Evangelos Deirmentzoglou - GSoC status report #3 of 17

[Evangel Deirme <edeirme () gmail com>]

Hey everyone,


This is my report for the 3rd week of GSoC 2017.


---Status report #3 of 17---


29 May 2017


Accomplishments:


* Compiled the nmap version on Windows from the 2nd status report priorities

* Most of the changes in the ssh-brute branch are ported in a forked nmap
7.40 version

* Collaborated with George Chatzisophroniou and my mentor Fotis Chantzis on
debugging the identified bug

* Studied the nmap source code

* At this point, I believe the bug to be triggered by the new resource
management and error handling mechanism that was added on brute.lua.

A version of nmap was compiled which used the old brute.lua version and the
script was working properly. When compiling with the new version of
brute.lua the ssh-brute script was terminating prematurely.

I believe that the new brute.lua file is labeling a normal behavior of the
SSH protocol as erroneous and terminates the process. The “normal” behavior
is an EOF message received by the SSH server which I think is the
SSH_MSG_CHANNEL_EOF message which is sent when the server does not wish to
send any more data to the client.

This EOF message seems to be interpreted by the new brute.lua as an error.
I’m still debugging this part which means that this might all be in my head.

* An updated bug-free version of nmap 7.40 with the ssh-brute script was
compiled on Kali. This version used the old brute.lua file. Still working
on the Windows version


Priorities:

* Dig deeper, identify the root of the bug and solve it

* Resolve merge conflicts with the main branch



Thanks,


Evangelos Deirmentzoglou

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/