From b3923483ea0271e1f8042ef5b5e724a33bb89668 Mon Sep 17 00:00:00 2001 From: fyodor Date: Thu, 11 Aug 2005 05:07:01 +0000 Subject: [PATCH] 3.84ALPHA1 release imminant --- CHANGELOG | 25 +- Makefile.in | 2 +- NmapOps.cc | 32 +- configure.ac | 2 +- docs/nmap.usage.txt | 2 +- idle_scan.cc | 5 + libdnet-stripped/NMAP_MODIFICATIONS | 12 +- libdnet-stripped/libdnet-stripped.vcproj | 2 +- libpcre/libpcre.vcproj | 274 +++--- mswin32/nmap.sln | 116 +-- mswin32/nmap.vcproj | 1116 +++++++++++----------- mswin32/winclude.h | 18 - mswin32/winfix.cc | 11 - nmap.cc | 10 +- nmap_winconfig.h | 2 +- osscan.cc | 132 +-- osscan.h | 5 +- portlist.cc | 89 +- scan_engine.cc | 17 +- scripts/Makefile | 2 +- targets.cc | 4 +- tcpip.cc | 2 - 22 files changed, 943 insertions(+), 937 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 9c5a9ac20..04fda6314 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,10 +1,6 @@ # Nmap Changelog ($Id$) -Nmap 3.83DC13 - -o Removed WinIP library (and all Windows raw sockets code) since MS - has gone and broken raw sockets. Maybe packet receipt via raw - sockets will come back at some point. +Nmap 3.84ALPHA1 o Added the ability for Nmap to send and properly route raw ethernet packets cointaining IP datagrams rather than always sending the @@ -85,11 +81,15 @@ o Added "Exclude" directive to nmap-service-probes grammar which probes, etc. If you really want to scan all ports, specify --allports. This patch came from Doug Hoyte (doug(a)hcsw.org). -o Added a stripped-down version of Dug Song's excellent libdnet - networking library (v. 1.10). This helps with the new raw ethernet - features. I made various changes, which are described in +o Added a stripped-down and heavily modified version of Dug Song's + libdnet networking library (v. 1.10). This helps with the new raw + ethernet features. My changes are described in libdnet-stripped/NMAP_MODIFICATIONS +o Removed WinIP library (and all Windows raw sockets code) since MS + has gone and broken raw sockets. Maybe packet receipt via raw + sockets will come back at some point. + o Chagned the interesting ports array from a 65K-member array of pointers into an STL list. This noticeable reduces memory usage in some cases, and should also give a slight runtime performance @@ -115,6 +115,15 @@ o Added a bunch of RPC numbers from nmap-rpc maintainer Eilon Gishri o Added some new RPC services to nmap-rpc thanks to a patch from vlad902 (vlad902(a)gmail.com). +o Fixed a bug where Nmap would quit on Windows whenever it encountered + a raw scan of localhost (including the local ethernet interface + address), even when that was just one address out of a whole network + being scanned. Now Nmap just warns that it is skipping raw scans when + it encounters the local IP, but continues on to scan the rest of the + network. Raw scans do not currently work against local IP addresses + because Winpcap doesn't support reading/writing localhost interfaces + due to limitations of Windows. + o The OS fingerprint is now provided in XML output if debugging is enabled (-d) or verbosity is at least 2 (-v -v). This patch was sent by Okan Demirmen (okan(a)demirmen.com) diff --git a/Makefile.in b/Makefile.in index 804124427..a35d33876 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -export NMAP_VERSION = 3.83.DC17 +export NMAP_VERSION = 3.84ALPHA1 NMAP_NAME= nmap NMAP_URL= http://www.insecure.org/nmap/ NMAP_PLATFORM=@host@ diff --git a/NmapOps.cc b/NmapOps.cc index d7a978d2b..271253592 100644 --- a/NmapOps.cc +++ b/NmapOps.cc @@ -101,7 +101,9 @@ #include "nmap.h" #include "nbase.h" #include "NmapOps.h" +#ifdef WIN32 #include "winfix.h" +#endif NmapOps