RE: dev Digest, Vol 93, Issue 19

[jimmy gambino <s3curityplu5 () outlook com>]

Rob, This is James, G. (responding about the Slow Installer), well I let it go and then windows update restarted my 
machine before it could finish installing.  When I rebooted, I tried it aGAIN, and it worked fine.  It must have been 
one of those weird Glitches I guess, only a one-time thing, hopefully it doesn't happen to anyone else, but it was the 
only program that I ever saw take that long, and yes I have ESET Endpoint Security, but never had that happen before.  
Thanks for the response.  Everything seems fine now.  You know how weird things happen sometimes, well that was 
definitely one of those things.  

> From: dev-request () nmap org
> Subject: dev Digest, Vol 93, Issue 19
> To: dev () nmap org
> Date: Thu, 13 Dec 2012 04:41:50 -0800
>
> Send dev mailing list submissions to
>       dev () nmap org
>
> To subscribe or unsubscribe via the World Wide Web, visit
>       http://nmap.org/mailman/listinfo/dev
> or, via email, send a message with subject or body 'help' to
>       dev-request () nmap org
>
> You can reach the person managing the list at
>       dev-owner () nmap org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of dev digest..."
>
>
> Today's Topics:
>
>    1. Re: [NSE] murmur-version Murmur server version detection
>       script (David Fifield)
>    2. Re: [NSE] http-git patches (David Fifield)
>    3. Re: Usage of docs/sample-script.nse? (Fyodor)
>    4. Nullsoft nmap 6.25 installer takes 4 days+ to install after
>       removing        old version (james g)
>    5. Re: Usage of docs/sample-script.nse? (John Bond)
>    6. RE: 6.25 Windows Installer On Win8 64bit Has Premature Reboot
>       (Rob Nicholls)
>    7. RE: Nullsoft nmap 6.25 installer takes 4 days+ to install
>       after   removing        old version (Rob Nicholls)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 12 Dec 2012 15:42:51 -0800
> From: David Fifield <david () bamsoftware com>
> To: Marin Mar?i? <marzic () gmail com>
> Cc: dev () nmap org
> Subject: Re: [NSE] murmur-version Murmur server version detection
>       script
> Message-ID: <20121212234250.GG7659 () ignominy bamsoftware com>
> Content-Type: text/plain; charset=utf-8
>
> On Wed, Dec 12, 2012 at 08:40:32PM +0100, Marin Mar?i? wrote:
> > Hey,
> >
> > The payload seems to be working:
> >
> > # Murmur 1.2.X (Mumble server)
> > udp 64738 "\x00\x00\x00\x00abcdefgh"
> >
> > The recommended port is the default port that a lot of servers use and
> > the program default, but it's common to see the server ran on other port
> > numbers (guess that's the usual situation).
>
> Thanks, I've committed it.
>
> > I had made a nmap-service-probes thing prior to going with NSE. Would a
> > thing like the following match line somehow be possible?
> >
> > match murmur m|^\0(.)(.)(.)abcdefgh(.{4})(.{4})(.{4})$|s p/Murmur voice
> > communication (Mumble server)/ v/$1.$2.$3/ i/#users: $4, #max users: $5,
> > speech bandwidth: $6 bps/
> >
> > The problem is the regex captured parts are binary 1byte and 4byte big
> > endian ints, i.e. they aren't ascii. Can that somehow be converted to
> > ascii with some helper function for output?
> >
> > Anyway, since I didn't know how to do output with that, I first
> > hardcoded all supported known version numbers in the match lines (the
> > last one is generic and doesn't differentiate between versions). In the
> > end I chose to use the NSE because this was ugly :).
> >
> > Probe UDP Murmur q|\0\0\0\0abcdefgh|
> > rarity 1
> > ports 64738
> >
> > match murmur m|^\0\x01\x02\0abcdefgh.{12}$|s p/Murmur voice
> > communication (Mumble server)/ v/1.2.0/
> > match murmur m|^\0\x01\x02\x01abcdefgh.{12}$|s p/Murmur voice
> > communication (Mumble server)/ v/1.2.1/
> > match murmur m|^\0\x01\x02\x02abcdefgh.{12}$|s p/Murmur voice
> > communication (Mumble server)/ v/1.2.2/
> > match murmur m|^\0\x01\x02\x03abcdefgh.{12}$|s p/Murmur voice
> > communication (Mumble server)/ v/1.2.3/
> > match murmur m|^\0\x01\x02\x04abcdefgh.{12}$|s p/Murmur voice
> > communication (Mumble server)/ v/1.2.4/
> > match murmur m|^\0.{3}abcdefgh.{12}$|s p/Murmur voice communication
> > (Mumble server)/ v/1.2.X/
>
> An NSE script sounds like the right way to go. We have a similar battery
> of service matches for bitcoin in the service database, but the script
> is better.
>
> David Fifield
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 12 Dec 2012 20:18:57 -0800
> From: David Fifield <david () bamsoftware com>
> To: Alex Weber <alexwebr () gmail com>
> Cc: dev () nmap org
> Subject: Re: [NSE] http-git patches
> Message-ID: <20121213041857.GR7659 () ignominy bamsoftware com>
> Content-Type: text/plain; charset=us-ascii
>
> On Tue, Dec 11, 2012 at 03:50:50PM -0600, Alex Weber wrote:
> > Thank-you for doing that bisection and fixing the problem.
> >
> > I made the changes you suggested, and a lot of code was touched, so the
> > patches are big. While making the changes, I had a code review done and
> > made some style changes to enhance readability and bring http-git closer
> > to the style of the other NSE scripts.
>
> Excellent job, Alex. These changes look great. I applied them in r30386.
>
> The way you handled the patches was fine.
>
> David Fifield
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 12 Dec 2012 21:09:36 -0800
> From: Fyodor <fyodor () nmap org>
> To: John Bond <john.r.bond () gmail com>
> Cc: nmap-dev <nmap-dev () insecure org>
> Subject: Re: Usage of docs/sample-script.nse?
> Message-ID:
>       <CAJjO9MkmCW=N2ARJG2V6XO6hFD_PvmfZokEifRtDxCnU0sb00A () mail gmail com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Wed, Dec 12, 2012 at 10:31 AM, John Bond <john.r.bond () gmail com> wrote:
>
> > Hi Fyodor,
> >
> > I just took a look at the script.  TBH i didn't know it existed, that said
> > i think i would have been very useful when i first started writing scripts.
> >  It also looks like a good reference for people like me that are not
> > writing lua/nse every day/week/month.  If you where to drop this i would
> > probably store a copy in my git repo for my own reference purposes.
> >
> > The fact that i didn't find it is a shame, although i am more then happy to
> > admit this was my fault it was in the docs section after all.  One thing i
> > would suggest is that it is also included on http://nmap.org/nsedoc/ and
> > perhaps a pointer to the file in http://nmap.org/book/man-nse.html
>
>
> I'm afraid your mail came a little late.  After receiving now responses in
> a week to my email asking if anyone used it, I removed it on Monday
> (r30374).  But it's still there in svn, you just need to specify a revision
> number (e.g. 30373) now:
>
> https://svn.nmap.org/nmap/docs/sample-script.nse?p=30373
>
> Cheers,
> Fyodor
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 11 Dec 2012 10:19:25 -0500
> From: james g <jgnetworksecurity () outlook com>
> To: <dev () nmap org>
> Subject: Nullsoft nmap 6.25 installer takes 4 days+ to install after
>       removing        old version
> Message-ID: <COL120-DS1170583F47707111A3E28EB94E0 () phx gbl>
> Content-Type: text/plain; charset="us-ascii"
>
> I had Nmap 6.01 installed on a Windows 7x64 laptop.  I always have a couple
> of virtual servers running in the background, but have never seen an
> installer take this long to install any program.  I just wanted to report
> it, I know that my system has a lot running but still don't think that the
> installer should take this long.  It has been 4 days and it is still
> running.  I have watched it remove each file and module from the old
> version, about 1 file every 10 minutes or so, and now it is extracting the
> new version slowly.  Is there an install log that I can check out created
> when this new installer is used?  Maybe you guys have heard this from
> someone else, or maybe I just have too much shit running on my machine.
> Thanks.
>
>
>
> ------------------------------
>
> Message: 5
> Date: Thu, 13 Dec 2012 12:14:32 +0100
> From: John Bond <john.r.bond () gmail com>
> To: nmap-dev <nmap-dev () insecure org>
> Subject: Re: Usage of docs/sample-script.nse?
> Message-ID:
>       <CAAEq_+utHnsPJRZ1QVaUyhazkiodbQaBVTadQ7wEmuk4-0PTwQ () mail gmail com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Ok i thought i may have been a little late.  thanks for the link ill take a
> copy for my self.
>
> cheers
> john
>
>
> On 13 December 2012 06:09, Fyodor <fyodor () nmap org> wrote:
>
> > On Wed, Dec 12, 2012 at 10:31 AM, John Bond <john.r.bond () gmail com> wrote:
> >
> > > Hi Fyodor,
> > >
> > > I just took a look at the script.  TBH i didn't know it existed, that said
> > > i think i would have been very useful when i first started writing
> > > scripts.
> > >  It also looks like a good reference for people like me that are not
> > > writing lua/nse every day/week/month.  If you where to drop this i would
> > > probably store a copy in my git repo for my own reference purposes.
> > >
> > > The fact that i didn't find it is a shame, although i am more then happy
> > > to
> > > admit this was my fault it was in the docs section after all.  One thing i
> > > would suggest is that it is also included on http://nmap.org/nsedoc/ and
> > > perhaps a pointer to the file in http://nmap.org/book/man-nse.html
> >
> >
> > I'm afraid your mail came a little late.  After receiving now responses in
> > a week to my email asking if anyone used it, I removed it on Monday
> > (r30374).  But it's still there in svn, you just need to specify a revision
> > number (e.g. 30373) now:
> >
> > https://svn.nmap.org/nmap/docs/sample-script.nse?p=30373
> >
> > Cheers,
> > Fyodor
>
>
> ------------------------------
>
> Message: 6
> Date: Thu, 13 Dec 2012 12:20:47 -0000
> From: "Rob Nicholls" <robert () robnicholls co uk>
> To: "'Jonathan Lorenz'" <noc007 () hotmail com>,      <dev () nmap org>
> Subject: RE: 6.25 Windows Installer On Win8 64bit Has Premature Reboot
> Message-ID: <001201cdd92c$48be4570$da3ad050$@robnicholls.co.uk>
> Content-Type: text/plain;     charset="us-ascii"
>
> Hi Jonathan,
>
> > Description:Using the installer for nmap 6.25 to install on Win8, the OS
> > attempts to restart when the WinPcap installer is initiated and will not
> > complete the install.
>
> On a clean install, our WinPcap installer simply creates a few files in the
> appropriate places and creates a new service using Windows API calls (if
> WinPcap wasn't already present, this shouldn't hit any problems), it
> shouldn't force or request a system restart (AFAIK there isn't any code in
> our NSIS script that tries to perform a restart).
>
> The only thing I can think of that *might* result in a restart (because we
> didn't write it ourselves, but I've not seen any evidence of this happening
> when I search the Internet) is because our installer silently installs the
> Visual C++ Redistributable files (different versions for Nmap and Zenmap),
> with the 2010 version installed before the WinPcap installer is launched,
> and the 2008 version installed afterwards (your system tried to restart
> before this point, so I'm inclined to rule the 2008 one out); but we should
> be installing the latest versions and I haven't spotted this problem on any
> of my test Windows 8 x64 VMs or a Windows Server 2012 installation (I had to
> create a new Win8 x64 VM yesterday evening and the Nmap installation went
> fine on it few minutes ago).
>
> > Luckily I had several apps that needed input and prevented
> > the reboot so the install could continue. Perhaps it would be worth noting
> on
> > the web page of this; easy workaround would be to have an app like notepad
> > open with something that would prompt one to save or discard their work.
>
> Thank you for reporting this; but unless it becomes a common problem, I'm
> inclined to think the restart was caused by something unrelated (perhaps
> Windows Update, or something similar, was automatically installing
> updates?).
>  
> Rob
>
>
>
>
> ------------------------------
>
> Message: 7
> Date: Thu, 13 Dec 2012 12:41:43 -0000
> From: "Rob Nicholls" <robert () robnicholls co uk>
> To: "'james g'" <jgnetworksecurity () outlook com>,   <dev () nmap org>
> Subject: RE: Nullsoft nmap 6.25 installer takes 4 days+ to install
>       after   removing        old version
> Message-ID: <001301cdd92f$35201e00$9f605a00$@robnicholls.co.uk>
> Content-Type: text/plain;     charset="us-ascii"
>
> Hi James,
>
> > I had Nmap 6.01 installed on a Windows 7x64 laptop.  I always have a
> couple
> > of virtual servers running in the background, but have never seen an
> installer
> > take this long to install any program.  I just wanted to report it, I know
> that
> > my system has a lot running but still don't think that the installer
> should take
> > this long.  It has been 4 days and it is still running.  I have watched it
> remove
> > each file and module from the old version, about 1 file every 10 minutes
> or
> > so, and now it is extracting the new version slowly.
>
> That does sound ridiculously slow! I'm not sure why it's taking around 10
> minutes to delete a file. Deleting files should be a simple thing for the
> NSIS installer to perform (it's not like it has to decompress the files,
> which might at least explain why extracting the new version is slower, but
> it shouldn't be that slow!). Do you have anything like anti-virus software
> that might be checking each file on access before allowing the file to be
> deleted (or created)?
>
> > Is there an install log that
> > I can check out created when this new installer is used?
>
> I'm afraid not, sorry. If you click on the "Show Details" button during the
> installation you can see what it's done/doing (the installer launches
> "silent" installations of the Microsoft Visual C++ Redistributables, which
> may take a long time without any feedback in the Nmap installer), but we
> don't currently create an install.log file (I suspect you'd see exactly the
> same information though).
>
> Thanks for letting us know, I'm not sure why it's going so slow, but I doubt
> it should take days to do anything. Are other applications (with high CPU or
> disk access) experiencing similar performance problems, or just the Nmap
> installer?
>
> Rob
>
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> dev mailing list
> dev () nmap org
> http://nmap.org/mailman/listinfo/dev
>
>
> ------------------------------
>
> End of dev Digest, Vol 93, Issue 19
> ***********************************
                                          
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/