Re: Ncat File Transfer Brokenness

[David Fifield <david () bamsoftware com>]

On Sat, Feb 27, 2010 at 02:46:18PM -0800, David Millis wrote:
> This is the only sender-connects/listener-receives file transfer arrangement that works for me. (WinXP, ncat 5.21)
>
> ncat -l -p 1234 > somefile.zip
> type somefile.zip | ncat -vvn -i 3000 --send-only 192.168.1.1 1234
>
>
> The following terminated early leaving files varying between 8 ad 40k in size.
>
> ncat -vvvn -e "cmd /c \"type somefile.zip\"" --send-only 192.168.1.1 1234
> UnixUtils' cat.exe was similarly affected.
>
> NCAT DEBUG: Executing: cmd /c "type ghost.exe"
> NCAT DEBUG: Creating named pipe "\\.\pipe\ncat-0"
> NCAT DEBUG: Register subprocess 00000728 at index 0.
> NCAT DEBUG: Subprocess ended with exit code 259.
> NCAT DEBUG: Unregister subprocess 00000728 from index 0.
> NCAT DEBUG: Terminating subprocesses
> NCAT DEBUG: max_index 1

I started to check this out. What's happening is an error 10035,
WSAEWOULDBLOCK. That's breaking the subprocess loop, which is why the
exit code is 259, or STILL_ACTIVE, because the process hasn't really
stopped.

This same problem had been observed on Unix. Venkat Sanaka fixed it last
year by making the socket blocking before execing the subprocess. The
same code should work for Windows but apparently it isn't.

http://seclists.org/nmap-dev/2009/q2/635

> These send everything but don't disconnect, hence the timeout at the top.
>
> ncat -vvn --send-only 192.168.1.1 1234 < somefile.zip
> type somefile.zip | ncat -vvn --send-only 192.168.1.1 1234

This was just fixed, see http://seclists.org/nmap-dev/2010/q1/727.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/