o; @@ -268,7 +270,11 @@ bool NmapOps::RawScan() { void NmapOps::ValidateOptions() { - +#ifdef WIN32 + const char *privreq = "that WinPcap version 3.1 or higher and iphlpapi.dll be installed. You seem to be missing one or both of these. Winpcap is available from http://www.winpcap.org. iphlpapi.dll comes with Win98 and later operating sytems and NT 4.0 with SP4 or greater. For previous windows versions, you may be able to take iphlpapi.dll from anotyer system and place it in your system32 dir (e.g. c:\\windows\\system32)"; +#else + const char *privreq = "root privileges"; +#endif if (pingtype == PINGTYPE_UNKNOWN) { if (isr00t && af() == AF_INET) pingtype = DEFAULT_PING_TYPES; else pingtype = PINGTYPE_TCP; // if nonr00t or IPv6 @@ -353,35 +359,19 @@ void NmapOps::ValidateOptions() { #endif if (ackscan|finscan|idlescan|ipprotscan|maimonscan|nullscan|synscan|udpscan|windowscan|xmasscan) { -#ifndef WIN32 - fatal("You requested a scan type which requires r00t privileges, and you do not have them.\n"); -#else - win_barf(0); -#endif + fatal("You requested a scan type which requires %s. Sorry dude.\n", privreq); } if (numdecoys > 0) { -#ifndef WIN32 - fatal("Sorry, but you've got to be r00t to use decoys, boy!"); -#else - win_barf(0); -#endif + fatal("Sorry, but decoys (-D) require %s.\n", privreq); } if (fragscan) { -#ifndef WIN32 - fatal("Sorry, but fragscan requires r00t privileges\n"); -#else - win_barf(0); -#endif + fatal("Sorry, but fragscan requires %s\n", privreq); } if (osscan) { -#ifndef WIN32 - fatal("TCP/IP fingerprinting (for OS scan) requires root privileges which you do not appear to possess. Sorry, dude.\n"); -#else - win_barf(0); -#endif + fatal("TCP/IP fingerprinting (for OS scan) requires %s. Sorry, dude.\n", privreq); } } diff --git a/configure.ac b/configure.ac index 81d20fbbf..b17a84144 100644 --- a/configure.ac +++ b/configure.ac @@ -761,4 +761,4 @@ AC_OUTPUT(Makefile) if test -f docs/leet-nmap-ascii-art.txt; then cat docs/leet-nmap-ascii-art.txt fi -echo "Configuration complete. Type make to compile." +echo "Configuration complete. Type make (or gmake on some *BSD machines) to compile." diff --git a/docs/nmap.usage.txt b/docs/nmap.usage.txt index 9f81be9ed..33ae95524 100644 --- a/docs/nmap.usage.txt +++ b/docs/nmap.usage.txt @@ -1,4 +1,4 @@ -Nmap 3.83.DC16 Usage: nmap [Scan Type(s)] [Options] +Nmap 3.84ALPHA1 Usage: nmap [Scan Type(s)] [Options] Some Common Scan Types ('*' options require root privileges) * -sS TCP SYN stealth port scan (default if privileged (root)) -sT TCP connect() port scan (default for unprivileged users) diff --git a/idle_scan.cc b/idle_scan.cc index 8873453d1..3568eeab8 100644 --- a/idle_scan.cc +++ b/idle_scan.cc @@ -962,6 +962,11 @@ void idle_scan(Target *target, u16 *portarray, int numports, if (target->timedOut(NULL)) return; + if (target->ifType() == devt_loopback) { + log_write(LOG_STDOUT, "Skipping Idle Scan against %s -- you can't idle scan your own machine (localhost).\n", target->NameIP()); + return; + } + target->startTimeOutClock(NULL); /* If this is the first call, */ diff --git a/libdnet-stripped/NMAP_MODIFICATIONS b/libdnet-stripped/NMAP_MODIFICATIONS index 81e525359..0cd887051 100644 --- a/libdnet-stripped/NMAP_MODIFICATIONS +++ b/libdnet-stripped/NMAP_MODIFICATIONS @@ -31,9 +31,15 @@ o A number of portability changes to remove errors/warnings during o Added libdnet-stripped.vcproj -- A Visual Studio.Net project file for dnet. -o Changed eth_open() in eth-win32.c to more frequently consider the -results of PacketGetAdapterNames() to be in single-char format rather -than 2-byte wide characters. +o Rewrote eth_open() for