Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Segmentation fault (core dumped) nmap 7.70 #1587

Open
peyu123 opened this issue May 7, 2019 · 2 comments

Comments

Projects
None yet
3 participants
@peyu123
Copy link

commented May 7, 2019

nmap -P0 -p 22 --script ssh-brute 11.11.11.0/24 -d2 --version-trace --packet-trace

starts to run , then at a point i get this. any ideas?

NSOCK INFO [109.0110s] nsock_write(): Write request for 144 bytes to IOD #178 EID 12683 [11.11.11.62:22]
NSE: [ssh-brute M:178f2d8 11.11.11.9:22] Killed one thread because of PROTOCOL exception
NSE: [ssh-brute M:178f2d8 11.11.11.9:22] Status: #threads = 6, #retry_accounts = 0, initial_accounts_exhausted = false, waiting = 0
NSE: Finished ssh-brute W:1408c18 against 11.11.11.9:22.
NSE: ssh-brute M:1970088 spawning new thread (thread: 0x1a41af8).
NSE: [ssh-brute M:1970088 11.11.11.61:22] Status: #threads = 1, #retry_accounts = 0, initial_accounts_exhausted = false, waiting = 0
NSOCK INFO [109.0110s] nsock_read(): Read request from IOD #172 [11.11.11.9:22] (timeout: 30000ms) EID 12690
NSOCK INFO [109.0110s] nsock_read(): Read request from IOD #175 [11.11.11.9:22] (timeout: 30000ms) EID 12698
NSOCK INFO [109.0110s] nsock_read(): Read request from IOD #177 [11.11.11.54:22] (timeout: 30000ms) EID 12706
Segmentation fault (core dumped)

@dmiller-nmap

This comment has been minimized.

Copy link

commented May 8, 2019

This may be a duplicate of #1227. Is there any way you can build and run the current development version and see if that fixes the crash? Otherwise, we'll probably need the core file or a backtrace to fix this.

@AIVIIVIAL

This comment has been minimized.

Copy link

commented May 8, 2019

Not a maintainer of Nmap, but did some research into an identical crash and filed an issue before digging deep in to a debugger. The ssh-brute script ends up with RIP pointing to 0x00 when it fails to establish an ssh connection and Nmap ends with a segfault. I believe this was fixed by nulling out a pointer in another release. I also believe ensuring that libssh2 is 1.8.2 and not 1.8.0 in the newest release of Nmap fixes this issue and the NSE script will survive a failure to connect.

To reproduce this issue you can likely do nmap --ssh-brute 127.0.0.1 and in another terminal this:echo -e "$(python -c "print 'a'")\r\n\r\n"|nc -nlvp 22

One of the more recent versions of Kali Linux includes this verison of Nmap susceptible to this crash.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.