Nmap Development mailing list archives
ssh-hostkey.nse "threw an error!" - attempt to get length of local 'bdata' (a nil value)
From: "Forrest B." <forrest () securitymetrics com>
Date: Tue, 16 Dec 2014 17:51:21 -0700
Hey all! I've encountered an error in the ssh-hostkey.nse script that is happening on FreeBSD 9.2 running Nmap 6.40 as well as on Debian Jessie running Nmap 6.47. I tried looking up the error message and found two previous threads on the list that turned up in dead-ends. The first request for help shows up here: http://seclists.org/nmap-dev/2013/q3/151 That thread mentions that the reporter should get the latest version of the NSE from svn.nmap.org. He does and reports back no success. This was the last message in the thread. I tried just that on both machines and am still getting the same error. The second request appears here: http://seclists.org/nmap-dev/2013/q3/158 In this thread, a --script-trace was requested, but apparently never delivered. No further mailings in that thread. So here I am, requesting assistance for this same issue. Hopefully third time's a charm! I am including the output from Nmap including the -vvv -dd and --script-trace flags. I have scrubbed the source and destination addresses instead replacing them with S.S.S.S and T.T.T.T, respectively. Unfortunately this target is only accessible locally, so I may need to act as a go-between for any additional testing. # nmap -n -p 22 --script=ssh-hostkey T.T.T.T -vvv -dd --script-trace Starting Nmap 6.47 ( http://nmap.org ) at 2014-12-16 16:31 MST Fetchfile found /usr/bin/../share/nmap/nmap-services Fetchfile found /usr/bin/../share/nmap/nmap.xsl The max # of sockets we are using is: 0 --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.2. Fetchfile found /usr/bin/../share/nmap/nse_main.lua Fetchfile found /usr/bin/../share/nmap/nselib/stdnse.lua Fetchfile found /usr/bin/../share/nmap/nselib/strict.lua Fetchfile found /usr/bin/../share/nmap/scripts/script.db NSE: Script Arguments seen from CLI: NSE: { } Fetchfile found /usr/bin/../share/nmap/scripts/ssh-hostkey.nse NSE: Script ssh-hostkey.nse was selected by name. Fetchfile found /usr/bin/../share/nmap/nselib/ipOps.lua Fetchfile found /usr/bin/../share/nmap/nselib/unittest.lua Fetchfile found /usr/bin/../share/nmap/nselib/nsedebug.lua Fetchfile found /usr/bin/../share/nmap/nselib/listop.lua Fetchfile found /usr/bin/../share/nmap/nselib/shortport.lua Fetchfile found /usr/bin/../share/nmap/nselib/ssh1.lua Fetchfile found /usr/bin/../share/nmap/nselib/ssh2.lua Fetchfile found /usr/bin/../share/nmap/nselib/base64.lua NSE: Loaded 1 scripts for scanning. NSE: Loaded '/usr/bin/../share/nmap/scripts/ssh-hostkey.nse'. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Fetchfile found /usr/bin/../share/nmap/nmap-payloads Initiating Ping Scan at 16:31 Scanning T.T.T.T [4 ports] Packet capture filter (device br0): dst host S.S.S.S and (icmp or icmp6 or ((tcp or udp or sctp) and (src host T.T.T.T))) We got a ping packet back from T.T.T.T: id = 30356 seq = 0 checksum = 35179 ultrascan_host_probe_update called for machine T.T.T.T state UNKNOWN -> HOST_UP (trynum 0 time: 1001328) Changing ping technique for T.T.T.T to icmp type 8 code 0 Changing global ping host to T.T.T.T. Completed Ping Scan at 16:31, 1.03s elapsed (1 total hosts) Overall sending rates: 3.87 packets / s, 147.01 bytes / s. Initiating SYN Stealth Scan at 16:31 T.T.T.T pingprobe