Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Malicious web server can make nmap consume all RAM memory.

From: el draco <eldraco () gmail com>
Date: Wed, 8 Apr 2015 17:41:31 +0200
Thanks David. It was my mistake I completely miss that conversation.
Amazing how similar the test was.
sebas

On Wed, Apr 8, 2015 at 5:08 PM, David Fifield <david () bamsoftware com> wrote:

On Wed, Apr 08, 2015 at 01:06:16PM +0200, el draco wrote:

* Second experiment
nmap -sS -A -n -v -d -p 8800 localhost

Now nmap is using -A, and the nse scripts get stuck in the honeypot.
Maybe the nse engine is vulnerable. The vulnerable http requests were:

GET /flumemaster.jsp (flume-master-info)
GET /rs-status
GET /
GET /jobtracker.jsp
GET /master.jsp
OPTIONS /
GET /tasktracker.jsp
GET /browseDirectory.jsp
GET /status.jsp
GET /dfshealth.jsp
GET /robots.txt

These requests are done by some nse scripts, they were connected for
2:09 minutes and downloaded 105MB each. Which actually killed the
machine running nmap because it filled its 4GB ram in 2 minutes. I had
to manually stop nmap in order to recover the machine.


Thanks for your message. Please see this recent thread on the same
topic:

http://seclists.org/nmap-dev/2015/q2/6

David Fifield
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




-- 
https://pgp.mit.edu/pks/lookup?op=get&search=0x9D9A358CA10F1601
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: