Nmap Development mailing list archives

script bug

From: "MELDAU, RONALD J" <RMELDAU () scana com>
Date: Thu, 21 Jan 2010 16:27:29 -0500
I am running 5.20 on Windows XP.  I do a basic -sC -script=all.  It blows up on one of the scripts.  I think 
favicon.nse.  Hope this helps.





c:\tools>nmap -sC --script=all s73010 -v -d --reason
Winpcap present, dynamic linked to: WinPcap version 4.1.1 (packet.dll version 4.1.0.1753),
 based on libpcap version 1.0 branch 1_0_rel0b (20091008)

Starting Nmap 5.20 ( http://nmap.org ) at 2010-01-21 15:34 Eastern Standard Time
PORTS: Using top 1000 ports found open (TCP:1000, UDP:0, SCTP:0)
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Loaded 80 scripts for scanning.
Initiating Ping Scan at 15:34
Scanning s73010 (10.99.24.140) [4 ports]
Packet capture filter (device eth1): dst host 10.99.11.138 and (icmp or ((tcp or udp or sc
tp) and (src host 10.99.24.140)))
We got a ping packet back from 10.99.24.140: id = 39024 seq = 0 checksum = 26511
Completed Ping Scan at 15:34, 0.14s elapsed (1 total hosts)
Overall sending rates: 7.09 packets / s, 198.58 bytes / s.
mass_rdns: Using DNS server 161.156.250.5
mass_rdns: Using DNS server 10.77.1.25
mass_rdns: Using DNS server 10.77.1.26
mass_rdns: Using DNS server 161.156.250.5
mass_rdns: Using DNS server 10.77.1.25
mass_rdns: Using DNS server 10.77.1.26
mass_rdns: Using DNS server 161.156.250.5
mass_rdns: Using DNS server 10.77.1.25
mass_rdns: Using DNS server 10.77.1.26
Initiating Parallel DNS resolution of 1 host. at 15:34
mass_rdns: 0.00s 0/1 [#: 9, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 15:34, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 9, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1,
CN: 0]
Initiating SYN Stealth Scan at 15:34
Scanning s73010 (10.99.24.140) [1000 ports]
Packet capture filter (device eth1): dst host 10.99.11.138 and (icmp or ((tcp or udp or sc
tp) and (src host 10.99.24.140)))
Discovered open port 139/tcp on 10.99.24.140
Discovered open port 443/tcp on 10.99.24.140
Discovered open port 80/tcp on 10.99.24.140
Discovered open port 445/tcp on 10.99.24.140
Discovered open port 135/tcp on 10.99.24.140
Discovered open port 3389/tcp on 10.99.24.140
Discovered open port 912/tcp on 10.99.24.140
Discovered open port 1043/tcp on 10.99.24.140
Increased max_successful_tryno for 10.99.24.140 to 1 (packet drop)
Completed SYN Stealth Scan at 15:34, 1.20s elapsed (1000 total ports)
Overall sending rates: 898.59 packets / s, 39537.82 bytes / s.
NSE: Script scanning 10.99.24.140.
NSE: Starting runlevel 1 (of 3) scan.
Initiating NSE at 15:34
NSE: NSE Script Threads (48) running:
NSE: Starting banner against 10.99.24.140:135.
NSE: Starting sql-injection against 10.99.24.140:80.
NSE: Starting robots.txt against 10.99.24.140:80.
NSE: Starting http-userdir-enum against 10.99.24.140:80.
NSE: Starting http-trace against 10.99.24.140:80.
NSE: Starting http-passwd against 10.99.24.140:80.
NSE: Starting http-malware-host against 10.99.24.140:80.
NSE: Starting http-iis-webdav-vuln against 10.99.24.140:80.
NSE: Starting http-headers against 10.99.24.140:80.
NSE: Starting http-favicon against 10.99.24.140:80.
NSE: Starting http-enum against 10.99.24.140:80.
NSE: Starting http-date against 10.99.24.140:80.
NSE: Starting http-auth against 10.99.24.140:80.
NSE: Starting html-title against 10.99.24.140:80.
NSE: Starting citrix-enum-servers-xml against 10.99.24.140:80.
NSE: Starting citrix-enum-apps-xml against 10.99.24.140:80.
NSE: Starting citrix-brute-xml against 10.99.24.140:80.
NSE: Starting banner against 10.99.24.140:80.
NSE: Starting skypev2-version against 10.99.24.140:912.
NSE: Starting banner against 10.99.24.140:912.
NSE: Starting banner against 10.99.24.140:139.
NSE: Starting banner against 10.99.24.140:445.
NSE: Starting sslv2 against 10.99.24.140:443.
NSE: Starting ssl-cert against 10.99.24.140:443.
NSE: Starting sql-injection against 10.99.24.140:443.
NSE: Starting skypev2-version against 10.99.24.140:443.
NSE: Starting robots.txt against 10.99.24.140:443.
NSE: Starting http-userdir-enum against 10.99.24.140:443.
NSE: Starting http-trace against 10.99.24.140:443.
NSE: Starting http-passwd against 10.99.24.140:443.
NSE: Starting http-malware-host against 10.99.24.140:443.
NSE: Starting http-iis-webdav-vuln against 10.99.24.140:443.
NSE: Starting http-headers against 10.99.24.140:443.
NSE: Starting http-favicon against 10.99.24.140:443.
NSE: Starting http-enum against 10.99.24.140:443.
NSE: Starting http-date against 10.99.24.140:443.
NSE: Starting http-auth against 10.99.24.140:443.
NSE: Starting html-title against 10.99.24.140:443.
NSE: Starting citrix-enum-servers-xml against 10.99.24.140:443.
NSE: Starting citrix-enum-apps-xml against 10.99.24.140:443.
NSE: Starting citrix-brute-xml against 10.99.24.140:443.
NSE: Starting banner against 10.99.24.140:443.
NSE: Starting banner against 10.99.24.140:1043.
NSE: Starting banner against 10.99.24.140:3389.
NSE: Starting smbv2-enabled against 10.99.24.140.
NSE: Starting smb-brute against 10.99.24.140.
NSE: Starting p2p-conficker against 10.99.24.140.
NSE: Starting nbstat against 10.99.24.140.
NSE: http-enum: Attempting to parse fingerprint file nselib/data/http-fingerprints
NSE: http-enum against 10.99.24.140:443 threw an error!
C:\Program Files\Nmap\scripts\http-enum.nse:198: bad argument #1 to 'lines' (nselib/data/h
ttp-fingerprints: No such file or directory)
stack traceback:
        [C]: in function 'lines'
        C:\Program Files\Nmap\scripts\http-enum.nse:198: in function 'get_fingerprints'
        C:\Program Files\Nmap\scripts\http-enum.nse:234: in function <C:\Program Files\Nma
p\scripts\http-enum.nse:229>
        (tail call): ?

NSE: Conficker: Generating ports based on ip (0x8c18630a) and seed (2089)
NSE: http-userdir-enum Testing 10 usernames.
NSE: Finished citrix-brute-xml against 10.99.24.140:443.
NSE: http-enum: Attempting to parse fingerprint file nselib/data/http-fingerprints
NSE: http-enum against 10.99.24.140:80 threw an error!
C:\Program Files\Nmap\scripts\http-enum.nse:198: bad argument #1 to 'lines' (nselib/data/h
ttp-fingerprints: No such file or directory)
stack traceback:
        [C]: in function 'lines'
        C:\Program Files\Nmap\scripts\http-enum.nse:198: in function 'get_fingerprints'
        C:\Program Files\Nmap\scripts\http-enum.nse:234: in function <C:\Program Files\Nma
p\scripts\http-enum.nse:229>
        (tail call): ?

NSE: Finished citrix-brute-xml against 10.99.24.140:80.
NSE: Finished ssl-cert against 10.99.24.140:443.
NSE: Final http cache size (56 bytes) of max size of 1000000
NSE: Finished sql-injection against 10.99.24.140:80.
NSE: Final http cache size (56 bytes) of max size of 1000000
NSE: HTTP: Host supports HEAD.
NSE: Finished http-headers against 10.99.24.140:443.
NSE: Finished citrix-enum-servers-xml against 10.99.24.140:80.
NSE: Final http cache size (56 bytes) of max size of 1000000
NSE: HTTP: Host returns proper 404 result.
NSE: Finished skypev2-version against 10.99.24.140:912.
NSE: Finished http-trace against 10.99.24.140:80.
NSE: Finished citrix-enum-apps-xml against 10.99.24.140:443.
NSE: Finished nbstat against 10.99.24.140.
NSE: SMB: Added account '' to account list
NSE: SMB: Added account 'guest' to account list
NSE: Finished citrix-enum-apps-xml against 10.99.24.140:80.
NSE: Finished skypev2-version against 10.99.24.140:443.
NSE: Finished citrix-enum-servers-xml against 10.99.24.140:443.
NSE: Finished smbv2-enabled against 10.99.24.140.
NSE: Finished banner against 10.99.24.140:912.
NSE: Final http cache size (112 bytes) of max size of 1000000
NSE: Finished html-title against 10.99.24.140:80.
NSE: Final http cache size (112 bytes) of max size of 1000000
NSE: HTTP: Host returns proper 404 result.
NSE: Final http cache size (3431 bytes) of max size of 1000000
NSE: Finished http-trace against 10.99.24.140:443.
NSE: Final http cache size (3479 bytes) of max size of 1000000
NSE: Final http cache size (3535 bytes) of max size of 1000000
NSE: HTTP: Host returns 301 Moved Permanently
 instead of 404 File Not Found.
NSE: Final http cache size (3535 bytes) of max size of 1000000
NSE: Finished robots.txt against 10.99.24.140:443.
NSE: Final http cache size (3583 bytes) of max size of 1000000
NSE: Final http cache size (3639 bytes) of max size of 1000000
NSE: Finished robots.txt against 10.99.24.140:80.
NSE: Final http cache size (8842 bytes) of max size of 1000000
NSE: Final http cache size (8890 bytes) of max size of 1000000
NSE: Final http cache size (8938 bytes) of max size of 1000000
NSE: Finished sslv2 against 10.99.24.140:443.
NSE: Final http cache size (8994 bytes) of max size of 1000000
NSE: Final http cache size (12313 bytes) of max size of 1000000
NSE: Finished http-auth against 10.99.24.140:443.
NSE: Final http cache size (12369 bytes) of max size of 1000000
NSE: HTTP: Host returns 301 Moved Permanently
 instead of 404 File Not Found.
NSE: SMB: Login as \guest failed (NT_STATUS_ACCOUNT_LOCKED_OUT)
NSE: Final http cache size (12369 bytes) of max size of 1000000
NSE: Finished http-malware-host against 10.99.24.140:443.
NSE: Final http cache size (13231 bytes) of max size of 1000000
