Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Error in http.lua's chunked encoding
From: Joao Correa <joao () livewire com br>
Date: Mon, 17 Aug 2009 23:24:25 -0300

Hi Ron,

The problem happens because the request made was a HEAD request, where
no body exists. The following patch fixed the problem for me. Thanks!

Joao Correa

On Mon, Aug 17, 2009 at 10:57 PM, Ron<ron () skullsecurity net> wrote:
http.lua seems to have an issue with certain hosts. I can reliably cause an
error when I scan google with http-enum.nse:

-
$ ./nmap --script=http-enum -p80,443 -T4 -d www.google.ca

Starting Nmap 5.05BETA1 ( http://nmap.org ) at 2009-08-17 20:55 CDT
--------------- Timing report ---------------
 hostgroups: min 1, max 100000
 rtt-timeouts: init 500, min 100, max 1250
 max-scan-delay: TCP 10, UDP 1000, SCTP 10
 parallelism: min 0, max 0
 max-retries: 6, host-timeout: 0
 min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Loaded 1 scripts for scanning.
Warning: Hostname www.google.ca resolves to 6 IPs. Using 72.14.213.105.
Initiating Ping Scan at 20:55
Scanning 72.14.213.105 [2 ports]
Completed Ping Scan at 20:55, 0.06s elapsed (1 total hosts)
Overall sending rates: 31.58 packets / s.
mass_rdns: Using DNS server 4.2.2.1
mass_rdns: Using DNS server 4.2.2.2
Initiating Parallel DNS resolution of 1 host. at 20:55
mass_rdns: 0.12s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 20:55, 0.12s elapsed
DNS resolution of 1 IPs took 0.12s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0,
SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 20:55
Scanning pv-in-f105.google.com (72.14.213.105) [2 ports]
Discovered open port 443/tcp on 72.14.213.105
Discovered open port 80/tcp on 72.14.213.105
Completed Connect Scan at 20:55, 0.06s elapsed (2 total ports)
Overall sending rates: 31.47 packets / s.
NSE: Script scanning 72.14.213.105.
NSE: Starting runlevel 1 scan
Initiating NSE at 20:55
NSE: NSE Script Threads (2) running:
NSE: Starting http-enum against 72.14.213.105:443.
NSE: Starting http-enum against 72.14.213.105:80.
NSE: http-enum against 72.14.213.105:80 threw an error!
./nselib/http.lua:120: Chunked encoding didn't find hex at position 1; got
"".
stack traceback:
       [C]: in function 'error'
       ./nselib/http.lua:120: in function '(for generator)'
       ./nselib/http.lua:834: in function <./nselib/http.lua:783>
       (tail call): ?
       ./scripts/http-enum.nse:97: in function <./scripts/http-enum.nse:42>
       (tail call): ?

NSE: http-enum.nse: Warning: Host returned 302 and not 200 when performing
HEAD.
NSE: http-enum.nse: Host returns 302 instead of 404 File Not Found.
NSE: Total number of pipelined requests: 41
NSE: Number of requests allowed by pipeline: 40
NSE: Number of received responses: 42
NSE: Finished http-enum against 72.14.213.105:443.
Completed NSE at 20:55, 1.57s elapsed
NSE: Script Scanning completed.
Host pv-in-f105.google.com (72.14.213.105) is up, received syn-ack (0.061s
latency).
Scanned at 2009-08-17 20:55:40 CDT for 2s
Interesting ports on pv-in-f105.google.com (72.14.213.105):
PORT    STATE SERVICE REASON
80/tcp  open  http    syn-ack
443/tcp open  https   syn-ack
Final times for host: srtt: 61415 rttvar: 26591  to: 167779

Read from .: nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 1.98 seconds
-

Hope that helps!

I think I found another one, too, but I'm having trouble reproducing it.
Will get back to you on that one.

--
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Attachment: http-chunk-fix.diff
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]