Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Segmentation fault (core dumped) nmap 7.70 #1587
nmap -P0 -p 22 --script ssh-brute 188.8.131.52/24 -d2 --version-trace --packet-trace
starts to run , then at a point i get this. any ideas?
NSOCK INFO [109.0110s] nsock_write(): Write request for 144 bytes to IOD #178 EID 12683 [184.108.40.206:22]
Not a maintainer of Nmap, but did some research into an identical crash and filed an issue before digging deep in to a debugger. The ssh-brute script ends up with RIP pointing to 0x00 when it fails to establish an ssh connection and Nmap ends with a segfault. I believe this was fixed by nulling out a pointer in another release. I also believe ensuring that libssh2 is 1.8.2 and not 1.8.0 in the newest release of Nmap fixes this issue and the NSE script will survive a failure to connect.
To reproduce this issue you can likely do nmap --ssh-brute 127.0.0.1 and in another terminal this:echo -e "$(python -c "print 'a'")\r\n\r\n"|nc -nlvp 22
One of the more recent versions of Kali Linux includes this verison of Nmap susceptible to this crash.