Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] Bug in stdnse.get_script_args
From: Patrick Donnelly <batrick () batbytes com>
Date: Sat, 19 Feb 2011 17:18:13 -0500

On Sat, Feb 19, 2011 at 6:46 AM, Patrik Karlsson <patrik () cqure net> wrote:
Sorry, I missed that. The following example produces the error:
nmap -p 1433 127.0.0.1 --script ms-sql-info --script-args mssql.username='sa',mssql.password=''

When looking into it now, I noticed the same occurs when the argument is fetched from the registry:
nmap -p 445 127.0.0.1 --script smb-enum-shares --script-args smbuser='guest',smbpass=''

Leaving the quotes out when using an empty string or a string containing only spaces produces the same error.
Am I missing something truly obvious here?

Empty quoted strings should be fine in script arguments. I believe
this is a shell issue. Your quotes are interpreted by the shell, you
must escape them somehow. For me, when using bash I like to surround
the entire --script-args argument in single quotes (so nothing is
interpreted) and use double quotes for quoting strings. For example:

--script-args 'smbuser="guest",smbpass=""'

^ that should work.

For Windows shell I think single quotes are interpreted literally so
you need double quotes surrounding instead. See also [1].

[1] http://seclists.org/nmap-dev/2009/q2/394

-- 
- Patrick Donnelly
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]