Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Mongodb Nmap NSE script fails #1802

Closed
26ayushagarwal opened this issue Oct 31, 2019 · 1 comment
Closed

Mongodb Nmap NSE script fails #1802

26ayushagarwal opened this issue Oct 31, 2019 · 1 comment
Assignees
Labels

Comments

@26ayushagarwal
Copy link

@26ayushagarwal 26ayushagarwal commented Oct 31, 2019

Hello,

While running mongodb scripts fail with error message.

Nmap Version : 7.80

/usr/bin/../share/nmap/nselib/mongodb.lua:379: bad argument #2 to 'pack' (unsigned overflow)
stack traceback:
[C]: in function 'string.pack'
/usr/bin/../share/nmap/nselib/mongodb.lua:379: in method 'addUnsignedInt32'
/usr/bin/../share/nmap/nselib/mongodb.lua:421: in function </usr/bin/../share/nmap/nselib/mongodb.lua:416>
(...tail calls...)
/usr/bin/../share/nmap/scripts/mongodb-brute.nse:77: in upvalue 'needsAuth'
/usr/bin/../share/nmap/scripts/mongodb-brute.nse:97: in function </usr/bin/../share/nmap/scripts/mongodb-brute.nse:95>
(...tail calls...)

@26ayushagarwal 26ayushagarwal changed the title Mongodb NSE script fails Mongodb Nmap NSE script fails Oct 31, 2019
@nnposter nnposter added bug NSE labels Nov 12, 2019
@nnposter

This comment has been minimized.

Copy link

@nnposter nnposter commented Nov 12, 2019

Thank you for reporting the issue. Could you please validate that the following minimalist patch rectifies it?

--- nselib/mongodb.lua.orig     2019-02-02 18:40:29.517567300 -0700
+++ nselib/mongodb.lua  2019-11-11 18:37:16.574910400 -0700
@@ -127,7 +127,7 @@
   end
   dbg("Packet length is %d",length)
   --Final pack
-  return true, string.pack("<I4z", length, elements)
+  return true, string.pack("<I4", length) .. elements .. "\0"
 end

 -- Reads a null-terminated string. If length is supplied, it is just cut
@@ -418,7 +418,7 @@
   packet:addUnsignedInt32(0); -- options
   packet:addString(collectionName);
   packet:addUnsignedInt32(0) -- number to skip
-  packet:addUnsignedInt32(-1) -- number to return : no limit
+  packet:addUnsignedInt32(0xFFFFFFFF) -- number to return : no limit
   local status, error = packet:addBSON(query)

   if not status then

If yes, I would then ask you to test another patch, which is slightly larger but cleaner.

@nmap-bot nmap-bot closed this in 67fe6bb Nov 17, 2019
@nnposter nnposter self-assigned this Nov 17, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.