Re: [NSE] DB2 library and scripts

[Djalal Harouni <tixxdz () gmail com>]

On 2010-05-10 17:03:50 +0200, Patrik Karlsson wrote:
> Hi again,
>
> Here's an updated threaded version of the db2-brute script. It seems to run well and quickly against my test systems.
> I failed to get condvar("signal") to work, as in the example, and had to switch to condvar("broadcast") instead.
> Can someone provide some insight into why this happens and to what I'm doing wrong?
> Also, the mutex I'm using to create and add to the nmap.registry.db2users table, is it necessary, and if it is, is it 
> implemented correctly?
If the nmap.registry.db2users table is used only in this script then the
best solution is to move the "if nmap.registry.db2users == nil then nmap.registry.db2users = {} end"
check to the action function to be executed only once and by the main thread, but
I think that you plan to use the nmap.registry.db2users with *multiple*
nse scripts then the best solution will be to use it inside the
library with the mutex code or to use the dependecies field (NSE parallelism).

If you are doing I/O operations on a global variable then you schould use
mutexes to synchronize reads, writes and checks. Nmap book [1] says that
"Nmap is single threaded so there are no (memory) issues in
synchronization to worry about;", however if you are doing checks "if global_var == nil" and the global_var is modified 
by an other code then mutexes are nessessary for threads and NSE scripts.
I have come across this problem when caching portmapper porgram list into the nmap
registry which is used by four NSE scripts. Pls correct me if I'm wrong.

For the failed condvar("signal") perhaps someone can tell us more.

[1] http://nmap.org/book/nse-parallelism.html

> Testing, feedback, suggestions and comments are welcome as always.
>
> //Patrik


> On 9 maj 2010, at 01.43, Patrick Donnelly wrote:
>
> > Hi Patrik,
> >
> > On Sat, May 8, 2010 at 6:25 PM, Patrik Karlsson <patrik () cqure net> wrote:
> > > Hi,
> > >
> > > I'm attaching a DB2 library I've been working on for a while.
> > > It provides basic functionality and is currently used by the following two new scripts:
> > > - db2-brute - password guessing against db2
> > > - db2-info - a re-writen version of Tom Sellers script that uses the new library
> > >
> > > The library is designed similar to the other ones I've written in the past and provides both a low- and high-level 
> > > interface.
> > > I'm interested in getting help testing it as I've currently only been able to run it against 9.7 on Windows and 
> > > Linux.
> > > Suggestions, corrections or any other feedback is always very welcome.
> >
> > Your db2-brute script should be extremely easy to parallelize [1].
> > Just make a new thread for every username/pwd combination. Mind giving
> > it a shot?
> >
> > [1] http://nmap.org/book/nse-parallelism.html#nse-parallelism-threads
> >
> > -- 
> > - Patrick Donnelly
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
>
> --
> Patrik Karlsson
> http://www.cqure.net
> http://www.twitter.com/nevdull77

> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/


-- 
tixxdz
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/