Skip to content

Detect if binding an rlogin socket to a given port failed and retry. #3196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Detect if binding an rlogin socket to a given port failed and retry. #3196

wants to merge 1 commit into from

Conversation

@nnposter
Copy link

@nnposter nnposter commented Oct 7, 2025
edited
Loading

As pointed out in #2646, the rlogin-brute script can randomly fail due to:

  • Selecting source ports from a range that is off by one
  • Lacking validation that the used socket was successfully bound to the chosen local port

Regarding the second bullet, the original PR has borrowed a similar code from rpc.lua, which unfortunately is not working as expected either, due to socket:connect() not failing even if the invoked mksock_bind_addr() fails. (See #1939. A fix, working around this behavior, is proposed in #3194).

This PR borrows the code from #3194 to address both issues.

It will be merged in after November 1 unless concerns are raised.

P.S. It begs the question whether this code should not be abstracted out and placed in one of the NSE libraries, but a cursory review of the existing scripts and libraries indicates that the code would be used only in these two locations.

P.P.S. It would be up to somebody with more intimate knowledge of Nsock to determine whether socket:connect() should change its behavior and fail upon failing mksock_bind_addr().

@nnposter nnposter self-assigned this Oct 7, 2025
@nnposter nnposter added bug NSE script NSE script labels Oct 7, 2025
@nnposter nnposter mentioned this pull request Oct 7, 2025
Closed
MegaManSec
MegaManSec approved these changes Oct 8, 2025
View reviewed changes
Copy link

@MegaManSec MegaManSec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

@nnposter nnposter force-pushed the lowport-rlogin-brute branch from 0cc64d3 to 417d0d4 Compare October 11, 2025 03:36
@nmap-bot nmap-bot closed this in f5a3251 Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@MegaManSec MegaManSec MegaManSec approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@nnposter nnposter

Labels

bug NSE script NSE script

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nnposter @MegaManSec