Nmap Development mailing list archives
Re: ms12-020 RDP Vuln script
From: David Fifield <david () bamsoftware com>
Date: Mon, 7 May 2012 15:49:05 -0700
On Mon, May 07, 2012 at 01:09:28PM +0200, Aleksandar Nikolic wrote:
Hi, as I mentioned on irc the other day, I was notified by some people that they have different results with this script when run with SYN scan and when run with full connect scan. Apparently script sometime fails when run with syn scan. I've been debugging this , and came to conclusion that Windows drops second connection attempt (the one from the script) if the first one was left hanging (as would happen with SYN only scan). David suggested that I add a simple stdnse.sleep(). I've tested that and it works. The script sleeps for one second, i've tried it down to 0.1 second, below that it still doesn't work. But just to make sure, I've set the sleep to 1 second. Hope that is not to big a slowdown ? I've attached a rather small patch for this. If it is ok , I can commit it later.
Nice job, the patch looks good. If 0.1 was the threshold for not-working for you, then let's set the sleep duration to 0.2 s. The comment should say that it's 0.2 s because 0.1 s is the lowest it was tested to work, and the comment should also explain what we think is happening: that reconnecting on the same port too quickly causes Windows to drop the second connection. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ms12-020 RDP Vuln script Aleksandar Nikolic (May 07)
- Re: ms12-020 RDP Vuln script David Fifield (May 07)