Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [NSE] isakmp aggressive mode and version detection
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Mon, 21 Jan 2013 19:16:18 +0100

Hi David,

Thanks for testing. 

I'm sorry that I didn't include instructions for the script and files. I've tried to follow the convention currently 
used for file locations, which means that the script assumes that the files 'ike.lua' and 'ike-fingerprints.lua' are 
placed in 'nmap/nselib/' and 'nmap/nselib/data/', respectively. I think the error you are seeing is a consequence of 
'ike-fingerprints.lua' not being found and loaded correctly. 

In my testing I've used the following syntax:

# nmap --script=ike-version -p500 -sUV --version-intensity=0 -dd TARGET

The script uses the same port as the an isakmp service is listening on (UDP port 500) for socket:bind, so running a 
isakmp service on localhost could be causing some issues ? This can be changed in line 332 in 'ike.lua'.

Does this help ?


- Jesper

On Jan 21, 2013, at 7:39 AM, David Fifield <david () bamsoftware com> wrote:

On Sat, Jan 19, 2013 at 04:20:15PM +0100, Jesper Kückelhahn wrote:
I've debugged and enhanced this script, so it should be more robust and
have better version detection on some systems.

I'm getting this error against a dummy Ncat listener:
$ sudo ncat -l --udp 500 -k --sh-exec "cat > /dev/null"
$ sudo ./nmap -p 500 -sU localhost --script=ike-version -d
NSE: ike-version against 127.0.0.1:500 threw an error!
/home/david/nmap-git/nselib/ike.lua:183: bad argument #1 to 'pairs' (table expected, got nil)
stack traceback:
       [C]: in function 'pairs'
       /home/david/nmap-git/nselib/ike.lua:183: in function 'lookup'
       /home/david/nmap-git/nselib/ike.lua:310: in function </home/david/nmap-git/nselib/ike.lua:290>
       (...tail calls...)
       scripts/ike-version.nse:58: in function 'get_version'
       scripts/ike-version.nse:100: in function <scripts/ike-version.nse:99>
       (...tail calls...)

I seem to get the same error when I try to install an IKE listener to
test against. I tried the Debian packages strongswan-ikev1 (pluto) and
strongswan-ikev2 (charon), and netstat says they are listening on port
500, but I get the same error as above. What do you recommend testing
against?

David Fifield

_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault