Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Brute library bug in enumeration mode

From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 17 Aug 2016 16:09:41 -0500
Phil, Eli,

Thanks for the reports. I applied something like your patch in r36127.
We're still working through some of the pain from upgrading to Lua 5.3,
which uses separate integer and float types internally, so please continue
to report any crashes like this you may see.

Dan

On Tue, Aug 16, 2016 at 11:25 PM, Phil <mainframed767 () gmail com> wrote:


Thats unfortunate it was never fixed. Dev admins, is there a specific
reason this wasn’t patched? Should patches be submitted through github now?
Just curious on the current process.

Thanks for the update Eli.



On Aug 16, 2016, at 12:27 PM, Eli Shemer <eli.shemer () greensql com> wrote:

Hey Phil,

I addressed this problem a couple of weeks ago, but I got no response from
the mailing list.
You can try to apply my patch at the bottom of the mail.

Have a good day.

---------- Forwarded message ----------
From: Eli Shemer <eli.shemer () greensql com>
Date: Fri, Jul 29, 2016 at 10:18 PM
Subject: brute script - bad argument error
To: dev () nmap org, patrik () cqure net


On the current svn branch, I ran:
nmap -d  -sV --script http-brute.nse -p 80 localhost

and I got this error:
NSE: http-brute against localhost (127.0.0.1:80 <http://127.0.0.1/>)
threw an error!
/usr/local/nmap/bin/../share/nmap/nselib/brute.lua:721: bad argument #3
to 'format' (number has no integer representation)
stack traceback:
        [C]: in function 'string.format'
        /usr/local/nmap/bin/../share/nmap/nselib/brute.lua:721: in method
'start'
        /usr/local/nmap/share/nmap/scripts/http-brute.nse:163: in
function </usr/local/nmap/share/nmap/scripts/http-brute.nse:132>
        (...tail calls...)


This patch fixed it for me
[root@localhost nmap]# diff nselib/brute.lua
 /usr/local/nmap/bin/../share/nmap/nselib/brute.lua
721c721
<     result.Statistics = ("Performed %d guesses in %d seconds, average
tps: %d"):format( self.counter, time_diff, tps )
---

    result.Statistics = ("Performed %d guesses in %d seconds, average

tps: %f"):format( self.counter, time_diff, tps )



and I got the following output in the second run.

|_  Statistics: Performed 50009 guesses in 32 seconds, average tps:
1614.547619
|


On Tue, Aug 16, 2016 at 7:12 PM, Phil <mainframed767 () gmail com> wrote:


Just updated to most recent version on a blank vm to test this.
Basically, when using a script that uses:
engine.options.passonly = true
the script dies with:

/usr/local/bin/../share/nmap/nselib/brute.lua:721: bad argument #3 to
'format' (number has no integer representation)
stack traceback:
[C]: in function 'string.format'
/usr/local/bin/../share/nmap/nselib/brute.lua:721: in method 'start'
tso-enum.nse:204: in function <tso-enum.nse:193>
(...tail calls...)

Line 721 from brute.lua is:
result.Statistics = ("Performed %d guesses in %d seconds, average tps:
%d"):format( self.counter, time_diff, tps )

The source for the script I’m using is here: https://github.com/zedse
c390/NMAP/blob/master/tso-enum.nse

Version info:

Nmap version 7.25SVN ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: liblua-5.3.3 libpcre-8.38 nmap-libpcap-1.7.3
nmap-libdnet-1.12 ipv6
Compiled without: openssl
Available nsock engines: epoll poll select



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/





--
Eli Shemer | Software Engineer | GreenSQL |Office: +972-3-687-0033 |
Mobile:+ 972-54-617-5724| eli.shemer () greensql com www.greensql.com



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: