Home page logo

nmap-dev logo Nmap Development mailing list archives

Bug report:brute.lua and oracle-brute NSE script
From: Tod Beardsley <todb () planb-security net>
Date: Thu, 10 Mar 2011 22:13:21 -0600

I've been messing with the oracle-brute script today in an effort to
get my hands dirty in NSE-land and to solve an immediate problem. I
noticed that oracle-brute's disconnect() method doesn't actually wait
around for the disconnect to occur, which can leave the script in a
state where it continuously fails to reconnect, which then rapidly
decrements the retries counter.

By setting a brute.delay of 0.25 seconds, or by setting brute.retries
to 8000, the problem is avoided

This came up when bruting a local VM running Oracle on
Linux (the stock deb package), I don't know if this problem even
manifests in a non-vmnet network, but it certainly will stymie normal
testing. I've confirmed it using nmap from svn trunk.

The problem is around doAuthenticate in brute.lua -- the status fails
when we've not yet /ack'ed the Oracle server's FIN, so we skip down to
the retries decrementor. This condition occurs at exactly 15 attempts
for me, every time (after the 15th fail, i get a pile of un-ack'ed

I now have about 4 hours of Lua experience, so I don't know what the
best way is to ensure the disconnect actually happens, but some kind
of ensure around driver:disconnect() will do the trick, i expect.

Sorry for the lack of a patch. This might be a 5 minute fix for
someone who's actually lua-savvy.


Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]