Nmap Development mailing list archives
RE: dev Digest, Vol 93, Issue 19
From: jimmy gambino <s3curityplu5 () outlook com>
Date: Thu, 13 Dec 2012 08:27:32 -0500
Rob, This is James, G. (responding about the Slow Installer), well I let it go and then windows update restarted my machine before it could finish installing. When I rebooted, I tried it aGAIN, and it worked fine. It must have been one of those weird Glitches I guess, only a one-time thing, hopefully it doesn't happen to anyone else, but it was the only program that I ever saw take that long, and yes I have ESET Endpoint Security, but never had that happen before. Thanks for the response. Everything seems fine now. You know how weird things happen sometimes, well that was definitely one of those things.
From: dev-request () nmap org Subject: dev Digest, Vol 93, Issue 19 To: dev () nmap org Date: Thu, 13 Dec 2012 04:41:50 -0800 Send dev mailing list submissions to dev () nmap org To subscribe or unsubscribe via the World Wide Web, visit http://nmap.org/mailman/listinfo/dev or, via email, send a message with subject or body 'help' to dev-request () nmap org You can reach the person managing the list at dev-owner () nmap org When replying, please edit your Subject line so it is more specific than "Re: Contents of dev digest..." Today's Topics: 1. Re: [NSE] murmur-version Murmur server version detection script (David Fifield) 2. Re: [NSE] http-git patches (David Fifield) 3. Re: Usage of docs/sample-script.nse? (Fyodor) 4. Nullsoft nmap 6.25 installer takes 4 days+ to install after removing old version (james g) 5. Re: Usage of docs/sample-script.nse? (John Bond) 6. RE: 6.25 Windows Installer On Win8 64bit Has Premature Reboot (Rob Nicholls) 7. RE: Nullsoft nmap 6.25 installer takes 4 days+ to install after removing old version (Rob Nicholls) ---------------------------------------------------------------------- Message: 1 Date: Wed, 12 Dec 2012 15:42:51 -0800 From: David Fifield <david () bamsoftware com> To: Marin Mar?i? <marzic () gmail com> Cc: dev () nmap org Subject: Re: [NSE] murmur-version Murmur server version detection script Message-ID: <20121212234250.GG7659 () ignominy bamsoftware com> Content-Type: text/plain; charset=utf-8 On Wed, Dec 12, 2012 at 08:40:32PM +0100, Marin Mar?i? wrote:Hey, The payload seems to be working: # Murmur 1.2.X (Mumble server) udp 64738 "\x00\x00\x00\x00abcdefgh" The recommended port is the default port that a lot of servers use and the program default, but it's common to see the server ran on other port numbers (guess that's the usual situation).Thanks, I've committed it.I had made a nmap-service-probes thing prior to going with NSE. Would a thing like the following match line somehow be possible? match murmur m|^\0(.)(.)(.)abcdefgh(.{4})(.{4})(.{4})$|s p/Murmur voice communication (Mumble server)/ v/$1.$2.$3/ i/#users: $4, #max users: $5, speech bandwidth: $6 bps/ The problem is the regex captured parts are binary 1byte and 4byte big endian ints, i.e. they aren't ascii. Can that somehow be converted to ascii with some helper function for output? Anyway, since I didn't know how to do output with that, I first hardcoded all supported known version numbers in the match lines (the last one is generic and doesn't differentiate between versions). In the end I chose to use the NSE because this was ugly :). Probe UDP Murmur q|\0\0\0\0abcdefgh| rarity 1 ports 64738 match murmur m|^\0\x01\x02\0abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.0/ match murmur m|^\0\x01\x02\x01abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.1/ match murmur m|^\0\x01\x02\x02abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.2/ match murmur m|^\0\x01\x02\x03abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.3/ match murmur m|^\0\x01\x02\x04abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.4/ match murmur m|^\0.{3}abcdefgh.{12}$|s p/Murmur voice communication (Mumble server)/ v/1.2.X/An NSE script sounds like the right way to go. We have a similar battery of service matches for bitcoin in the service database, but the script is better. David Fifield ------------------------------ Message: 2 Date: Wed, 12 Dec 2012 20:18:57 -0800 From: David Fifield <david () bamsoftware com> To: Alex Weber <alexwebr () gmail com> Cc: dev () nmap org Subject: Re: [NSE] http-git patches Message-ID: <20121213041857.GR7659 () ignominy bamsoftware com> Content-Type: text/plain; charset=us-ascii On Tue, Dec 11, 2012 at 03:50:50PM -0600, Alex Weber wrote:Thank-you for doing that bisection and fixing the problem. I made the changes you suggested, and a lot of code was touched, so the patches are big. While making the changes, I had a code review done and made some style changes to enhance readability and bring http-git closer to the style of the other NSE scripts.Excellent job, Alex. These changes look great. I applied them in r30386. The way you handled the patches was fine. David Fifield ------------------------------ Message: 3 Date: Wed, 12 Dec 2012 21:09:36 -0800 From: Fyodor <fyodor () nmap org> To: John Bond <john.r.bond () gmail com> Cc: nmap-dev <nmap-dev () insecure org> Subject: Re: Usage of docs/sample-script.nse? Message-ID: <CAJjO9MkmCW=N2ARJG2V6XO6hFD_PvmfZokEifRtDxCnU0sb00A () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 On Wed, Dec 12, 2012 at 10:31 AM, John Bond <john.r.bond () gmail com> wrote:Hi Fyodor, I just took a look at the script. TBH i didn't know it existed, that said i think i would have been very useful when i first started writing scripts. It also looks like a good reference for people like me that are not writing lua/nse every day/week/month. If you where to drop this i would probably store a copy in my git repo for my own reference purposes. The fact that i didn't find it is a shame, although i am more then happy to admit this was my fault it was in the docs section after all. One thing i would suggest is that it is also included on http://nmap.org/nsedoc/ and perhaps a pointer to the file in http://nmap.org/book/man-nse.htmlI'm afraid your mail came a little late. After receiving now responses in a week to my email asking if anyone used it, I removed it on Monday (r30374). But it's still there in svn, you just need to specify a revision number (e.g. 30373) now: https://svn.nmap.org/nmap/docs/sample-script.nse?p=30373 Cheers, Fyodor ------------------------------ Message: 4 Date: Tue, 11 Dec 2012 10:19:25 -0500 From: james g <jgnetworksecurity () outlook com> To: <dev () nmap org> Subject: Nullsoft nmap 6.25 installer takes 4 days+ to install after removing old version Message-ID: <COL120-DS1170583F47707111A3E28EB94E0 () phx gbl> Content-Type: text/plain; charset="us-ascii" I had Nmap 6.01 installed on a Windows 7x64 laptop. I always have a couple of virtual servers running in the background, but have never seen an installer take this long to install any program. I just wanted to report it, I know that my system has a lot running but still don't think that the installer should take this long. It has been 4 days and it is still running. I have watched it remove each file and module from the old version, about 1 file every 10 minutes or so, and now it is extracting the new version slowly. Is there an install log that I can check out created when this new installer is used? Maybe you guys have heard this from someone else, or maybe I just have too much shit running on my machine. Thanks. ------------------------------ Message: 5 Date: Thu, 13 Dec 2012 12:14:32 +0100 From: John Bond <john.r.bond () gmail com> To: nmap-dev <nmap-dev () insecure org> Subject: Re: Usage of docs/sample-script.nse? Message-ID: <CAAEq_+utHnsPJRZ1QVaUyhazkiodbQaBVTadQ7wEmuk4-0PTwQ () mail gmail com> Content-Type: text/plain; charset=ISO-8859-1 Ok i thought i may have been a little late. thanks for the link ill take a copy for my self. cheers john On 13 December 2012 06:09, Fyodor <fyodor () nmap org> wrote:On Wed, Dec 12, 2012 at 10:31 AM, John Bond <john.r.bond () gmail com> wrote:Hi Fyodor, I just took a look at the script. TBH i didn't know it existed, that said i think i would have been very useful when i first started writing scripts. It also looks like a good reference for people like me that are not writing lua/nse every day/week/month. If you where to drop this i would probably store a copy in my git repo for my own reference purposes. The fact that i didn't find it is a shame, although i am more then happy to admit this was my fault it was in the docs section after all. One thing i would suggest is that it is also included on http://nmap.org/nsedoc/ and perhaps a pointer to the file in http://nmap.org/book/man-nse.htmlI'm afraid your mail came a little late. After receiving now responses in a week to my email asking if anyone used it, I removed it on Monday (r30374). But it's still there in svn, you just need to specify a revision number (e.g. 30373) now: https://svn.nmap.org/nmap/docs/sample-script.nse?p=30373 Cheers, Fyodor------------------------------ Message: 6 Date: Thu, 13 Dec 2012 12:20:47 -0000 From: "Rob Nicholls" <robert () robnicholls co uk> To: "'Jonathan Lorenz'" <noc007 () hotmail com>, <dev () nmap org> Subject: RE: 6.25 Windows Installer On Win8 64bit Has Premature Reboot Message-ID: <001201cdd92c$48be4570$da3ad050$@robnicholls.co.uk> Content-Type: text/plain; charset="us-ascii" Hi Jonathan,Description:Using the installer for nmap 6.25 to install on Win8, the OS attempts to restart when the WinPcap installer is initiated and will not complete the install.On a clean install, our WinPcap installer simply creates a few files in the appropriate places and creates a new service using Windows API calls (if WinPcap wasn't already present, this shouldn't hit any problems), it shouldn't force or request a system restart (AFAIK there isn't any code in our NSIS script that tries to perform a restart). The only thing I can think of that *might* result in a restart (because we didn't write it ourselves, but I've not seen any evidence of this happening when I search the Internet) is because our installer silently installs the Visual C++ Redistributable files (different versions for Nmap and Zenmap), with the 2010 version installed before the WinPcap installer is launched, and the 2008 version installed afterwards (your system tried to restart before this point, so I'm inclined to rule the 2008 one out); but we should be installing the latest versions and I haven't spotted this problem on any of my test Windows 8 x64 VMs or a Windows Server 2012 installation (I had to create a new Win8 x64 VM yesterday evening and the Nmap installation went fine on it few minutes ago).Luckily I had several apps that needed input and prevented the reboot so the install could continue. Perhaps it would be worth notingonthe web page of this; easy workaround would be to have an app like notepad open with something that would prompt one to save or discard their work.Thank you for reporting this; but unless it becomes a common problem, I'm inclined to think the restart was caused by something unrelated (perhaps Windows Update, or something similar, was automatically installing updates?). Rob ------------------------------ Message: 7 Date: Thu, 13 Dec 2012 12:41:43 -0000 From: "Rob Nicholls" <robert () robnicholls co uk> To: "'james g'" <jgnetworksecurity () outlook com>, <dev () nmap org> Subject: RE: Nullsoft nmap 6.25 installer takes 4 days+ to install after removing old version Message-ID: <001301cdd92f$35201e00$9f605a00$@robnicholls.co.uk> Content-Type: text/plain; charset="us-ascii" Hi James,I had Nmap 6.01 installed on a Windows 7x64 laptop. I always have acoupleof virtual servers running in the background, but have never seen aninstallertake this long to install any program. I just wanted to report it, I knowthatmy system has a lot running but still don't think that the installershould takethis long. It has been 4 days and it is still running. I have watched itremoveeach file and module from the old version, about 1 file every 10 minutesorso, and now it is extracting the new version slowly.That does sound ridiculously slow! I'm not sure why it's taking around 10 minutes to delete a file. Deleting files should be a simple thing for the NSIS installer to perform (it's not like it has to decompress the files, which might at least explain why extracting the new version is slower, but it shouldn't be that slow!). Do you have anything like anti-virus software that might be checking each file on access before allowing the file to be deleted (or created)?Is there an install log that I can check out created when this new installer is used?I'm afraid not, sorry. If you click on the "Show Details" button during the installation you can see what it's done/doing (the installer launches "silent" installations of the Microsoft Visual C++ Redistributables, which may take a long time without any feedback in the Nmap installer), but we don't currently create an install.log file (I suspect you'd see exactly the same information though). Thanks for letting us know, I'm not sure why it's going so slow, but I doubt it should take days to do anything. Are other applications (with high CPU or disk access) experiencing similar performance problems, or just the Nmap installer? Rob ------------------------------ Subject: Digest Footer _______________________________________________ dev mailing list dev () nmap org http://nmap.org/mailman/listinfo/dev ------------------------------ End of dev Digest, Vol 93, Issue 19 ***********************************
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- RE: dev Digest, Vol 93, Issue 19 jimmy gambino (Dec 13)