|
Nmap Development
mailing list archives
Re: Error in http.lua's chunked encoding
From: Joao Correa <joao () livewire com br>
Date: Mon, 17 Aug 2009 23:24:25 -0300
Hi Ron,
The problem happens because the request made was a HEAD request, where
no body exists. The following patch fixed the problem for me. Thanks!
Joao Correa
On Mon, Aug 17, 2009 at 10:57 PM, Ron<ron () skullsecurity net> wrote:
http.lua seems to have an issue with certain hosts. I can reliably cause an
error when I scan google with http-enum.nse:
-
$ ./nmap --script=http-enum -p80,443 -T4 -d www.google.ca
Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-17 20:55 CDT
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 500, min 100, max 1250
max-scan-delay: TCP 10, UDP 1000, SCTP 10
parallelism: min 0, max 0
max-retries: 6, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Loaded 1 scripts for scanning.
Warning: Hostname www.google.ca resolves to 6 IPs. Using 72.14.213.105.
Initiating Ping Scan at 20:55
Scanning 72.14.213.105 [2 ports]
Completed Ping Scan at 20:55, 0.06s elapsed (1 total hosts)
Overall sending rates: 31.58 packets / s.
mass_rdns: Using DNS server 4.2.2.1
mass_rdns: Using DNS server 4.2.2.2
Initiating Parallel DNS resolution of 1 host. at 20:55
mass_rdns: 0.12s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 20:55, 0.12s elapsed
DNS resolution of 1 IPs took 0.12s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0,
SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 20:55
Scanning pv-in-f105.google.com (72.14.213.105) [2 ports]
Discovered open port 443/tcp on 72.14.213.105
Discovered open port 80/tcp on 72.14.213.105
Completed Connect Scan at 20:55, 0.06s elapsed (2 total ports)
Overall sending rates: 31.47 packets / s.
NSE: Script scanning 72.14.213.105.
NSE: Starting runlevel 1 scan
Initiating NSE at 20:55
NSE: NSE Script Threads (2) running:
NSE: Starting http-enum against 72.14.213.105:443.
NSE: Starting http-enum against 72.14.213.105:80.
NSE: http-enum against 72.14.213.105:80 threw an error!
./nselib/http.lua:120: Chunked encoding didn't find hex at position 1; got
"".
stack traceback:
[C]: in function 'error'
./nselib/http.lua:120: in function '(for generator)'
./nselib/http.lua:834: in function <./nselib/http.lua:783>
(tail call): ?
./scripts/http-enum.nse:97: in function <./scripts/http-enum.nse:42>
(tail call): ?
NSE: http-enum.nse: Warning: Host returned 302 and not 200 when performing
HEAD.
NSE: http-enum.nse: Host returns 302 instead of 404 File Not Found.
NSE: Total number of pipelined requests: 41
NSE: Number of requests allowed by pipeline: 40
NSE: Number of received responses: 42
NSE: Finished http-enum against 72.14.213.105:443.
Completed NSE at 20:55, 1.57s elapsed
NSE: Script Scanning completed.
Host pv-in-f105.google.com (72.14.213.105) is up, received syn-ack (0.061s
latency).
Scanned at 2009-08-17 20:55:40 CDT for 2s
Interesting ports on pv-in-f105.google.com (72.14.213.105):
PORT STATE SERVICE REASON
80/tcp open http syn-ack
443/tcp open https syn-ack
Final times for host: srtt: 61415 rttvar: 26591 to: 167779
Read from .: nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
-
Hope that helps!
I think I found another one, too, but I'm having trouble reproducing it.
Will get back to you on that one.
--
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Attachment:
http-chunk-fix.diff
Description:
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
(Thread continues...)
|
