Home page logo

nmap-dev logo Nmap Development mailing list archives

Special characters in script-args
From: Ron <ron () skullsecurity net>
Date: Fri, 15 May 2009 14:06:33 -0500

Hi all,

I posted this to the #nmap channel a few days ago, but I wasn't around to see if there was an answer. So I figured I'd ask it here.

If a --script-arg contains a special characters, such as a colon, parsing the arguments will fail with a cryptic error. So if somebody is trying to use a hash to log in, and passes this string, it'll fail:

Similarily if a user gives the password on the commandline, like this, it'll fail:

The solution that I use is to pass escaped quotes, like smbpass=\"pass^word\", but I don't expect that an ordinary user would know to do that (or understand the Lua stackdump when they don't). Is there something we can do to make this easier?

(Sorry if this came up in an earlier discussion -- I haven't had a home Internet connection for awhile, so I haven't been following bigger threads)


Sent through the nmap-dev mailing list
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]