Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: ms12-020 RDP Vuln script
From: David Fifield <david () bamsoftware com>
Date: Mon, 7 May 2012 15:49:05 -0700

On Mon, May 07, 2012 at 01:09:28PM +0200, Aleksandar Nikolic wrote:

as I mentioned on irc the other day, I was notified by some people
that they have different results with this script when run with SYN
scan and when run with full connect scan. Apparently script sometime
fails when run with syn scan. I've been debugging this , and came to
conclusion that Windows drops second connection attempt (the one from
the script) if the first one was left hanging (as would happen with
SYN only scan). David suggested that I add a simple stdnse.sleep().
I've tested that and it works. The script sleeps for one second, i've
tried it down to 0.1 second, below that it still doesn't work. But
just to make sure, I've set the sleep to 1 second. Hope that is not to
big a slowdown ?

I've attached a rather small patch for this. If it is ok , I can
commit it later.

Nice job, the patch looks good.

If 0.1 was the threshold for not-working for you, then let's set the
sleep duration to 0.2 s.

The comment should say that it's 0.2 s because 0.1 s is the lowest it
was tested to work, and the comment should also explain what we think is
happening: that reconnecting on the same port too quickly causes Windows
to drop the second connection.

David Fifield
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]