Nmap Development mailing list archives
Re: [NSE] isakmp aggressive mode and version detection
From: Jesper Kückelhahn <dev.kyckel () gmail com>
Date: Sun, 27 Jan 2013 11:23:30 +0100
Hi David, I see where things go wrong, and I've attached an updated 'ike.lua' file, that now checks for the case you are seeing. - Jesper On Sun, Jan 27, 2013 at 7:35 AM, David Fifield <david () bamsoftware com>wrote:
On Mon, Jan 21, 2013 at 07:16:18PM +0100, Jesper Kückelhahn wrote:I'm sorry that I didn't include instructions for the script and files. I've tried to follow the convention currently used for file locations, which means that the script assumes that the files 'ike.lua' and 'ike-fingerprints.lua' are placed in 'nmap/nselib/' and 'nmap/nselib/data/', respectively. I think the error you are seeing is a consequence of 'ike-fingerprints.lua' not being found and loaded correctly. In my testing I've used the following syntax: # nmap --script=ike-version -p500 -sUV --version-intensity=0 -dd TARGET The script uses the same port as the an isakmp service is listening on (UDP port 500) for socket:bind, so running a isakmp service on localhost could be causing some issues ? This can be changed in line 332 in 'ike.lua'.I got isakmp running on an OS X host and the script is still not working for me. $ sudo ./nmap --script=ike-version -p500 -sUV --version-intensity=0 -dd 192.168.0.3 NSE: Starting 'ike-version' (thread: 0x17bf580) against 192.168.0.3:500. Initiating NSE at 22:32 Fetchfile found /home/david/nmap-git/nmap-rpc NSOCK INFO [5.3670s] nsi_new2(): nsi_new (IOD #1) NSOCK INFO [5.3830s] nsock_connect_udp(): UDP connection requested to 192.168.0.3:500 (IOD #1) EID 8 NSE: Sending Aggressive mode packet ... NSOCK INFO [5.3830s] nsi_new2(): nsi_new (IOD #2) NSOCK INFO [5.3860s] nsock_connect_udp(): UDP connection requested to 192.168.0.3:500 (IOD #2) EID 16 NSOCK INFO [5.3860s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [192.168.0.3:500] NSOCK INFO [5.3860s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 16 [192.168.0.3:500] NSOCK INFO [5.3860s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 27 [192.168.0.3:500] NSOCK INFO [5.3860s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 35 [192.168.0.3:500] NSOCK INFO [5.3860s] nsock_readbytes(): Read request for 1 bytes from IOD #1 [192.168.0.3:500] EID 42 NSOCK INFO [5.3860s] nsock_readlines(): Read request for 1 lines from IOD #2 [192.168.0.3:500] EID 50 NSOCK INFO [5.3970s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 50 [192.168.0.3:500] (285 bytes) NSOCK INFO [5.4360s] nsi_delete(): nsi_delete (IOD #2) NSE: IKE: Found IKE Header: 01: SA NSE: IKE: Found IKE Header: 04: Key Exchange NSE: IKE: Found IKE Header: 0A: Nonce NSE: IKE: Found IKE Header: 05: ID NSE: IKE: Found IKE Header: 08: Hash NSE: 'ike-version' (thread: 0x17bf580) against 192.168.0.3:500 threw an error! /home/david/nmap-git/nselib/ike.lua:183: bad argument #1 to 'pairs' (table expected, got nil) stack traceback: [C]: in function 'pairs' /home/david/nmap-git/nselib/ike.lua:183: in function 'lookup' /home/david/nmap-git/nselib/ike.lua:310: in function </home/david/nmap-git/nselib/ike.lua:290> (...tail calls...) /home/david/nmap-git/scripts/ike-version.nse:58: in function 'get_version' /home/david/nmap-git/scripts/ike-version.nse:100: in function </home/david/nmap-git/scripts/ike-version.nse:99> (...tail calls...) NSOCK INFO [35.3860s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 42 [192.168.0.3:500] NSE: rpc-grind: isRPC didn't receive response. NSE: Target port 500 is not a RPC port. NSE: Finished 'rpc-grind' (thread: 0x17ad180) against 192.168.0.3:500. NSOCK INFO [35.3870s] nsi_delete(): nsi_delete (IOD #1) Completed NSE at 22:33, 30.02s elapsed I have the files where they should be, I think: $ git st # On branch master # Untracked files: # (use "git add <file>..." to include in what will be committed) # # nselib/data/ike-fingerprints.lua # nselib/ike.lua # scripts/ike-version.nse ike-scan returns something: $ sudo ike-scan 192.168.0.3 Starting ike-scan 1.9 with 1 hosts ( http://www.nta-monitor.com/tools/ike-scan/) 192.168.0.3 Main Mode Handshake returned HDR=(CKY-R=5cb2bd6e239aef89) SA=(Enc=3DES Hash=SHA1 Auth=PSK Group=2:modp1024 LifeType=Seconds LifeDuration(4)=0x00007080) VID=afcad71368a1f1c96b8696fc77570100 (Dead Peer Detection v1.0) Ending ike-scan 1.9: 1 hosts scanned in 0.008 seconds (119.95 hosts/sec). 1 returned handshake; 0 returned notify David Fifield
Attachment:
ike.lua
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 19)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 20)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 21)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 26)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 27)
- Message not available
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 27)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 27)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 28)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 28)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 29)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 29)
- Re: [NSE] isakmp aggressive mode and version detection Jesper Kückelhahn (Jan 21)
- Re: [NSE] isakmp aggressive mode and version detection David Fifield (Jan 20)