Hi Christian/Santu Can you verify and fix this issue on next nvt feed?
br, Eero 2017-02-10 5:24 GMT+02:00 Dan ½ <[email protected]>: > I see. Thanks for the pointer, Eero. > > That makes sense now, I suppose, but the nmap syntax is wrong. > > Instead of: > > nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O > 1463,15197,25097,38204,46226,55374 10.56.6.40 > > it should be: > > nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O -p > 1463,15197,25097,38204,46226,55374 10.56.6.40 > > Aha! And I see the [subtle] bug too! The variable i, used for the argv > indexing, is overwritten and during the random port list construction. I've > confirmed in my local openvas installation that the fix can be as simple > as: > > $ diff gb_nmap_os_detection.nasl gb_nmap_os_detection_fixed.nasl > 132c132 > < for( i = 1; i <= numClosedPorts; i++ ) { > --- > > for( j = 1; j <= numClosedPorts; j++ ) { > 137c137 > < while( i + closedPort >< portList ) { > --- > > while( j + closedPort >< portList ) { > 140c140 > < portList += "," + i + closedPort; > --- > > portList += "," + j + closedPort; > > > How can I become a contributor to help fix the script (and/or any other > script in which I encounter bugs)? > > Thanks! > > Daniel > > > > > Daniel Popescu > 818-625-0823 > > On Thu, Feb 9, 2017 at 6:27 PM, Eero Volotinen <[email protected]> > wrote: > >> OS detections adds 5 random ports to commandline: >> >> http://plugins.openvas.org/nasl.php?oid=108021 >> >> >> >> -- >> Eero >> >> 2017-02-10 3:24 GMT+02:00 Dan ½ <[email protected]>: >> >>> Hi folks, >>> >>> I'm encountering a strange issue wherein ports that I'm certain are open >>> are not being reported as open. I have a target host where I KNOW that TCP >>> port 1463 is open. >>> >>> I kick off a scan using a custom port list that contains only 1 TCP >>> port, 1463, created via >>> >>> omp -u admin -w *** --xml '<create_port_list> <name>scribe only</name> >>> <comment>scribe only</comment> <port_range>T:1463</port_range> >>> </create_port_list>' >>> >>> I then poll for nmap commands and I see the following: >>> >>> # while true; do ps auxwww | grep [n]map; sleep 1; done >>> root 154390 0.0 0.0 43448 5348 ? D 01:02 0:00 nmap >>> --reason -sP --send-ip -PE 10.56.6.40 >>> root 154394 0.0 0.0 167000 51032 ? S 01:02 0:00 >>> openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/pl >>> ugins/nmap.nasl) >>> root 154396 0.0 0.0 43584 5188 ? R 01:02 0:00 nmap >>> -n -P0 -oG /tmp/nmap-10.56.6.40-167506994 -sT -p T:1463 -T 3 10.56.6.40 >>> root 154438 0.0 0.0 167528 51488 ? S 01:02 0:00 >>> openvassd: testing 10.56.6.40 (/usr/local/var/lib/openvas/pl >>> ugins/gb_nmap_os_detection.nasl) >>> root 154440 54.0 0.0 69620 26404 ? S 01:02 0:00 nmap >>> -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O >>> 1463,15197,25097,38204,46226,55374 >>> 10.56.6.40 >>> >>> >>> What's up with the "-O 1463,15197,25097,38204,46226,55374" part? The >>> output from running that nmap command in the foreground looks like: >>> >>> >>> root@22552df8a23f:/# nmap -n -sV -oN /tmp/nmap-10.56.6.40-567162054 -O >>> 1463,15197,25097,38204,46226,55374 10.56.6.40 >>> >>> Starting Nmap 5.51 ( http://nmap.org ) at 2017-02-10 01:11 UTC >>> Invalid target host specification: 1463,15197,25097,38204,46226,55374 >>> QUITTING! >>> >>> >>> That list of random ports seems to vary on each run (except for the >>> first number, 1463, which is consistent with what i've requested to be >>> scanned). Not sure where it's coming from, but I'm fairly certain that this >>> is what's causing the issue that I'm seeing where known open ports are not >>> being reported. >>> >>> I'm on ubuntu 14.04 (trusty), openvas8 built from source on the >>> published tarballs on http://www.openvas.org/install-source.html. >>> >>> Any ideas on where that random list is coming from? and why it's not >>> being passed with "-p"? Is that possibly what's causing this issue or is it >>> a red herring? >>> >>> >>> Daniel Popescu >>> 818-625-0823 <(818)%20625-0823> >>> >>> _______________________________________________ >>> Openvas-discuss mailing list >>> [email protected] >>> https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/o >>> penvas-discuss >>> >> >> >
_______________________________________________ Openvas-discuss mailing list [email protected] https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