NSE: Final http cache size (13279 bytes) of max size of 1000000
NSE: Final http cache size (13327 bytes) of max size of 1000000
NSE: Final http cache size (13383 bytes) of max size of 1000000
NSE: No favicon found.
NSE: Finished http-favicon against 10.99.24.140:80.
NSE: Final http cache size (13439 bytes) of max size of 1000000
NSE: Finished http-malware-host against 10.99.24.140:80.
NSE: Final http cache size (13495 bytes) of max size of 1000000
NSE: Finished http-auth against 10.99.24.140:80.
NSE: Final http cache size (16814 bytes) of max size of 1000000
NSE: Finished http-date against 10.99.24.140:443.
NSE: Final http cache size (42028 bytes) of max size of 1000000
NSE: smb-brute: Remote operating system: Windows 5.1
NSE: smb-brute: Trying to get user list from server
NSE: Final http cache size (42076 bytes) of max size of 1000000
NSE: Final http cache size (42124 bytes) of max size of 1000000
NSE: Final http cache size (42180 bytes) of max size of 1000000
NSE: Finished http-date against 10.99.24.140:80.
NSE: Final http cache size (45499 bytes) of max size of 1000000
NSE: Got icon URL ./converter.ico.
NSE: http-favicon against 10.99.24.140:443 threw an error!
C:\Program Files\Nmap\scripts\http-favicon.nse:141: variable 'dirname' is not declared
stack traceback:
        [C]: in function 'error'
        C:\Program Files\Nmap\nselib/strict.lua:68: in function <C:\Program Files\Nmap\nse
lib/strict.lua:59>
        C:\Program Files\Nmap\scripts\http-favicon.nse:141: in function 'parse_url_relativ
e'
        C:\Program Files\Nmap\scripts\http-favicon.nse:85: in function <C:\Program Files\N
map\scripts\http-favicon.nse:48>
        (tail call): ?

NSE: Final http cache size (45547 bytes) of max size of 1000000
NSE: Finished http-passwd against 10.99.24.140:443.
NSE: Final http cache size (45595 bytes) of max size of 1000000
NSE: Finished http-passwd against 10.99.24.140:80.
NSE: Final http cache size (48914 bytes) of max size of 1000000
NSE: Finished html-title against 10.99.24.140:443.
NSE: Final http cache size (48914 bytes) of max size of 1000000
NSE: HTTP: Didn't receive expected response to HEAD request (got 301 Moved Permanently
).
NSE: http-headers.nse: HEAD request failed, falling back to GET
NSE: Final http cache size (48914 bytes) of max size of 1000000
NSE: HTTP: Host supports HEAD.
NSE: Total number of pipelined requests: 10
NSE: Final http cache size (48914 bytes) of max size of 1000000
NSE: HTTP: Didn't receive expected response to HEAD request (got 301 Moved Permanently
).
NSE: Checking if a GET request is going to work out
NSE: MSRPC: Failed to enumerate users through LSA: NT_STATUS_ACCESS_DENIED
NSE: Number of requests allowed by pipeline: 1
NSE: Final http cache size (48970 bytes) of max size of 1000000
NSE: Finished http-headers against 10.99.24.140:80.
NSE: Received only 0 of 1 expected reponses.
Decreasing max pipelined requests to 0.
NSE: C:\Program Files\Nmap\scripts\banner.nse failed for 10.99.24.140 on tcp port 445. Mes
sage: No Message.
NSE: Finished banner against 10.99.24.140:445.
Assertion failed: bytesleft > 0, file .\src\nsock_core.c, line 516

This application has requested the Runtime to terminate it in an unusual way.
Please contact the application's support team for more information.



Ron Meldau
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:

script bug MELDAU, RONALD J (Jan 21)
- Re: script bug Brandon Enright (Jan 22)
  - Re: script bug Kris Katterjohn (Jan 22)
- Re: script bug David Fifield (Jan 22)