type ICMP is inappropriate for this scan type; resetting. Scanning T.T.T.T [1 port] Packet capture filter (device br0): dst host S.S.S.S and (icmp or icmp6 or ((tcp or udp or sctp) and (src host T.T.T.T))) Discovered open port 22/tcp on T.T.T.T Changing ping technique for T.T.T.T to tcp to port 22; flags: S Ultrascan DROPPED probe packet to T.T.T.T detected Increased max_successful_tryno for T.T.T.T to 1 (packet drop) Changing global ping host to T.T.T.T. Completed SYN Stealth Scan at 16:31, 0.30s elapsed (1 total ports) Overall sending rates: 6.72 packets / s, 295.83 bytes / s. NSE: Script scanning T.T.T.T. NSE: Starting runlevel 1 (of 1) scan. NSE: Starting 'ssh-hostkey' (thread: 0x18f6000) against T.T.T.T:22. Initiating NSE at 16:31 NSE: TCP S.S.S.S:48259 > T.T.T.T:22 | CONNECT NSE: TCP S.S.S.S:48259 < T.T.T.T:22 | SSH-1.99-Cisco-1.25 NSE: TCP S.S.S.S:48259 > T.T.T.T:22 | 00000000: 53 53 48 2d 31 2e 35 2d 4e 6d 61 70 2d 53 53 48 SSH-1.5-Nmap-SSH 00000010: 31 2d 48 6f 73 74 6b 65 79 0d 0a 1-Hostkey NSE: TCP S.S.S.S:48259 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48259 < T.T.T.T:22 | 00000000: 00 00 01 0f 00 02 7f 0e e3 0c 33 c7 23 ec 00 00 3 # 00000010: 03 00 00 18 01 00 01 03 00 d9 b4 1c 8c 4a c3 1c J 00000020: b9 00 e2 99 73 da 7c d5 a5 c2 4b de c5 77 b1 1e s | K w 00000030: 00 e4 10 54 8c 83 57 a1 9b 84 f6 ec f8 85 e5 e8 T W 00000040: 05 e7 42 da e4 da 4c f7 ee ca 96 e2 2b e0 3a f6 B L + : 00000050: 4c 60 5c db a2 f3 f4 d3 74 41 f1 d0 bc e5 e3 a7 L`\ tA 00000060: 22 00 d8 d5 67 a6 68 76 11 ed e3 46 2c 8f f8 8b " g hv F, 00000070: 43 b6 07 ee 6e dd b7 da e7 00 00 04 00 00 18 01 C n 00000080: 00 01 04 00 c1 d6 a5 3d d3 f3 17 0b 55 15 a6 b5 = U 00000090: ae b1 c2 8d 04 23 f6 57 cf 54 fc cd 15 e9 d3 cc # W T 000000a0: a1 57 08 3b 58 67 81 5a 1c bf 80 92 c5 b3 f0 c9 W ;Xg Z 000000b0: 45 38 e5 3d 8c f9 c8 39 6e a6 78 74 d2 99 f9 e8 E8 = 9n xt 000000c0: 31 df 22 6a 86 33 1d 87 dd 5a a5 6a 18 05 eb 2d 1 "j 3 Z j - 000000d0: 2d 0b b0 ca 47 78 80 12 57 1c f4 23 a9 97 5e 32 - Gx W # ^2 000000e0: 78 ad 8f 5f fa 2e 4a f7 7c 0f 86 f3 b0 a7 72 05 x _ .J | r 000000f0: c4 8a ad 0d ac be b3 d2 53 c3 57 43 68 22 5d a4 S WCh"] 00000100: 05 4a 52 79 00 00 00 00 00 00 00 0c 00 00 00 08 JRy 00000110: 66 9c 26 24 f &$ NSE: TCP S.S.S.S:48259 > T.T.T.T:22 | CLOSE NSE: TCP S.S.S.S:48260 > T.T.T.T:22 | CONNECT NSE: TCP S.S.S.S:48260 < T.T.T.T:22 | SSH-1.99-Cisco-1.25 NSE: TCP S.S.S.S:48260 > T.T.T.T:22 | 00000000: 53 53 48 2d 32 2e 30 2d 4e 6d 61 70 2d 53 53 48 SSH-2.0-Nmap-SSH 00000010: 32 2d 48 6f 73 74 6b 65 79 0d 0a 2-Hostkey NSE: TCP S.S.S.S:48260 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48260 > T.T.T.T:22 | 00000000: 00 00 01 5c 04 14 d4 5d 31 16 3b bb c2 32 94 ed \ ]1 ; 2 00000010: f7 56 cb 51 1c 3c 00 00 00 1a 64 69 66 66 69 65 V Q < diffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman-group1- 00000030: 73 68 61 31 00 00 00 07 73 73 68 2d 64 73 73 00 sha1 ssh-dss 00000040: 00 00 57 61 65 73 31 32 38 2d 63 62 63 2c 33 64 Waes128-cbc,3d 00000050: 65 73 2d 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d es-cbc,blowfish- 00000060: 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 cbc,aes192-cbc,a 00000070: 65 73 32 35 36 2d 63 62 63 2c 61 65 73 31 32 38 es256-cbc,aes128 00000080: 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 74 72 2c -ctr,aes192-ctr, 00000090: 61 65 73 32 35 36 2d 63 74 72 00 00 00 57 61 65 aes256-ctr Wae 000000a0: 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 62 s128-cbc,3des-cb 000000b0: 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c 61 c,blowfish-cbc,a 000000c0: 65 73 31 39 32 2d 63 62 63 2c 61 65 73 32 35 36 es192-cbc,aes256 000000d0: 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 2c -cbc,aes128-ctr, 000000e0: 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 aes192-ctr,aes25 000000f0: 36 2d 63 74 72 00 00 00 21 68 6d 61 63 2d 6d 64 6-ctr !hmac-md 00000100: 35 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 5,hmac-sha1,hmac 00000110: 2d 72 69 70 65 6d 64 31 36 30 00 00 00 21 68 6d -ripemd160 !hm 00000120: 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 73 68 61 31 ac-md5,hmac-sha1 00000130: 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 00 ,hmac-ripemd160 00000140: 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 none none 00000150: 00 00 00 00 00 00 00 00 00 00 00 00 a1 5b 12 3e [ > NSE: TCP S.S.S.S:48260 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48260 < T.T.T.T:22 | 00000000: 00 00 01 54 05 14 ad 0b 0a 9c c0 0d 5d 6d 1b 8c T ]m 00000010: e1 ac 22 09 f0 86 00 00 00 59 64 69 66 66 69 65 " Ydiffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 -hellman-group-e 00000030: 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 xchange-sha1,dif 00000040: 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou 00000050: 70 31 34 2d 73 68 61 31 2c 64 69 66 66 69 65 2d p14-sha1,diffie- 00000060: 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 hellman-group1-s 00000070: 68 61 31 00 00 00 07 73 73 68 2d 72 73 61 00 00 ha1 ssh-rsa 00000080: 00 29 61 65 73 31 32 38 2d 63 62 63 2c 33 64 65 )aes128-cbc,3de 00000090: 73 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 s-cbc,aes192-cbc 000000a0: 2c 61 65 73 32 35 36 2d 63 62 63 00 00 00 29 61 ,aes256-cbc )a 000000b0: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 000000c0: 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 bc,aes192-cbc,ae 000000d0: 73 32 35 36 2d 63 62 63 00 00 00 2b 68 6d 61 63 s256-cbc +hmac 000000e0: 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d -sha1,hmac-sha1- 000000f0: 39 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 96,hmac-md5,hmac 00000100: 2d 6d 64 35 2d 39 36 00 00 00 2b 68 6d 61 63 2d -md5-96 +hmac- 00000110: 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 39 sha1,hmac-sha1-9 00000120: 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6,hmac-md5,hmac- 00000130: 6d 64 35 2d 39 36 00 00 00 04 6e 6f 6e 65 00 00 md5-96 none 00000140: 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 none 00000150: 00 00 00 00 00 00 00 00 NSE: Hostkey type 'ssh-dss' not supported by server. NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | CONNECT NSE: TCP S.S.S.S:48261 < T.T.T.T:22 | SSH-1.99-Cisco-1.25 NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | 00000000: 53 53 48 2d 32 2e 30 2d 4e 6d 61 70 2d 53 53 48 SSH-2.0-Nmap-SSH 00000010: 32 2d 48 6f 73 74 6b 65 79 0d 0a 2-Hostkey NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | 00000000: 00 00 01 5c 04 14 d4 1e b8 b7 59 e3 c4 8a ba b6 \ Y 00000010: cf 99 27 2d c8 e8 00 00 00 1a 64 69 66 66 69 65 '- diffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman-group1- 00000030: 73 68 61 31 00 00 00 07 73 73 68 2d 72 73 61 00 sha1 ssh-rsa 00000040: 00 00 57 61 65 73 31 32 38 2d 63 62 63 2c 33 64 Waes128-cbc,3d 00000050: 65 73 2d 63 62 63 2c 62 6c 6f 77 66 69 73 68 2d es-cbc,blowfish- 00000060: 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 cbc,aes192-cbc,a 00000070: 65 73 32 35 36 2d 63 62 63 2c 61 65 73 31 32 38 es256-cbc,aes128 00000080: 2d 63 74 72 2c 61 65 73 31 39 32 2d 63 74 72 2c -ctr,aes192-ctr, 00000090: 61 65 73 32 35 36 2d 63 74 72 00 00 00 57 61 65 aes256-ctr Wae 000000a0: 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 62 s128-cbc,3des-cb 000000b0: 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c 61 c,blowfish-cbc,a 000000c0: 65 73 31 39 32 2d 63 62 63 2c 61 65 73 32 35 36 es192-cbc,aes256 000000d0: 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 2c -cbc,aes128-ctr, 000000e0: 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 35 aes192-ctr,aes25 000000f0: 36 2d 63 74 72 00 00 00 21 68 6d 61 63 2d 6d 64 6-ctr !hmac-md 00000100: 35 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 5,hmac-sha1,hmac 00000110: 2d 72 69 70 65 6d 64 31 36 30 00 00 00 21 68 6d -ripemd160 !hm 00000120: 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 73 68 61 31 ac-md5,hmac-sha1 00000130: 2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 00 ,hmac-ripemd160 00000140: 00 00 04 6e 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 none none 00000150: 00 00 00 00 00 00 00 00 00 00 00 00 77 ab 08 80 w NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48261 < T.T.T.T:22 | 00000000: 00 00 01 54 05 14 f2 49 75 25 a9 67 55 aa 38 01 T Iu% gU 8 00000010: 5a 02 34 b5 1f c4 00 00 00 59 64 69 66 66 69 65 Z 4 Ydiffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 -hellman-group-e 00000030: 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 xchange-sha1,dif 00000040: 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou 00000050: 70 31 34 2d 73 68 61 31 2c 64 69 66 66 69 65 2d p14-sha1,diffie- 00000060: 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 hellman-group1-s 00000070: 68 61 31 00 00 00 07 73 73 68 2d 72 73 61 00 00 ha1 ssh-rsa 00000080: 00 29 61 65 73 31 32 38 2d 63 62 63 2c 33 64 65 )aes128-cbc,3de 00000090: 73 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 s-cbc,aes192-cbc 000000a0: 2c 61 65 73 32 35 36 2d 63 62 63 00 00 00 29 61 ,aes256-cbc )a 000000b0: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 000000c0: 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 bc,aes192-cbc,ae 000000d0: 73 32 35 36 2d 63 62 63 00 00 00 2b 68 6d 61 63 s256-cbc +hmac 000000e0: 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d -sha1,hmac-sha1- 000000f0: 39 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 96,hmac-md5,hmac 00000100: 2d 6d 64 35 2d 39 36 00 00 00 2b 68 6d 61 63 2d -md5-96 +hmac- 00000110: 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 39 sha1,hmac-sha1-9 00000120: 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6,hmac-md5,hmac- 00000130: 6d 64 35 2d 39 36 00 00 00 04 6e 6f 6e 65 00 00 md5-96 none 00000140: 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 none 00000150: 00 00 00 00 00 00 00 00 NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | 00000000: 00 00 00 8c 05 1e 00 00 00 81 00 77 76 cb 05 82 wv 00000010: 98 54 36 44 8e 44 c0 ec 4a d3 93 11 12 20 f9 be T6D D J 00000020: 99 f2 62 75 00 9d 69 69 9a a8 a5 f0 f5 6d 97 5d bu ii m ] 00000030: 59 25 fd da af 75 69 a5 0c 08 9c e7 53 9d 02 10 Y% ui S 00000040: 7e a0 2b 0f 6b ab e5 0c 4d 6a 38 0c 38 b6 ac ee ~ + k Mj8 8 00000050: ae 62 e3 bb 80 d0 2e 5d 05 ac 