Re: ms12-020 RDP Vuln script

[David Fifield <david () bamsoftware com>]

On Mon, May 07, 2012 at 01:09:28PM +0200, Aleksandar Nikolic wrote:
> Hi,
>
> as I mentioned on irc the other day, I was notified by some people
> that they have different results with this script when run with SYN
> scan and when run with full connect scan. Apparently script sometime
> fails when run with syn scan. I've been debugging this , and came to
> conclusion that Windows drops second connection attempt (the one from
> the script) if the first one was left hanging (as would happen with
> SYN only scan). David suggested that I add a simple stdnse.sleep().
> I've tested that and it works. The script sleeps for one second, i've
> tried it down to 0.1 second, below that it still doesn't work. But
> just to make sure, I've set the sleep to 1 second. Hope that is not to
> big a slowdown ?
>
> I've attached a rather small patch for this. If it is ok , I can
> commit it later.

Nice job, the patch looks good.

If 0.1 was the threshold for not-working for you, then let's set the
sleep duration to 0.2 s.

The comment should say that it's 0.2 s because 0.1 s is the lowest it
was tested to work, and the comment should also explain what we think is
happening: that reconnecting on the same port too quickly causes Windows
to drop the second connection.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/