Re: Calling external executable using NSE script

[Diman Todorov <diman.todorov () chello at>]

On 12.12.2006, at 19:06, Lawrence Waterhouse wrote:

> Hi folks,
> Just started playing with the NSE implementation, i am using Nmap
> version 4.21ALPHA1
> Basicly i want to test if i am able to call various external
> executable with NSE scripting, I made sure to include the script in my
> script.db:
>
> Entry{ category = "safe", filename = "./scripts//external_Test.nse" }
>
> NSE dont seem to allow me to use io.popen function ? Here is the
> script i am currently testing:
>
> --snip--
...
>     f = io.popen ("ls")
>     result = f:read("*a")
>     f.close()
...
> --snip--

Hello Lawrence,
your bug is quite subtle and if you had used nmap's verbose and  
debugging output you would have detected it immediately. Actually  
there are two bugs :)

The first one is:

--snip--
Quintillian:~/SoC/scratch/diman/nmap diman$ ./nmap --script ./ 
narf.nse www.google.com -p 80 -debug
...
SCRIPT ENGINE: [string "Global Access"]:1: Attempted to change the  
global 'f' in ././narf.nse - use nmap.registry if you really want to  
share data between scripts.
...
--snip--

as is noted in the NSE manual making global variables is a no-no -  
you must declare f local

fixing that:
...
local f = io.popen ("ls")
...

yields this:
...
SCRIPT ENGINE: ././narf.nse:28: bad argument #1 to 'close' (FILE*  
expected, got nil)
...

you have quite rightly called read() as an object method. Why not  
close()?
to fix it write either

f.close(f)

or

f:close()

cheers
Diman

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org