Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Buffering problems in ssh2.lua
From: Joao Correa <joao () livewire com br>
Date: Sun, 14 Jun 2009 21:19:52 -0300

Hello guys,

Did anyone have any progress with this task? I'll start trying to fix
it tonight and, if someone has already made some progress on it, it
could be of valuable help!

Thanks,
Joao Correa

On Sat, Jun 13, 2009 at 7:37 PM, Fyodor<fyodor () insecure org> wrote:
On Fri, Jun 12, 2009 at 10:25:06PM -0600, David Fifield wrote:
You can reliably reproduce it with this neat Ncat hack:

ncat -l 3000 --sh-exec "ncat scanme.nmap.org 22 | perl -e 'while (sysread(STDIN, \$line, 100)) { syswrite(STDOUT, 
\$line); sleep 1; }'"

The Perl script breaks the TCP stream into packets containing no more
than 100 bytes. Just scan port 3000 on localhost (with version
detection) and it will proxy to port 22 on scanme, the reply broken into
small chunks.

I'm so awed by your Ncat command that I can't think of anything to say
about the actual problem you're reporting :).

Does anyone want to try fixing this? There really should be a
read_packet abstraction in the ssh2 library, with an internal buffer
that only returns a packet when it is complete. A description of the
packet format is at http://tools.ietf.org/html/rfc4253#section-6 .

Who wants to give this a try?  I added it to the Nmap TODO (for the
upcoming dev branch).

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]