gmane.comp.security.nmap.devel

Nmap 6 bug: get_srcaddr

Martin Clausen — 2012-05-23T08:35:57

Hi

So I just upgraded to Nmap 6. While testing I ran into this little 
problem:

C:\Temp\server-lans>nmap -T3 -sn 10.80.0.0/16 -dd -vv

Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-23 10:30 Romance 
Daylight Time
Winpcap present, dynamic linked to: WinPcap version 4.1.2 (packet.dll 
version 4.1.0.2001), based on libpcap version 1.0 branch 1_0_rel0b 
(20091008)
NPF service is already running.
Fetchfile found C:\Program Files\Nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
get_srcaddr: can't connect socket: The requested address is not valid in 
its context.
nexthost: failed to determine route to 10.80.0.0
QUITTING!

However, there is connectivity to 10.80.0.0/16, e.g.

Zenmap crash

John York — 2012-05-25T18:08:22

Version: 6.00
Traceback (most recent call last):
  File "zenmapGUI\ScanInterface.pyo", line 247, in filter_hosts
  File "zenmapCore\NetworkInventory.pyo", line 498, in apply_filter
  File "zenmapCore\NetworkInventory.pyo", line 448, in _match_all_args
  File "zenmapCore\NetworkInventory.pyo", line 458, in match_keyword
  File "zenmapCore\NetworkInventory.pyo", line 471, in match_os
  File "zenmapCore\SearchResult.pyo", line 155, in match_os
KeyError: 'osmatches'

I am new to Zenmap.  I have a large scan (internal /23 network) and I was trying to use the Filter Hosts function.  I put 164.106.20.169 in the Host Filter box.  I also tried !164.106.20.169 and crashed there too.

Thanks
John


John York
Network Engineer
Blue Ridge Community College
1 College Lane, Weyers Cave, VA
540-453-2255


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Version: 6.00 Traceback

Yashartha Chaturvedi — 2012-05-25T19:55:31

Version: 6.00
Traceback (most recent call last):
  File "zenmapGUI\ScanInterface.pyo", line 231, in filter_toggle_toggled
  File "zenmapGUI\ScanInterface.pyo", line 247, in filter_hosts
  File "zenmapCore\NetworkInventory.pyo", line 498, in apply_filter
  File "zenmapCore\NetworkInventory.pyo", line 448, in _match_all_args
  File "zenmapCore\NetworkInventory.pyo", line 458, in match_keyword
  File "zenmapCore\NetworkInventory.pyo", line 471, in match_os
  File "zenmapCore\SearchResult.pyo", line 155, in match_os
KeyError: 'osmatches'

~
With Regards:
*Yashartha Chaturvedi* <http://about.me/yashartha.chaturvedi>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Possible Bug NMAP 6.00

Naami, Tim — 2012-05-24T16:29:35

To Whom It May Concern:

I am attempting to perform a list scan of a Class B subnet (nmap -sL 10.150.0.0/16).  This is under Windows XP SP3 using Zenmap 6.00 (downloaded May 23rd).  The scan produces no output and gives a splash error:

===========================
Microsoft Visual C++ Runtime Library

Runtime Error!

Program: C:\Program Files\Nmap\zenmap.exe

This application has requested the Runtime to terminate in an unusual way.
==========================


I can scan a Class C subnet just fine.  I can use my Linux 5.51 version to scan a Class B just fine.

Any other such bug reports?  Any suggestions?

Thank you,

Tim Naami






     ___________________________________________

This message may contain confidential information which may be protected by Federal Law. Do not share this protected information without specific permission. If this message was sent to you in error, please reply to notify the author of the error and then delete this message.





_______________________________________________

Nmap 6.00 Installer Script

Siamac — 2012-05-24T11:11:21

Hi,
I'm using Nmap for years. You've done a great work.
In this last stable release -6.00-, the NSIS installer source found on
"nmap-6.00.tar.bz2\nmap-6.00\mswin32\nsisNmap.nsi" is outdated.
I don't have access to repository so I think it's good to report.

Thanks.

Bug with nmap 6.00

Rob Shapland — 2012-05-25T09:28:35

Hi,

I'm having an issue with the latest version of nmap, that is not a problem
in version 5.51.

- Doing a -sS scan of port 3389/tcp on my target in nmap 6.00, the port is
returned as filtered.

- Doing *exactly *the same scan with nmap 5.51, port is returned as open.

- A -sT scan returns port as open with both versions.

- Full scan settings: nmap -sS -PN <target> -p3389.

- Using Wireshark to capture the traffic, in version 5.51 the syn, syn ack
and RST packets can be seen. Doing the same in nmap 6.00, no packets at all
are captured being sent to or from the target.

- Operating system of my machine is Windows 7 Professional 64 bit, winpcap
version is 4.1.2. Wireshark 1.6.8 Rev 42761. Windows Firewall is switched
off, no other firewall software.

If you need any further information (I can't reveal the target IP address)
please feel free to contact me. For the moment I will revert to nmap 5.51.

Kind regards,

Rob
_______________________________________________
Sent through the nmap-dev mailing list
http:

nmap 6 issue

Jerry Riedel — 2012-05-25T19:34:09

Windows XP Pro SP3 in a Windows domain environment. Zenmap/Nmap 5.0 w/Winpcap 4.1.2 works fine.

Uninstalled 5.0 and ran 6.0 binary installer. Tried using the existing winpcap 4.1.2 and then uninstalled and tried with the bundled winpcap 4.1.2 and got the same error:

Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-25 13:11 Mountain Daylight Time
NSE: Loaded 93 scripts for scanning.
NSE: Script Pre-scanning. get_srcaddr: can't connect socket: The requested address is not valid in its context.
nexthost: failed to determine route to 192.168.0.0
QUITTING!

Command line in Zenmap is:

nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 192.168.0.0/24

Tried nmap -iflist and my LAN adapter is eth0, so tried this:

nmap -T4 -A -v -PE -PS22,25,80 -PA21,23,80,3389 -e eth0 192.168.0.0/24

... and got the same results.

Uninstalled 6.0, reinstalled 5.0 and it works fine.

Google doesn't show much about this error except in the context of development of older versions.

If it matters, I have the ShrewSoft VPN client inst

nexthost: failed to determine route to

Richard Roberts — 2012-05-23T21:18:48

Just installed nmap 6.0 on windows 7 64bit.  Whenever I try to scan any
host it fails to determine the route.  I've listed some of the basic
information below, any help would be greatly appreciated.

The only way I've been able to get it to scan is by using the
--unprivileged option.

-=[OUTPUT FROM "nmap -T4 -F 10.150.16.1"]=-
=============================================================
Starting Nmap 6.00 ( http://nmap.org ) at 2012-05-23 15:06 Mountain
Daylight Time

nexthost: failed to determine route to 10.150.16.1

QUITTING!


-=[OUTPUT FROM "nmap --route-dst 10.150.16.1"]=-
=============================================================
10.150.16.1
eth0 eth0 srcaddr 10.150.16.73 direct


-=[OUTPUT FROM "route print"]=-
=============================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      10.150.16.1     10.150.16.73     10


-=[OUTPUT FROM "nmap --iflist"]=-
========================

Crash report

Paul Howe — 2012-05-24T20:45:56

Command was nmap -sS -sU -p U:69,123 -T4 -A -v ip.address

Version: 6.00

Traceback (most recent call last):

  File "zenmapGUI\ScanInterface.pyo", line 539, in verify_execution

  File "zenmapGUI\ScanInterface.pyo", line 581, in load_from_command

  File "zenmapCore\NetworkInventory.pyo", line 143, in add_scan

  File "zenmapCore\NetworkInventory.pyo", line 217, in _update_host_info

  File "zenmapCore\NmapParser.pyo", line 675, in get_port_protocol_dict

ValueError: invalid literal for int() with base 10: ''

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

nmap 6 and Mac OS X Binaries

kurtz le pirate — 2012-05-26T08:51:36

Hello,

Not realy a bug but at http://nmap.org/download.html it's written :
"The programs have been tested on Intel and PowerPC
computers running Mac OS X 10.4 and later"
That's wrong. v6.00 is NOT PowerPC compatible, Only Intel :(


Other thing : thanks for nmap !

Using Teredo to overcome lack of raw socket privileges

Kasper Dupont — 2012-05-23T18:57:36

I did a grep through the nmap-6.00 and no such feature seems
to exist so far. And I tried to search the mailing-list
archives, and I found no indication that it has been
considered before, so I'd like to ask what people think of
this idea.

Usually in order to make use of all the features in nmap,
you need to have raw socket privileges. Without it, you are
limited in what you can do. But with IPv6 there is another
option, which I think is worth considering.

The Teredo protocol was originally designed to tunnel IPv6
through IPv4 NAT gateways. It does that by tunnelling all
IPv6 packets through UDP. However since using a UDP port
does not require raw socket privileges, nmap could take
advantage of it as well.

Running a Teredo client and nmap on the same host requires
privileges for both, but the privileges in that case is only
required for the communication between the Teredo client and
nmap running on the same machine. If a Teredo client was
built into nmap, the need for privileges would be reduced to
just

bug report v6.00: Host Filter, Windows 7

Jordan Schroeder — 2012-05-23T17:22:55

Version: 6.00
Traceback (most recent call last):
  File "zenmapGUI\ScanInterface.pyo", line 247, in filter_hosts
  File "zenmapCore\NetworkInventory.pyo", line 498, in apply_filter
  File "zenmapCore\NetworkInventory.pyo", line 448, in _match_all_args
  File "zenmapCore\NetworkInventory.pyo", line 458, in match_keyword
  File "zenmapCore\NetworkInventory.pyo", line 471, in match_os
  File "zenmapCore\SearchResult.pyo", line 155, in match_os
KeyError: 'osmatches'

This trace occurred as a result of using the Host Filter after a scan. I entered "10.10.96" into the filter and hit 'enter'.

I had not saved the scan before the crash and lost all the data I had collected. I will save scans right away next time, but you can agree that the ability to save data before a full shutdown would be desirable.

OS: Win 7 Enterprise SP1 x64 (all latest updates as of May 23, 2012)
CPU: Intel i7 2.93 GHz
RAM: 16GB
Python: 3.2.3 (64-bit)



Jordan Schroeder, CEH, OCP, MCITP, MSCE
Technical Support Analyst III, Security

Family

nmap v6.00 - problem with installed wlan interfaces

Tom Eichstaedt — 2012-05-24T11:47:03

Hi all,


nmap v6.00 has problems if a wlan interface is installed/activated.
OS: GNU/Linux 3.0


My findings (nmap 5.51 vs nmap 6.00):

=======================================================================

(1) nmap 5.51 with deactivated wlan interface (--iflist):

Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-24 12:59 CEST
************************INTERFACES************************
DEV   (SHORT) IP/MASK          TYPE        UP MTU   MAC
lo    (lo)    127.0.0.1/8      loopback    up 16436
lan-1 (lan-1) 10.100.0.10/24   ethernet    up 1500  00:30:18:4B:9E:CD
wan-1 (wan-1) 192.168.2.1/24   ethernet    up 1500  00:30:18:4B:9E:CC
ppp0  (ppp0)  xxx.xxx.xxx.xxx/32 point2point up 1492

**************************ROUTES**************************
DST/MASK         DEV   GATEWAY
217.0.118.108/32 ppp0
10.100.0.0/24    lan-1
192.168.2.0/24   wan-1
0.0.0.0/0        ppp0  xxx.xxx.xxx.xxx

=======================================================================

(2) nmap 6.00 with deactivated wlan interface (--iflist):

Nmap 5.61TEST5 compile error freebsd 6.4

Infraservice hostmaster — 2012-05-24T14:49:28

gmake[1]: Entering directory `/var/usr/ports/security/nmap/work/nmap-5.61TEST5/libnetutil'
c++ -c -I../liblinear -I/usr/include/lua -I/usr/local/include/lua51 -I../libdnet-stripped/include -I/usr/local/include  -I/usr/local/include -I../nbase -I../nsock/include -DHAVE_CONFIG_H -D_FORTIFY_SOURCE=2 -O2 -fno-strict-aliasing -pipe -I/usr/local/include -Wall -fno-strict-aliasing netutil.cc -o netutil.o
In file included from netutil.cc:127:
/usr/include/netinet/ip.h:160: error: `n_long' does not name a type
/usr/include/netinet/ip.h:163: error: `n_long' does not name a type
gmake[1]: *** [netutil.o] Error 1
gmake[1]: Leaving directory `/var/usr/ports/security/nmap/work/nmap-5.61TEST5/libnetutil'
gmake: *** [netutil_build] Error 2
*** Error code 1

  --------- 8< --------- 8< --------- 8< --------- 8< --------- 8< ---------

[FIX]

--- netutil.cc.20120306002012-03-06 22:39:11.000000000 -0500
+++ netutil.cc2012-05-21 09:25:23.000000000 -0400
< at >< at > -123,6 +123,12 < at >< at >
  #define NET_IF_H
  #endif
  #endif
+
+#ifndef NET

New VA Modules: MSF: 2

New VA Module Alert Service — 2012-05-26T17:00:19

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== Metasploit modules (2) ==

r15336 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/linux/http/webid_converter.rb
WeBid converter.php Remote PHP Code Injection

r15337 http://metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/ftp/quickshare_traversal_write.rb
QuickShare File Share 1.2.1 Directory Traversal Vulnerability
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

nmap v6.00 - problems if a wlan interface is installed/activated

Tom Eichstaedt — 2012-05-26T11:41:33

Hi all,


nmap v6.00 has problems if a wlan interface is installed/activated.
OS: GNU/Linux 3.0


My findings (nmap 5.51 vs nmap 6.00):

=======================================================================

(1) nmap 5.51 with deactivated wlan interface (--iflist):

Starting Nmap 5.51 ( http://nmap.org ) at 2012-05-24 12:59 CEST
************************INTERFACES************************
DEV   (SHORT) IP/MASK          TYPE        UP MTU   MAC
lo    (lo)    127.0.0.1/8      loopback    up 16436
lan-1 (lan-1) 10.100.0.10/24   ethernet    up 1500  00:30:18:4B:9E:CD
wan-1 (wan-1) 192.168.2.1/24   ethernet    up 1500  00:30:18:4B:9E:CC
ppp0  (ppp0)  xxx.xxx.xxx.xxx/32 point2point up 1492

**************************ROUTES**************************
DST/MASK         DEV   GATEWAY
217.0.118.108/32 ppp0
10.100.0.0/24    lan-1
192.168.2.0/24   wan-1
0.0.0.0/0        ppp0  xxx.xxx.xxx.xxx

=======================================================================

(2) nmap 6.00 with deactivated wlan interface (--iflist):

rmiregistry default configuration vulnerability script

Aleksandar Nikolic — 2012-05-25T18:48:07

Hi All,

I've written a script to test rmiregistry servers for this default
configuration
vulnerability which allows remote class loading and therefore remote
code execution.

There is a Metasploit exploit for this vulnerability.

To test it , you just need to run rmiregistry which comes with
any JRE installation (rmiregistry.exe on Windows, rmiregistry on Linux)
and then run the script against it.

I've attached the script and a small patch for rmi.lua library as I needed
one function to add raw data as arguments to writeMethodCall.
The sciript contains already serialized data, it was easier to do it
that way then implement the whole serialization in the library.
For additional info , see references in the script.

Please tell me if you have any comments and suggestions.


Thanks,
Aleksandar
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

mysql-brute using brute library

Aleksandar Nikolic — 2012-05-25T18:33:15

Hi All,

I rewrote the mysql-brute script to use brute library.
I've commited it to trunk as per David's suggestion.

Here is the sample output with timing:

PORT     STATE SERVICE
3306/tcp open  mysql
| mysql-brute:
|   Accounts
|     No valid accounts found
|   Statistics
|_    Performed 2290 guesses in 600 seconds, average tps: 4

Nmap done: 1 IP address (1 host up) scanned in 602.52 seconds

And here is the output of the old script:

PORT     STATE SERVICE
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 605.47 seconds

No noticeable increase in speed I'm afraid.
I've tested it agains my own server without default passwords on purpose.

Any suggestions?

Thanks,
Aleksandar
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

New VA Modules: OpenVAS: 28, MSF: 1, Nessus: 1

New VA Module Alert Service — 2012-05-25T17:01:50

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (28) ==

r13497 841014 gb_ubuntu_USN_1449_1.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/gb_ubuntu_USN_1449_1.nasl?root=openvas&view=markup
Ubuntu Update for feedparser USN-1449-1

r13497 secpod_google_sketchup_detect_macosx.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/secpod_google_sketchup_detect_macosx.nasl?root=openvas&view=markup
Google SketchUp Version Detection (Mac OS X)

r13497 802785 gb_adobe_flash_professional_jpg_obj_bof_vuln_macosx.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/scripts/gb_adobe_flash_professional_jpg_obj_bof_vuln_macosx.nasl?root=openvas&view=markup
Adobe Flash Professional JPG Object Processing BOF Vulnerability (Mac OS
X)

r13497 802788 gb_adobe_illustrator_mult_unspecified_vuln_macosx.nasl
http://wald.intevation.org/scm/viewvc.php/trunk/openvas-plugins/sc

Question: Nmap on Github

Daniel Miller — 2012-05-25T01:41:39

Hey list,

Does anyone know who is running the Nmap repo on Github? It's at
https://github.com/nmap/nmap and there is no name associated with it.
I would like to fork it for keeping track of my modifications and
submissions, but I'm not sure if I should trust it, since the owner
could conceivably modify the code any way they like.

Dan
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

[patch] Modify prototype for PortList::nextPort and get_port

Daniel Miller — 2012-05-24T21:03:36

List,

I'm proposing a change with this patch that won't make any difference to 
users, but changes the way a couple functions are called to make them 
more straightforward for developers. Patch attached.

I ran into this while working on my XML-structured-output patch, which 
needed some TLC with regard to memory management. Previously, calling 
PortList::nextPort required passing a Port object by reference, which 
would be modified with simple assignment to return the next port. The 
downside I ran into was that this prevents modifying Port objects with 
any heap-allocated structures without implementing a copy constructor, 
and that would be a lot of overhead for most calls, which discard a 
large number of Ports until the one desired is found. Fortunately, this 
return value was not used in any of the existing calls, since the 
function also returns a pointer to the Port object. It seemed 
straightforward to just trim out the parameter, saving the hassle and a 
small amount of stack memory from not needi