Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] p2p-conficker crashes when scanning IPv6
From: Patrik Karlsson <patrik () cqure net>
Date: Mon, 11 Jun 2012 16:40:37 +0200

On Mon, Jun 11, 2012 at 4:19 PM, Ron <ron () skullsecurity net> wrote:

I don't believe Conficker supported IPv6. At least, none of the writeups
I've seen mentioned it.

Ron

On Mon, 11 Jun 2012 09:08:25 -0500 Daniel Miller <bonsaiviking () gmail com>
wrote:
Hi List,

So here's the crash I got:

./scripts/p2p-conficker.nse:578: bad argument #2 to 'pack' (number
expected, got nil)
stack traceback:
         [C]: in function 'pack'
         ./scripts/p2p-conficker.nse:578: in function
<./scripts/p2p-conficker.nse:540>
         (...tail calls...)

Argument #2 is "ip", which comes from host.ip, after passing through
ipOps.todword(), which returns nil, since it only supports IPv4. I
don't know if Conficker supported IPv6, but I think reasonable logic
would be to check for nmap.registry.args.realip, and if that is not
set and we are scanning IPv6, then bail. Here's my take on a patch,
but I don't know enough about the script to know if this is an
acceptable approach:

Index: scripts/p2p-conficker.nse
===================================================================
--- scripts/p2p-conficker.nse   (revision 28902)
+++ scripts/p2p-conficker.nse   (working copy)
@@ -571,6 +571,8 @@
         -- Use the provided IP, if it exists
         if(nmap.registry.args.realip ~= nil) then
                 ip = nmap.registry.args.realip
+  elseif(nmap.address_family() == 'inet6') then
+    return nil -- Can't generate ports based on IPv6 address
         end

         -- Reverse the IP's endianness


Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


I added this to the hostrule to prevent it from running for ipv6:

if ( nmap.address_family() ~= 'inet' ) then
return false
end

Thanks,
Patrik

-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault