Re: Nmap comprehensive scan problem via Armitage

[Daniel Miller <bonsaiviking () gmail com>]

Ron,

According to 
https://code.google.com/p/armitage/source/browse/trunk/scripts/hosts.sl, 
a "Comprehensive" scan is "-sS -sU -T5 -A -v -PE -PP -PS80,443 -PA3389 
-PU40125 -PY -g 53 --script all"

Given that smb-flood is part of "all", it's no wonder this times out.

Dan

On 06/16/2011 04:35 PM, Ron wrote:
> Hey,
>
> I've never used Armitage before, and I don't know what a 'comprehensive scan' consists of. Can you provide the 
> commandline that Nmap is run with when doing that scan? It seems like the host-timeout argument or something similar might be too low.
>
> Ron
>
> On Sun, 15 May 2011 00:39:24 -0400 furikuri () hush com wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > Hello there,
> > Here is some background:
> > - -BackTrack5 linux with gnome 2.6
> > - -Nmap version 5.51
> > - -metasploit v3.7.1-release [core:3.7 api:1.0] at revision 12616
> > Now onto the problem: *keep in mind this is via Armitage*
> >
> > When i run any nmap scan other than comprehensive, everything seems
> > to work. The targets appear and some info in regards to them does
> > as well. On the other hand when i try to run comprehensive nmap,
> > everything appears to be fine until somewhere into 50% of service
> > scan, upon which the target apparently times out (this is all
> > within my home network and no matter what target yields the same
> > results with the comprehensive scan ). Here is what i get:
> >
> > [*] Nmap: Service scan Timing: About 46.67% done; ETC: 21:04
> > (0:11:58 remaining)
> > [*] Nmap: Completed Service scan at 20:52, 657.85s elapsed (1 host
> > timed out)
> > [*] Nmap: NSE: Script scanning 192.168.1.105.
> > [*] Nmap: Initiating NSE at 20:52
> > [*] Nmap: Completed NSE at 20:52, 4.50s elapsed
> > [*] Nmap: NSE: Script scanning 192.168.1.105.
> > [*] Nmap: Initiating NSE at 20:52
> > [*] Nmap: Completed NSE at 20:52, 0.11s elapsed
> > [*] Nmap: Nmap scan report for 192.168.1.105
> > [*] Nmap: Host is up (0.0016s latency).
> > [*] Nmap: Skipping host 192.168.1.105 due to host timeout
> > [*] Nmap: Read data files from: /opt/framework3/share/nmap
> > [*] Nmap: OS and Service detection performed. Please report any
> > incorrect results at http://nmap.org/submit/ .
> > [*] Nmap: Nmap done: 1 IP address (1 host up) scanned in 978.96
> > seconds
> > [*] Nmap: Raw packets sent: 3575 (119.079KB) | Rcvd: 1252 (54.174KB)
> > [-] Error while running command db_nmap: undefined method `[]' for
> > nil:NilClass
> >
> > Call stack:
> > /opt/framework3/msf3/lib/rex/parser/nmap_xml.rb:109:in `tag_start'
> > /opt/framework3/ruby/lib/ruby/1.9.1/rexml/parsers/streamparser.rb:24
> > :in `parse'
> > /opt/framework3/ruby/lib/ruby/1.9.1/rexml/document.rb:204:in
> > `parse_stream'
> > /opt/framework3/msf3/lib/msf/core/db.rb:3961:in `import_nmap_xml'
> > /opt/framework3/msf3/lib/msf/core/db.rb:3823:in
> > `import_nmap_xml_file'
> > /opt/framework3/msf3/lib/msf/ui/console/command_dispatcher/db.rb:157
> > 4:in `cmd_db_nmap'
> > /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:331:in
> > `run_command'
> > /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:293:in
> > `block in run_single'
> > /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in
> > `each'
> > /opt/framework3/msf3/lib/rex/ui/text/dispatcher_shell.rb:287:in
> > `run_single'
> > /opt/framework3/msf3/lib/rex/ui/text/shell.rb:143:in `run'
> > /opt/framework3/msf3/lib/msf/ui/web/console.rb:65:in `block in
> > initialize'
> > /opt/framework3/msf3/lib/msf/core/thread_manager.rb:64:in `call'
> > /opt/framework3/msf3/lib/msf/core/thread_manager.rb:64:in `block in
> > spawn'
> >
> > At first i though that i was at fault but after looking around i
> > found another person with the same problem. That person was told
> > that it was a bug and after posting my question on a board, i was
> > told the same thing. So hopefully this will get your attention. If
> > possible please respond and confirm whether it indeed is a bug!
> > Thank-you!
> > -----BEGIN PGP SIGNATURE-----
> > Charset: UTF8
> > Note: This signature can be verified at
> > https://www.hushtools.com/verify Version: Hush 3.0
> >
> > wsBcBAEBAgAGBQJNz1j8AAoJEOwvtPx290AsnFYH/1s+54dpyuCHLO0QMnwO92cpRhYo
> > owhfH5FTLV6bGYxmndy22pxfPBbaT2kFcIqJoUK54GNIWLsuYEUaxMwPGQQe6QIuPba3
> > 31uHrc3reV/WBWLiwA1agVuE45PVsX4D/Ogmv6oPANsXLblNe8L9mMbNPBoXRPraxS3r
> > mnu7cqzj06lIY8bB6ggTA4shXi759pafLyjIByKyaNDR3w4/OLxMVuXokKbpHtswmGS9
> > kaJWNsosaWJudUmYpsJzpLqMVoSLYPaXeLLXuXUhLy57M8emunLbKi3QCONbMFYO+W9p
> > XqLWMDJz+4c7KvrTfdYT/AAORkXDtEBY69uZqSZgGHs=
> > =b81v
> > -----END PGP SIGNATURE-----
> >
> > _______________________________________________
> > Sent through the nmap-dev mailing list
> > http://cgi.insecure.org/mailman/listinfo/nmap-dev
> > Archived at http://seclists.org/nmap-dev/
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/