mailing list archives
Bug report:brute.lua and oracle-brute NSE script
From: Tod Beardsley <todb () planb-security net>
Date: Thu, 10 Mar 2011 22:13:21 -0600
I've been messing with the oracle-brute script today in an effort to
get my hands dirty in NSE-land and to solve an immediate problem. I
noticed that oracle-brute's disconnect() method doesn't actually wait
around for the disconnect to occur, which can leave the script in a
state where it continuously fails to reconnect, which then rapidly
decrements the retries counter.
By setting a brute.delay of 0.25 seconds, or by setting brute.retries
to 8000, the problem is avoided
This came up when bruting a local VM running Oracle 10.2.0.1.0 on
Linux (the stock deb package), I don't know if this problem even
manifests in a non-vmnet network, but it certainly will stymie normal
testing. I've confirmed it using nmap from svn trunk.
The problem is around doAuthenticate in brute.lua -- the status fails
when we've not yet /ack'ed the Oracle server's FIN, so we skip down to
the retries decrementor. This condition occurs at exactly 15 attempts
for me, every time (after the 15th fail, i get a pile of un-ack'ed
I now have about 4 hours of Lua experience, so I don't know what the
best way is to ensure the disconnect actually happens, but some kind
of ensure around driver:disconnect() will do the trick, i expect.
Sorry for the lack of a patch. This might be a 5 minute fix for
someone who's actually lua-savvy.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- Bug report:brute.lua and oracle-brute NSE script Tod Beardsley (Mar 11)