Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: broadcast-dropbox-listener script is broken in 6.25 and SVN
From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 11 Dec 2012 15:21:22 -0600

On 12/11/2012 11:46 AM, Dhiru Kholia wrote:
Hi,

broadcast-dropbox-listener script is broken in 6.25 and SVN.

Command used:  nmap -d -p17500 --script-trace
--script=broadcast-dropbox-listener --script-args=newtargets -Pn

1. broadcast-dropbox-listener script worked best under Nmap 5.51

Pre-scan script results:
| broadcast-dropbox-listener:
| displayname  ip             port   version  host_int   namespaces
|_429883020    192.168.2.253  17500  1.8      429883020  194083623
Nmap scan report for 192.168.2.253
Host is up (0.0054s latency).
PORT      STATE SERVICE

Newer version like 6.0 don't show "Pre-scan script results" which is
super useful.

2. broadcast-dropbox-listener script works partially under Nmap 6.00

Nmap scan report for 192.168.2.253
Host is up (0.0054s latency).
PORT      STATE SERVICE
17500/tcp open  db-lsp

3. broadcast-dropbox-listener script is broken in 6.25 and SVN
...
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
NSE: Starting broadcast-dropbox-listener.
Initiating NSE at 23:11
NSOCK (0.0470s) nsi_new (IOD #1)
NSOCK (0.0470s) UDP unconnected socket (IOD #1)
NSOCK (0.0620s) Read request from IOD #1 (peer unspecified) (timeout:
40000ms) EID 10
NSE Timing: About 0.00% done
NSOCK (40.0620s) Callback: READ TIMEOUT for EID 10 (peer unspecified)
NSE: N/A unknown protocol:0 > unknown protocol:0 | CLOSE
NSOCK (40.0730s) nsi_delete (IOD #1)
NSE: Finished broadcast-dropbox-listener.
Completed NSE at 23:12, 40.01s elapsed
NSOCK (40.0730s) nsi_new (IOD #2)
NSOCK (40.0730s) UDP unconnected socket (IOD #2)
NSE: N/A unknown protocol:0 > unknown protocol:0 | CLOSE
NSOCK (40.0730s) nsi_delete (IOD #2)

Reverting commit "2404fc7d647" partially fixes the problem and we get
behaviour similar to point 2.

However, it would be best if we could get  "Pre-scan script results"
too. "host_int" value is useful in "hijacking" Dropbox accounts.

I've been digging into this, and it appears the script tries to read from an unconnected UDP socket. It's trying to read broadcasts, so the quick fix would probably be to convert it to a pcap socket.

While trying to checkout 5.51, I found that the svn externals still reference svn.insecure.org, so I couldn't finish the checkout process.

A different fix for this is probably related to the "Nsock server mode" discussions (http://seclists.org/nmap-dev/2012/q3/837).

Dan
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]