23 5e ee ef 49 5b b .] #^ I[ 00000060: f7 c5 5c c5 8d c2 92 c0 4d 3c a1 00 13 24 71 85 \ M< $q 00000070: 3b f0 37 04 e6 55 51 7e 81 d9 2a 97 56 e2 67 1d ; 7 UQ~ * V g 00000080: 4a d5 29 a9 9a ae 29 f3 b1 ce 1c 58 62 c8 22 93 J ) ) Xb " NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48261 < T.T.T.T:22 | 00000000: 00 00 00 44 0b 01 00 00 00 02 00 00 00 2b 44 48 D +DH 00000010: 20 70 75 62 6c 69 63 20 6b 65 79 20 73 69 7a 65 public key size 00000020: 20 3e 20 44 48 20 67 72 6f 75 70 20 6b 65 79 20 > DH group key 00000030: 73 69 7a 65 28 31 32 38 29 00 00 00 00 00 00 00 size(128) 00000040: 00 00 00 00 00 00 00 00 NSE: TCP S.S.S.S:48262 > T.T.T.T:22 | CONNECT NSE: TCP S.S.S.S:48262 < T.T.T.T:22 | SSH-1.99-Cisco-1.25 NSE: TCP S.S.S.S:48262 > T.T.T.T:22 | 00000000: 53 53 48 2d 32 2e 30 2d 4e 6d 61 70 2d 53 53 48 SSH-2.0-Nmap-SSH 00000010: 32 2d 48 6f 73 74 6b 65 79 0d 0a 2-Hostkey NSE: TCP S.S.S.S:48262 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48262 > T.T.T.T:22 | 00000000: 00 00 01 6c 08 14 cb e1 c4 92 e3 4f 49 0d 14 fb l OI 00000010: d5 a1 07 a7 46 9e 00 00 00 1a 64 69 66 66 69 65 F diffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman-group1- 00000030: 73 68 61 31 00 00 00 13 65 63 64 73 61 2d 73 68 sha1 ecdsa-sh 00000040: 61 32 2d 6e 69 73 74 70 32 35 36 00 00 00 57 61 a2-nistp256 Wa 00000050: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 00000060: 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c bc,blowfish-cbc, 00000070: 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 32 35 aes192-cbc,aes25 00000080: 36 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 6-cbc,aes128-ctr 00000090: 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 ,aes192-ctr,aes2 000000a0: 35 36 2d 63 74 72 00 00 00 57 61 65 73 31 32 38 56-ctr Waes128 000000b0: 2d 63 62 63 2c 33 64 65 73 2d 63 62 63 2c 62 6c -cbc,3des-cbc,bl 000000c0: 6f 77 66 69 73 68 2d 63 62 63 2c 61 65 73 31 39 owfish-cbc,aes19 000000d0: 32 2d 63 62 63 2c 61 65 73 32 35 36 2d 63 62 63 2-cbc,aes256-cbc 000000e0: 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 ,aes128-ctr,aes1 000000f0: 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 92-ctr,aes256-ct 00000100: 72 00 00 00 21 68 6d 61 63 2d 6d 64 35 2c 68 6d r !hmac-md5,hm 00000110: 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 72 69 70 ac-sha1,hmac-rip 00000120: 65 6d 64 31 36 30 00 00 00 21 68 6d 61 63 2d 6d emd160 !hmac-m 00000130: 64 35 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 d5,hmac-sha1,hma 00000140: 63 2d 72 69 70 65 6d 64 31 36 30 00 00 00 04 6e c-ripemd160 n 00000150: 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 one none 00000160: 00 00 00 00 00 00 00 00 de 8e ab d9 c7 d4 16 3a : NSE: TCP S.S.S.S:48262 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48262 < T.T.T.T:22 | 00000000: 00 00 01 54 05 14 bd c4 c6 56 57 d1 11 83 be 93 T VW 00000010: da dd f3 ca 22 a8 00 00 00 59 64 69 66 66 69 65 " Ydiffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 -hellman-group-e 00000030: 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 xchange-sha1,dif 00000040: 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou 00000050: 70 31 34 2d 73 68 61 31 2c 64 69 66 66 69 65 2d p14-sha1,diffie- 00000060: 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 hellman-group1-s 00000070: 68 61 31 00 00 00 07 73 73 68 2d 72 73 61 00 00 ha1 ssh-rsa 00000080: 00 29 61 65 73 31 32 38 2d 63 