp

~$ nmap -p 123]4 localhost
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
123/tcp closed ntp

~$ nmap -p 123]]4 localhost
Interesting ports on localhost (127.0.0.1):
PORT STATE SERVICE
123/tcp closed ntp

The only way I could get it to complain was if the ] is the first
character.

~$ nmap -p ]123,4 localhost
Unexpected ] character in port/protocol specification
QUITTING!

It seems to be caused by this in nmap.cc:

    /* Find the next range */
    while(isspace((int) *current_range)) current_range++;

    if (*current_range == ']') return;

    if (*current_range && *current_range != ',') {

The test for (*current_range == ']') should probably be accompanied by a
test to see if the call is nested or not.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on May 28 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]