Nmap Development mailing list archives

Re: Bug report, with workaround

From: David Fifield <david () bamsoftware com>
Date: Mon, 28 Sep 2009 16:06:36 -0600

On Thu, Aug 13, 2009 at 10:08:47PM -0600, David Fifield wrote:

On Wed, Aug 12, 2009 at 12:32:23PM +0100, Mike Crawford wrote:

I've used Nmap before but was having grief today. To be more specific,
I'm using Zenmap on Windows XP.

I could scan ok and some info was displayed about the target hosts. I
then got to the message saying how many hosts were scanned in what
time, and then an error "The system cannot find the path specified."
As in:

Nmap done: 40 IP addresses (8 hosts up) scanned in 4.61 seconds
The system cannot find the path specified.

At which point, the scan failed with no hosts/services being listed in
the left hand pane. After a while of tearing my hair out, I found a
file called r at C:\Documents and Settings which looked like something
to do with my scan results. The username I was running under in
Windows is "R & T blah blah" and it looks like the '&' (or maybe
spaces - haven't tested this) is causing problems for Nmap being able
to create the C:\Documents and Settings\R & T blah blah\.zenmap\zenmap
database file.

I created another user account with no '&' in it and it was business
as usual for Nmap.


Thanks for the detailed report. The problem is not with the .zenmap
file, but with the temporary XML file Nmap creates when run by Zenmap.
Zenmap sends the command through the Windows shell, and it is the shell
that's interpreting the '&' character.

On other platforms, the nmap command is not run using the shell, but
with Python's equivalent of a raw exec (subprocess.Popen(shell=False) to
be specific). I would like to do the same thing on Windows, but for some
reason shell=False causes a console Window to be opened up every time
Zenmap invokes Nmap.


I found a solution to this problem. It is to use the seemingly
undocumented subprocess.STARTUPINFO function to control whether a window
is created.

http://stackoverflow.com/questions/1016384/cross-platform-subprocess-with-hidden-window

It is committed in r15632. I tried scanning with a username containing
an & and it worked for me.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Bug report, with workaround Mike Crawford (Aug 13)
- Re: Bug report, with workaround David Fifield (Aug 13)
  - Re: Bug report, with workaround David Fifield (Sep 28)