62 63 2c 33 64 65 )aes128-cbc,3de 00000090: 73 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 s-cbc,aes192-cbc 000000a0: 2c 61 65 73 32 35 36 2d 63 62 63 00 00 00 29 61 ,aes256-cbc )a 000000b0: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 000000c0: 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 bc,aes192-cbc,ae 000000d0: 73 32 35 36 2d 63 62 63 00 00 00 2b 68 6d 61 63 s256-cbc +hmac 000000e0: 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d -sha1,hmac-sha1- 000000f0: 39 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 96,hmac-md5,hmac 00000100: 2d 6d 64 35 2d 39 36 00 00 00 2b 68 6d 61 63 2d -md5-96 +hmac- 00000110: 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 39 sha1,hmac-sha1-9 00000120: 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6,hmac-md5,hmac- 00000130: 6d 64 35 2d 39 36 00 00 00 04 6e 6f 6e 65 00 00 md5-96 none 00000140: 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 none 00000150: 00 00 00 00 00 00 00 00 NSE: Hostkey type 'ecdsa-sha2-nistp256' not supported by server. NSE: TCP S.S.S.S:48263 > T.T.T.T:22 | CONNECT NSE: TCP S.S.S.S:48263 < T.T.T.T:22 | SSH-1.99-Cisco-1.25 NSE: TCP S.S.S.S:48263 > T.T.T.T:22 | 00000000: 53 53 48 2d 32 2e 30 2d 4e 6d 61 70 2d 53 53 48 SSH-2.0-Nmap-SSH 00000010: 32 2d 48 6f 73 74 6b 65 79 0d 0a 2-Hostkey NSE: TCP S.S.S.S:48263 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48263 > T.T.T.T:22 | 00000000: 00 00 01 6c 08 14 24 bc aa 30 3c 9c 17 4e 8f 1e l $ 0< N 00000010: d7 14 75 04 ef c7 00 00 00 1a 64 69 66 66 69 65 u diffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman-group1- 00000030: 73 68 61 31 00 00 00 13 65 63 64 73 61 2d 73 68 sha1 ecdsa-sh 00000040: 61 32 2d 6e 69 73 74 70 33 38 34 00 00 00 57 61 a2-nistp384 Wa 00000050: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 00000060: 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c bc,blowfish-cbc, 00000070: 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 32 35 aes192-cbc,aes25 00000080: 36 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 6-cbc,aes128-ctr 00000090: 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 ,aes192-ctr,aes2 000000a0: 35 36 2d 63 74 72 00 00 00 57 61 65 73 31 32 38 56-ctr Waes128 000000b0: 2d 63 62 63 2c 33 64 65 73 2d 63 62 63 2c 62 6c -cbc,3des-cbc,bl 000000c0: 6f 77 66 69 73 68 2d 63 62 63 2c 61 65 73 31 39 owfish-cbc,aes19 000000d0: 32 2d 63 62 63 2c 61 65 73 32 35 36 2d 63 62 63 2-cbc,aes256-cbc 000000e0: 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 ,aes128-ctr,aes1 000000f0: 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 92-ctr,aes256-ct 00000100: 72 00 00 00 21 68 6d 61 63 2d 6d 64 35 2c 68 6d r !hmac-md5,hm 00000110: 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 72 69 70 ac-sha1,hmac-rip 00000120: 65 6d 64 31 36 30 00 00 00 21 68 6d 61 63 2d 6d emd160 !hmac-m 00000130: 64 35 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 d5,hmac-sha1,hma 00000140: 63 2d 72 69 70 65 6d 64 31 36 30 00 00 00 04 6e c-ripemd160 n 00000150: 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 one none 00000160: 00 00 00 00 00 00 00 00 8b fc 9f 6c 26 4d be 65 l&M e NSE: TCP S.S.S.S:48263 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48263 < T.T.T.T:22 | 00000000: 00 00 01 54 05 14 5c be c4 f5 24 2d 25 81 1d 35 T \ $-% 5 00000010: 4b 3b e0 49 73 f0 00 00 00 59 64 69 66 66 69 65 K; Is Ydiffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 -hellman-group-e 00000030: 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 xchange-sha1,dif 00000040: 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou 00000050: 70 31 34 2d 73 68 61 31 2c 64 69 66 66 69 65 2d p14-sha1,diffie- 00000060: 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 hellman-group1-s 00000070: 68 61 31 00 00 00 07 73 73 68 2d 72 73 61 00 00 ha1 ssh-rsa 00000080: 00 29 61 65 73 31 32 38 2d 63 62 63 2c 33 64 65 )aes128-cbc,3de 00000090: 73 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 s-cbc,aes192-cbc 000000a0: 2c 61 65 73 32 35 36 2d 63 62 63 00 00 00 29 61 ,aes256-cbc )a 000000b0: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 000000c0: 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 bc,aes192-cbc,ae 000000d0: 73 32 35 36 2d 63 62 63 00 00 00 2b 68 6d 61 63 s256-cbc +hmac 000000e0: 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d -sha1,hmac-sha1- 000000f0: 39 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 96,hmac-md5,hmac 00000100: 2d 6d 64 35 2d 39 36 00 00 00 2b 68 6d 61 63 2d -md5-96 +hmac- 00000110: 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 39 sha1,hmac-sha1-9 00000120: 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6,hmac-md5,hmac- 00000130: 6d 64 35 2d 39 36 00 00 00 04 6e 6f 6e 65 00 00 md5-96 none 00000140: 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 none 00000150: 00 00 00 00 00 00 00 00 NSE: Hostkey type 'ecdsa-sha2-nistp384' not supported by server. NSE: TCP S.S.S.S:48264 > T.T.T.T:22 | CONNECT NSE: TCP S.S.S.S:48264 < T.T.T.T:22 | SSH-1.99-Cisco-1.25 NSE: TCP S.S.S.S:48264 > T.T.T.T:22 | 00000000: 53 53 48 2d 32 2e 30 2d 4e 6d 61 70 2d 53 53 48 SSH-2.0-Nmap-SSH 00000010: 32 2d 48 6f 73 74 6b 65 79 0d 0a 2-Hostkey NSE: TCP S.S.S.S:48264 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48264 > T.T.T.T:22 | 00000000: 00 00 01 6c 08 14 ef a4 18 19 b0 42 1a d8 07 74 l B t 00000010: 6e c0 e8 d5 be 6b 00 00 00 1a 64 69 66 66 69 65 n k diffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d -hellman-group1- 00000030: 73 68 61 31 00 00 00 13 65 63 64 73 61 2d 73 68 sha1 ecdsa-sh 00000040: 61 32 2d 6e 69 73 74 70 35 32 31 00 00 00 57 61 a2-nistp521 Wa 00000050: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 00000060: 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63 2c bc,blowfish-cbc, 00000070: 61 65 73 31 39 32 2d 63 62 63 2c 61 65 73 32 35 aes192-cbc,aes25 00000080: 36 2d 63 62 63 2c 61 65 73 31 32 38 2d 63 74 72 6-cbc,aes128-ctr 00000090: 2c 61 65 73 31 39 32 2d 63 74 72 2c 61 65 73 32 ,aes192-ctr,aes2 000000a0: 35 36 2d 63 74 72 00 00 00 57 61 65 73 31 32 38 56-ctr Waes128 000000b0: 2d 63 62 63 2c 33 64 65 73 2d 63 62 63 2c 62 6c -cbc,3des-cbc,bl 000000c0: 6f 77 66 69 73 68 2d 63 62 63 2c 61 65 73 31 39 owfish-cbc,aes19 000000d0: 32 2d 63 62 63 2c 61 65 73 32 35 36 2d 63 62 63 2-cbc,aes256-cbc 000000e0: 2c 61 65 73 31 32 38 2d 63 74 72 2c 61 65 73 31 ,aes128-ctr,aes1 000000f0: 39 32 2d 63 74 72 2c 61 65 73 32 35 36 2d 63 74 92-ctr,aes256-ct 00000100: 72 00 00 00 21 68 6d 61 63 2d 6d 64 35 2c 68 6d r !hmac-md5,hm 00000110: 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 72 69 70 ac-sha1,hmac-rip 00000120: 65 6d 64 31 36 30 00 00 00 21 68 6d 61 63 2d 6d emd160 !hmac-m 00000130: 64 35 2c 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 d5,hmac-sha1,hma 00000140: 63 2d 72 69 70 65 6d 64 31 36 30 00 00 00 04 6e c-ripemd160 