New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Nmap error: nmap: netutil.cc:3285: int route_dst_netlink(const sockaddr_storage*... #385

Open
tokyoneon opened this Issue Nov 6, 2018 · 8 comments

Comments

Projects
None yet
2 participants
@tokyoneon
Copy link

tokyoneon commented Nov 6, 2018

Describe the bug:

Using privileged scan types (-sU) with Nmap returns the following error:

nmap: netutil.cc:3285: int route_dst_netlink(const sockaddr_storage*, route_nfo*, const char*, const sockaddr_storage*): Assertion `p != NULL` failed.

To Reproduce:

  1. Create a Debian App.

  2. Add Kali repos:

     echo 'deb https://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list
    
  3. Add Kali signing key:

     wget -q -O - https://www.kali.org/archive-key.asc | apt-key add -
    
  4. Update and install Nmap:

     apt-get update && apt-get install nmap -y
    
  5. Perform Nmap scan as root:

     nmap -Pn -n -sU -A --top-ports 10 <target ip address>
    

Screenshot:

nmap_error

Device Information:

Device: Nexus 6P
Android Version: 8.1.0
UserLAnd Version 1.0.0

Some network/routing info:

# android/userland can see the router
$ ping 10.42.0.1

PING 10.42.0.1 (10.42.0.1) 56(84) bytes of data.
64 bytes from 10.42.0.1: icmp_seq=1 ttl=64 time=12.3 ms
64 bytes from 10.42.0.1: icmp_seq=2 ttl=64 time=14.0 ms
64 bytes from 10.42.0.1: icmp_seq=3 ttl=64 time=13.3 ms
64 bytes from 10.42.0.1: icmp_seq=4 ttl=64 time=3.62 ms
64 bytes from 10.42.0.1: icmp_seq=5 ttl=64 time=106 ms
64 bytes from 10.42.0.1: icmp_seq=6 ttl=64 time=67.10 ms
64 bytes from 10.42.0.1: icmp_seq=7 ttl=64 time=3.54 ms
64 bytes from 10.42.0.1: icmp_seq=8 ttl=64 time=8.27 ms

# normal routing table; only one gateway
$ route -n 

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.42.0.0       0.0.0.0         255.255.255.0   U     0      0        0 wlan0

# dns requests go over 10.42.0.1
$ cat /etc/resolv.conf 
nameserver 10.42.0.1

# access to internet without errors
$ curl 'https://wtfismyip.com/json'

 {
   "YourFuckingIPAddress": "185.220.100.252",
   "YourFuckingLocation": "Germany",
   "YourFuckingISP": "F3 Netze e.V.",
   "YourFuckingCountryCode": "DE"
}
@corbinlc

This comment has been minimized.

Copy link
Collaborator

corbinlc commented Nov 13, 2018

Hmm... looks like it had trouble getting the name associated with the network interface. Can you enable proot logging (from settings enable it and turn the verbosity level to 9), then rerun the failing commands and then grab the PRoot_Debug_Log file from your (real or emulated) sdcard and send it to us one way or the other?

@tokyoneon

This comment has been minimized.

Copy link
Author

tokyoneon commented Nov 13, 2018

Thanks! Here you go:

@corbinlc

This comment has been minimized.

Copy link
Collaborator

corbinlc commented Nov 13, 2018

Sorry, can you provide the list of commands you ran when you were creating that debug log file. I am seeing a bit more than just the nmap call. If you don't remember exactly, can you delete the old debug log (from the settings) and repeat what you did and provide both the PRoot_Debug_Log and the copy and paste of what you ran in the term and what responses you got.

@corbinlc

This comment has been minimized.

Copy link
Collaborator

corbinlc commented Nov 13, 2018

PRoot logs are very low level so I need to understand what is going on at a higher level to unravel it. If will probably ultimately be trying flow out myself, but if you could provide this one more piece of data for now, that would help.

@tokyoneon

This comment has been minimized.

Copy link
Author

tokyoneon commented Nov 13, 2018

PRoot_Debug_Log.txt.zip
Sorry about that, I wasn't sure if the 50M came from older logs or generated after increasing verbosity. Attached is an updated log. Here's every command I ran:

  1. entered ssh password via ConnectBot
  2. $ su need root for nmap
  3. $ nmap -Pn -n -sTUV --reason -T4 -A --top-ports 15 -vv 10.42.0.1
  4. $ cd /sdcard
  5. $ python3 -m http.server 9999 created an http server to access the debug log from another device on the network
@tokyoneon

This comment has been minimized.

Copy link
Author

tokyoneon commented Nov 17, 2018

@corbinlc is there anything I can do to help with this?

@corbinlc

This comment has been minimized.

Copy link
Collaborator

corbinlc commented Nov 23, 2018

Not now. I am sorry. This specific issue is a little lower down in the priority list right now. That being said, I will update you as soon as I am looking at it and as soon as I need anything. Thanks!

@corbinlc

This comment has been minimized.

Copy link
Collaborator

corbinlc commented Feb 1, 2019

@tokyoneon we still don't have a solution for this, but we saw your article. It is well written. Can we get your permission to use part of the step by step instructions in our README?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment