Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Special characters in script-args
From: Ron <ron () skullsecurity net>
Date: Fri, 15 May 2009 14:06:33 -0500

Hi all,

I posted this to the #nmap channel a few days ago, but I wasn't around to see if there was an answer. So I figured I'd ask it here.

If a --script-arg contains a special characters, such as a colon, parsing the arguments will fail with a cryptic error. So if somebody is trying to use a hash to log in, and passes this string, it'll fail:
 --script-args=smbuser=admin,smbhash=abc123:abc123

Similarily if a user gives the password on the commandline, like this, it'll fail:
 --script-args=smbuser=admin,smbpass=pass^word

The solution that I use is to pass escaped quotes, like smbpass=\"pass^word\", but I don't expect that an ordinary user would know to do that (or understand the Lua stackdump when they don't). Is there something we can do to make this easier?

(Sorry if this came up in an earlier discussion -- I haven't had a home Internet connection for awhile, so I haven't been following bigger threads)

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]