n 00000150: 6f 6e 65 00 00 00 04 6e 6f 6e 65 00 00 00 00 00 one none 00000160: 00 00 00 00 00 00 00 00 f0 fc ef d7 71 d4 71 c7 q q NSE: TCP S.S.S.S:48264 > T.T.T.T:22 | SEND NSE: TCP S.S.S.S:48264 < T.T.T.T:22 | 00000000: 00 00 01 54 05 14 24 6e f6 0f 1f 05 b7 1f 02 06 T $n 00000010: d5 c9 8f 4d 2b 68 00 00 00 59 64 69 66 66 69 65 M+h Ydiffie 00000020: 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 2d 65 -hellman-group-e 00000030: 78 63 68 61 6e 67 65 2d 73 68 61 31 2c 64 69 66 xchange-sha1,dif 00000040: 66 69 65 2d 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 fie-hellman-grou 00000050: 70 31 34 2d 73 68 61 31 2c 64 69 66 66 69 65 2d p14-sha1,diffie- 00000060: 68 65 6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 hellman-group1-s 00000070: 68 61 31 00 00 00 07 73 73 68 2d 72 73 61 00 00 ha1 ssh-rsa 00000080: 00 29 61 65 73 31 32 38 2d 63 62 63 2c 33 64 65 )aes128-cbc,3de 00000090: 73 2d 63 62 63 2c 61 65 73 31 39 32 2d 63 62 63 s-cbc,aes192-cbc 000000a0: 2c 61 65 73 32 35 36 2d 63 62 63 00 00 00 29 61 ,aes256-cbc )a 000000b0: 65 73 31 32 38 2d 63 62 63 2c 33 64 65 73 2d 63 es128-cbc,3des-c 000000c0: 62 63 2c 61 65 73 31 39 32 2d 63 62 63 2c 61 65 bc,aes192-cbc,ae 000000d0: 73 32 35 36 2d 63 62 63 00 00 00 2b 68 6d 61 63 s256-cbc +hmac 000000e0: 2d 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d -sha1,hmac-sha1- 000000f0: 39 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 96,hmac-md5,hmac 00000100: 2d 6d 64 35 2d 39 36 00 00 00 2b 68 6d 61 63 2d -md5-96 +hmac- 00000110: 73 68 61 31 2c 68 6d 61 63 2d 73 68 61 31 2d 39 sha1,hmac-sha1-9 00000120: 36 2c 68 6d 61 63 2d 6d 64 35 2c 68 6d 61 63 2d 6,hmac-md5,hmac- 00000130: 6d 64 35 2d 39 36 00 00 00 04 6e 6f 6e 65 00 00 md5-96 none 00000140: 00 04 6e 6f 6e 65 00 00 00 00 00 00 00 00 00 00 none 00000150: 00 00 00 00 00 00 00 00 NSE: Hostkey type 'ecdsa-sha2-nistp521' not supported by server. NSE: 'ssh-hostkey' (thread: 0x18f6000) against T.T.T.T:22 threw an error! /usr/bin/../share/nmap/nselib/base64.lua:138: attempt to get length of local 'bdata' (a nil value) stack traceback: /usr/bin/../share/nmap/nselib/base64.lua:138: in function 'enc' /usr/bin/../share/nmap/scripts/ssh-hostkey.nse:303: in function </usr/bin/../share/nmap/scripts/ssh-hostkey.nse:267> (...tail calls...) NSE: TCP S.S.S.S:48263 > T.T.T.T:22 | CLOSE NSE: TCP S.S.S.S:48262 > T.T.T.T:22 | CLOSE NSE: TCP S.S.S.S:48260 > T.T.T.T:22 | CLOSE NSE: TCP S.S.S.S:48261 > T.T.T.T:22 | CLOSE NSE: TCP S.S.S.S:48264 > T.T.T.T:22 | CLOSE Completed NSE at 16:31, 0.43s elapsed Nmap scan report for T.T.T.T Host is up, received echo-reply (0.0033s latency). Scanned at 2014-12-16 16:31:09 MST for 2s PORT STATE SERVICE REASON 22/tcp open ssh syn-ack Final times for host: srtt: 3288 rttvar: 3654 to: 100000 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. NSE: Starting 'ssh-hostkey' (thread: 0x192c0b0). Initiating NSE at 16:31 NSE: Finished 'ssh-hostkey' (thread: 0x192c0b0). Completed NSE at 16:31, 0.00s elapsed Read from /usr/bin/../share/nmap: nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 2.17 seconds Raw packets sent: 6 (240B) | Rcvd: 3 (116B) _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- ssh-hostkey.nse "threw an error!" - attempt to get length of local 'bdata' (a nil value) Forrest B. (Dec 16)
- Re: ssh-hostkey.nse "threw an error!" - attempt to get length of local 'bdata' (a nil value) Daniel Miller (Dec 16)