Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

smb-brute and other smb scripts crash with error 'bad argument #2 to 'format'' in 'string.format' #1713

Closed
vanjo9800 opened this issue Aug 27, 2019 · 4 comments

Comments

@vanjo9800
Copy link

commented Aug 27, 2019

I installed the new version of Nmap 7.80 and have noticed the following problem when I run any of the smb scripts, I get:

nmap -oX brute-test -Pn -p 445 --script smb-brute -v --script-args=brute.firstonly=true 127.0.0.1 -d

...

NSE: Starting smb-brute against 127.0.0.1.
NSE: [smb-brute 127.0.0.1] SMB: Added account '' to account list
NSE: [smb-brute 127.0.0.1] SMB: Added account 'guest' to account list
NSE: [smb-brute 127.0.0.1] SMB: Login as \guest failed (NT_STATUS_LOGON_FAILURE)
NSE: [smb-brute 127.0.0.1] Remote operating system: Windows 7 Professional 7601 Service Pack 1
NSE: [smb-brute 127.0.0.1] Couldn't detect lockout policy: NT_STATUS_ACCESS_DENIED
NSE: [smb-brute 127.0.0.1] WARNING: couldn't determine lockout policy: Couldn't retrieve lockout policy: NT_STATUS_ACCESS_DENIED
NSE: [smb-brute 127.0.0.1] Trying to get user list from server
NSE: [smb-brute 127.0.0.1] MSRPC: Failed to enumerate users through LSA: NT_STATUS_ACCESS_DENIED
NSE: [smb-brute 127.0.0.1] MSRPC: Failed to enumerate users through SAMR: NT_STATUS_ACCESS_DENIED
NSE: [smb-brute 127.0.0.1] Couldn't enumerate users (normal for Windows XP and higher), using unpwdb initially
NSE: [smb-brute 127.0.0.1] Opening password list
NSE: [smb-brute 127.0.0.1] Starting the initial SMB session
NSE: smb-brute against 127.0.0.1 threw an error!
/usr/bin/../share/nmap/nselib/smb.lua:202: bad argument #2 to 'format' (number expected, got boolean)
stack traceback:
        [C]: in function 'string.format'
        /usr/bin/../share/nmap/nselib/smb.lua:202: in function 'smb.get_status_name'
        /usr/bin/../share/nmap/nselib/smb.lua:1285: in upvalue 'start_session_basic'
        /usr/bin/../share/nmap/nselib/smb.lua:1567: in function 'smb.start_session'
        /usr/bin/../share/nmap/scripts/smb-brute.nse:315: in upvalue 'check_login'
        /usr/bin/../share/nmap/scripts/smb-brute.nse:604: in upvalue 'initialize'
        /usr/bin/../share/nmap/scripts/smb-brute.nse:970: in upvalue 'go'
        /usr/bin/../share/nmap/scripts/smb-brute.nse:1079: in function </usr/bin/../share/nmap/scripts/smb-brute.nse:1067>
        (...tail calls...)

As far as I have looked into the code the error comes from wrong parsing of one of the arguments. Can this be cause by older Lua version, or it is a problem with the new version of Nmap.
(It works with Nmap 7.70 on the same machine)

@vanjo9800

This comment has been minimized.

Copy link
Author

commented Aug 27, 2019

Resolved in #1714

@cnotin

This comment has been minimized.

Copy link

commented Aug 28, 2019

Same issue than with open PR #1480

@vanjo9800

This comment has been minimized.

Copy link
Author

commented Aug 30, 2019

Further issues resolved in #1720

@nnposter nnposter self-assigned this Sep 6, 2019

@nnposter nnposter added bug NSE labels Sep 6, 2019

@nnposter

This comment has been minimized.

Copy link

commented Sep 6, 2019

A fix for this issue has been committed as r37730.

@nmap-bot nmap-bot closed this in ce28753 Sep 6, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.