Win32 as its technique for translating from + a dnet-named interface to a pcap-named one did not work on any of my + systems. + +o Added intf_get_pcap_devname() function for Win32. This tries to + convert a dnet if name into its pcap equivalent. It is a hack, but + arguably better than the hacks that were there before. The main + down side is that it won't work with interfaces that don't have an + IPv4 address configured. o Made some code changes to intf.c (the patch below). This does the following: diff --git a/libdnet-stripped/libdnet-stripped.vcproj b/libdnet-stripped/libdnet-stripped.vcproj index ae43dca45..2378c0c13 100755 --- a/libdnet-stripped/libdnet-stripped.vcproj +++ b/libdnet-stripped/libdnet-stripped.vcproj @@ -60,7 +60,7 @@ CharacterSet="2"> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mswin32/nmap.sln b/mswin32/nmap.sln index fae7d0b9d..4ad30794d 100644 --- a/mswin32/nmap.sln +++ b/mswin32/nmap.sln @@ -1,58 +1,58 @@ -Microsoft Visual Studio Solution File, Format Version 8.00 -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nmap", "nmap.vcproj", "{361719F0-AB42-4C93-9DE8-7D2144B96625}" - ProjectSection(ProjectDependencies) = postProject - {5DE86C7A-DE72-4265-8807-4CA38F94F22A} = {5DE86C7A-DE72-4265-8807-4CA38F94F22A} - {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C} = {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C} - {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4} = {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4} - {B630C8F7-3138-43E8-89ED-78742FA2AC5F} = {B630C8F7-3138-43E8-89ED-78742FA2AC5F} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsock", "..\nsock\nsock.vcproj", "{F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}" - ProjectSection(ProjectDependencies) = postProject - {B630C8F7-3138-43E8-89ED-78742FA2AC5F} = {B630C8F7-3138-43E8-89ED-78742FA2AC5F} - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libpcre", "..\libpcre\libpcre.vcproj", "{5DE86C7A-DE72-4265-8807-4CA38F94F22A}" - ProjectSection(ProjectDependencies) = postProject - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nbase", "..\nbase\nbase.vcproj", "{B630C8F7-3138-43E8-89ED-78742FA2AC5F}" - ProjectSection(ProjectDependencies) = postProject - EndProjectSection -EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dnet", "..\libdnet-stripped\libdnet-stripped.vcproj", "{5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}" - ProjectSection(ProjectDependencies) = postProject - EndProjectSection -EndProject -Global - GlobalSection(SolutionConfiguration) = preSolution - Debug = Debug - Release = Release - EndGlobalSection - GlobalSection(ProjectConfiguration) = postSolution - {361719F0-AB42-4C93-9DE8-7D2144B96625}.Debug.ActiveCfg = Debug|Win32 - {361719F0-AB42-4C93-9DE8-7D2144B96625}.Debug.Build.0 = Debug|Win32 - {361719F0-AB42-4C93-9DE8-7D2144B96625}.Release.ActiveCfg = Release|Win32 - {361719F0-AB42-4C93-9DE8-7D2144B96625}.Release.Build.0 = Release|Win32 - {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Debug.ActiveCfg = Debug|Win32 - {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Debug.Build.0 = Debug|Win32 - {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Release.ActiveCfg = Release|Win32 - {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Release.Build.0 = Release|Win32 - {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Debug.ActiveCfg = Debug|Win32 - {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Debug.Build.0 = Debug|Win32 - {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Release.ActiveCfg = Release|Win32 - {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Release.Build.0 = Release|Win32 - {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Debug.ActiveCfg = Debug|Win32 - {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Debug.Build.0 = Debug|Win32 - {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Release.ActiveCfg = Release|Win32 - {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Release.Build.0 = Release|Win32 - {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Debug.ActiveCfg = Debug|Win32 - {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Debug.Build.0 = Debug|Win32 - {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Release.ActiveCfg = Release|Win32 - {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Release.Build.0 = Release|Win32 - EndGlobalSection - GlobalSection(ExtensibilityGlobals) = postSolution - EndGlobalSection - GlobalSection(ExtensibilityAddIns) = postSolution - EndGlobalSection -EndGlobal +Microsoft Visual Studio Solution File, Format Version 8.00 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nmap", "nmap.vcproj", "{361719F0-AB42-4C93-9DE8-7D2144B96625}" + ProjectSection(ProjectDependencies) = postProject + {5DE86C7A-DE72-4265-8807-4CA38F94F22A} = {5DE86C7A-DE72-4265-8807-4CA38F94F22A} + {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C} = {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C} + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4} = {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4} + {B630C8F7-3138-43E8-89ED-78742FA2AC5F} = {B630C8F7-3138-43E8-89ED-78742FA2AC5F} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nsock", "..\nsock\nsock.vcproj", "{F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}" + ProjectSection(ProjectDependencies) = postProject + {B630C8F7-3138-43E8-89ED-78742FA2AC5F} = {B630C8F7-3138-43E8-89ED-78742FA2AC5F} + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "libpcre", "..\libpcre\libpcre.vcproj", "{5DE86C7A-DE72-4265-8807-4CA38F94F22A}" + ProjectSection(ProjectDependencies) = postProject + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "nbase", "..\nbase\nbase.vcproj", "{B630C8F7-3138-43E8-89ED-78742FA2AC5F}" + ProjectSection(ProjectDependencies) = postProject + EndProjectSection +EndProject +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "dnet", "..\libdnet-stripped\libdnet-stripped.vcproj", "{5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}" + ProjectSection(ProjectDependencies) = postProject + EndProjectSection +EndProject +Global + GlobalSection(SolutionConfiguration) = preSolution + Debug = Debug + Release = Release + EndGlobalSection + GlobalSection(ProjectConfiguration) = postSolution + {361719F0-AB42-4C93-9DE8-7D2144B96625}.Debug.ActiveCfg = Debug|Win32 + {361719F0-AB42-4C93-9DE8-7D2144B96625}.Debug.Build.0 = Debug|Win32 + {361719F0-AB42-4C93-9DE8-7D2144B96625}.Release.ActiveCfg = Release|Win32 + {361719F0-AB42-4C93-9DE8-7D2144B96625}.Release.Build.0 = Release|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Debug.ActiveCfg = Debug|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Debug.Build.0 = Debug|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Release.ActiveCfg = Release|Win32 + {F8D6D1E3-D4EA-402C-98AA-168E5309BAF4}.Release.Build.0 = Release|Win32 + {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Debug.ActiveCfg = Debug|Win32 + {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Debug.Build.0 = Debug|Win32 + {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Release.ActiveCfg = Release|Win32 + {5DE86C7A-DE72-4265-8807-4CA38F94F22A}.Release.Build.0 = Release|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Debug.ActiveCfg = Debug|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Debug.Build.0 = Debug|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Release.ActiveCfg = Release|Win32 + {B630C8F7-3138-43E8-89ED-78742FA2AC5F}.Release.Build.0 = Release|Win32 + {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Debug.ActiveCfg = Debug|Win32 + {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Debug.Build.0 = Debug|Win32 + {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Release.ActiveCfg = Release|Win32 + {5328E0BE-BC0A-4C2A-8CB9-CE00B61B9C4C}.Release.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + EndGlobalSection + GlobalSection(ExtensibilityAddIns) = postSolution + EndGlobalSection +EndGlobal diff --git a/mswin32/nmap.vcproj b/mswin32/nmap.vcproj index 11c6680de..52829eea2 100644 --- a/mswin32/nmap.vcproj +++ b/mswin32/nmap.vcproj @@ -1,558 +1,558 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/mswin32/winclude.h b/mswin32/winclude.h index 3e5b23d73..a8c702f5d 100644 --- a/mswin32/winclude.h +++ b/mswin32/winclude.h @@ -74,24 +74,6 @@ #include #include -//#include -#include "winip\winip.h" - -/* This is kind of ugly ... and worse is that windows includes suply an errno that doesn't work as in UNIX, so if a file - forgets to include this, it may use errno and get bogus results on Windows [shrug]. A better appraoch is probably - the nsock_errno() I use in nsock. */ -// #undef errno -// #define errno WSAGetLastError() - -/* Disables VC++ warning: - "integral size mismatch in argument; conversion supplied". Perhaps - I should try to fix this with casts at some point */ -// #pragma warning(disable: 4761) - -/* #define signal(x,y) ((void)0) // ignore for now - // later release may set console handlers -*/ - /* non-functioning stub function */ int fork(); diff --git a/mswin32/winfix.cc b/mswin32/winfix.cc index 1ae6f739b..68d640dc5 100644 --- a/mswin32/winfix.cc +++ b/mswin32/winfix.cc @@ -132,17 +132,6 @@ int pcap_avail = 0; static void win_cleanup(void); static char pcaplist[4096]; -void win_barf(const char *msg) -{ - if(msg) printf("%s\n\n", msg); - printf("\nYour system doesn't have iphlpapi.dll\n\nIf you have Win95, " - "maybe you could grab it from a Win98 system\n" - "If you have NT4, you need service pack 4 or higher\n" - "If you have NT3.51, try grabbing it from an NT4 system\n" - "Otherwise, your system has problems ;-)\n"); - exit(0); -} - void win_init() { // variables diff --git a/nmap.cc b/nmap.cc index c644dd531..b555bfcc8 100644 --- a/nmap.cc +++ b/nmap.cc @@ -107,7 +107,9 @@ #include "timing.h" #include "NmapOps.h" #include "MACLookup.h" +#ifdef WIN32 #include "winfix.h" +#endif using namespace std; @@ -791,6 +793,12 @@ int nmap_main(int argc, char *argv[]) { fatal("You cannot use -F (fast scan) or -p (explicit port selection) with PING scan or LIST scan"); } +#ifdef WIN32 + if (o.sendpref & PACKET_SEND_IP) { + error("WARNING: raw IP (rather than raw ethernet) packet sending attempted on Windows. This probably won't work. Consider --send_eth next time.\n"); + + } +#endif if (spoofmac) { u8 mac_data[6]; int pos = 0; /* Next index of mac_data to fill in */ @@ -1190,7 +1198,7 @@ int nmap_main(int argc, char *argv[]) { // Should be host parallelized. Though rarely takes a huge amt. of time. if (o.osscan) os_scan(currenths); - + /* Now I can do the output and such for each host */ log_write(LOG_XML, ""); write_host_status(currenths, resolve_all); diff --git a/nmap_winconfig.h b/nmap_winconfig.h index 515c90375..fe100e9eb 100644 --- a/nmap_winconfig.h +++ b/nmap_winconfig.h @@ -104,7 +104,7 @@ #ifndef NMAP_WINCONFIG_H #define NMAP_WINCONFIG_H -#define NMAP_VERSION "3.83.DC16" +#define NMAP_VERSION "3.84ALPHA1" #define NMAP_NAME "nmap" #define NMAP_URL "http://www.insecure.org/nmap" #define NMAP_PLATFORM "i686-pc-windows-windows" diff --git a/osscan.cc b/osscan.cc index 6f926f153..04699a037 100644 --- a/osscan.cc +++ b/osscan.cc @@ -159,7 +159,7 @@ int seq_response_num; /* response # for sequencing */ double avg_ts_hz = 0.0; /* Avg. amount that timestamps incr. each second */ struct link_header linkhdr; struct eth_nfo eth; - struct eth_nfo *ethptr; // for passing to send_ functions +struct eth_nfo *ethptr; // for passing to send_ functions if (target->timedOut(NULL)) return NULL; @@ -302,7 +302,7 @@ if (o.verbose && openport != (unsigned long) -1) /* Test 8 */ if (!FPtests[8]) { if (o.scan_delay) enforce_scan_delay(NULL); - upi = send_closedudp_probe(rawsd, target->v4hostip(), o.magic_port, closedport); + upi = send_closedudp_probe(rawsd, ethptr, target->v4hostip(), o.magic_port, closedport); } gettimeofday(&t1, NULL); timeout = 0; @@ -1170,6 +1170,13 @@ int bestaccidx; if (target->timedOut(NULL)) return 1; +#ifdef WIN32 + if (target->ifType() == devt_loopback) { + log_write(LOG_STDOUT, "Skipping OS Scan against %s because it doesn't work against your own machine (localhsot)\n", target->NameIP()); + return 1; + } +#endif + if (o.debugging > 2) { starttimems = o.TimeSinceStartMS(); log_write(LOG_STDOUT|LOG_NORMAL|LOG_SKID, "Initiating OS Detection against %s at %.3fs\n", target->targetipstr(), starttimems / 1000.0); @@ -1699,7 +1706,8 @@ return AVs; } -struct udpprobeinfo *send_closedudp_probe(int sd, const struct in_addr *victim, +struct udpprobeinfo *send_closedudp_probe(int sd, struct eth_nfo *eth, + const struct in_addr *victim, u16 sport, u16 dport) { static struct udpprobeinfo upi; @@ -1729,82 +1737,78 @@ memset(data, patternbyte, datalen); while(!id) id = get_random_uint(); /* check that required fields are there and not too silly */ -if ( !victim || !sport || !dport || sd < 0) { +if ( !victim || !sport || !dport || (!eth && sd < 0)) { fprintf(stderr, "send_closedudp_probe: One or more of your parameters suck!\n"); return NULL; } if (!myttl) myttl = (time(NULL) % 14) + 51; -/* It was a tough decision whether to do this here for every packet - or let the calling function deal with it. In the end I grudgingly decided - to do it here and potentially waste a couple microseconds... */ -sethdrinclude(sd); - for(decoy=0; decoy < o.numdecoys; decoy++) { - source = &o.decoys[decoy]; +for(decoy=0; decoy < o.numdecoys; decoy++) { + source = &o.decoys[decoy]; - memset((char *) packet, 0, sizeof(struct ip) + sizeof(udphdr_bsd)); + memset((char *) packet, 0, sizeof(struct ip) + sizeof(udphdr_bsd)); - udp->uh_sport = htons(sport); - udp->uh_dport = htons(dport); - udp->uh_ulen = htons(8 + datalen); + udp->uh_sport = htons(sport); + udp->uh_dport = htons(dport); + udp->uh_ulen = htons(8 + datalen); - /* Now the psuedo header for checksuming */ - pseudo->source.s_addr = source->s_addr; - pseudo->dest.s_addr = victim->s_addr; - pseudo->proto = IPPROTO_UDP; - pseudo->length = htons(sizeof(udphdr_bsd) + datalen); - - /* OK, now we should be able to compute a valid checksum */ -realcheck = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + - datalen); + /* Now the psuedo header for checksuming */ + pseudo->source.s_addr = source->s_addr; + pseudo->dest.s_addr = victim->s_addr; + pseudo->proto = IPPROTO_UDP; + pseudo->length = htons(sizeof(udphdr_bsd) + datalen); + + /* OK, now we should be able to compute a valid checksum */ + realcheck = in_cksum((unsigned short *)pseudo, 20 /* pseudo + UDP headers */ + + datalen); #if STUPID_SOLARIS_CHECKSUM_BUG - udp->uh_sum = sizeof(udphdr_bsd) + datalen; + udp->uh_sum = sizeof(udphdr_bsd) + datalen; #else -udp->uh_sum = realcheck; + udp->uh_sum = realcheck; #endif - /* Goodbye, pseudo header! */ - memset(pseudo, 0, sizeof(*pseudo)); - - /* Now for the ip header */ - ip->ip_v = 4; - ip->ip_hl = 5; - ip->ip_len = htons(sizeof(struct ip) + sizeof(udphdr_bsd) + datalen); - ip->ip_id = id; - ip->ip_ttl = myttl; - ip->ip_p = IPPROTO_UDP; - ip->ip_src.s_addr = source->s_addr; - ip->ip_dst.s_addr= victim->s_addr; - - upi.ipck = in_cksum((unsigned short *)ip, sizeof(struct ip)); + /* Goodbye, pseudo header! */ + memset(pseudo, 0, sizeof(*pseudo)); + + /* Now for the ip header */ + ip->ip_v = 4; + ip->ip_hl = 5; + ip->ip_len = htons(sizeof(struct ip) + sizeof(udphdr_bsd) + datalen); + ip->ip_id = id; + ip->ip_ttl = myttl; + ip->ip_p = IPPROTO_UDP; + ip->ip_src.s_addr = source->s_addr; + ip->ip_dst.s_addr= victim->s_addr; + + upi.ipck = in_cksum((unsigned short *)ip, sizeof(struct ip)); #if HAVE_IP_IP_SUM - ip->ip_sum = upi.ipck; + ip->ip_sum = upi.ipck; #endif - - /* OK, now if this is the real she-bang (ie not a decoy) then - we stick all the inph0 in our upi */ - if (decoy == o.decoyturn) { - upi.iptl = 28 + datalen; - upi.ipid = id; - upi.sport = sport; - upi.dport = dport; - upi.udpck = realcheck; - upi.udplen = 8 + datalen; - upi.patternbyte = patternbyte; - upi.target.s_addr = ip->ip_dst.s_addr; - } - if (TCPIP_DEBUGGING > 1) { - log_write(LOG_STDOUT, "Raw UDP packet creation completed! Here it is:\n"); - readudppacket(packet,1); - } - - if ((res = send_ip_packet(sd, NULL, packet, ntohs(ip->ip_len))) == -1) - { - perror("send_ip_packet in send_closedupd_probe"); - return NULL; - } - } + + /* OK, now if this is the real she-bang (ie not a decoy) then + we stick all the inph0 in our upi */ + if (decoy == o.decoyturn) { + upi.iptl = 28 + datalen; + upi.ipid = id; + upi.sport = sport; + upi.dport = dport; + upi.udpck = realcheck; + upi.udplen = 8 + datalen; + upi.patternbyte = patternbyte; + upi.target.s_addr = ip->ip_dst.s_addr; + } + if (TCPIP_DEBUGGING > 1) { + log_write(LOG_STDOUT, "Raw UDP packet creation completed! Here it is:\n"); + readudppacket(packet,1); + } + + if ((res = send_ip_packet(sd, eth, packet, ntohs(ip->ip_len))) == -1) + { + perror("send_ip_packet in send_closedupd_probe"); + return NULL; + } +} return &upi; diff --git a/osscan.h b/osscan.h index 5009ebc9c..a2173dbbd 100644 --- a/osscan.h +++ b/osscan.h @@ -123,10 +123,9 @@ int os_scan(Target *target); FingerPrint *get_fingerprint(Target *target, struct seq_info *si); struct AVal *fingerprint_iptcppacket(struct ip *ip, int mss, unsigned int syn); struct AVal *fingerprint_portunreach(struct ip *ip, struct udpprobeinfo *upi); -struct udpprobeinfo *send_closedudp_probe(int rawsd, - const struct in_addr *dest, +struct udpprobeinfo *send_closedudp_probe(int sd, struct eth_nfo *eth, + const struct in_addr *victim, u16 sport, u16 dport); - unsigned int get_gcd_n_ulong(int numvalues, unsigned int *values); unsigned int euclid_gcd(unsigned int a, unsigned int b); char *fp2ascii(FingerPrint *FP); diff --git a/portlist.cc b/portlist.cc index 9e86f66f0..7cd0be38d 100644 --- a/portlist.cc +++ b/portlist.cc @@ -609,56 +609,61 @@ Port *PortList::nextPort(Port *afterthisport, bool allow_portzero) { /* These two are chosen because they come right "before" port 1/tcp */ - unsigned int current_proto = IPPROTO_TCP; - map::iterator iter = tcp_ports.begin(); - -if (afterthisport) { - current_proto = afterthisport->proto; + map::iterator iter; - // This will advacne to one after the current - while (iter != tcp_ports.end() && iter->second->portno <= afterthisport->portno) { - iter++; - } -} - -/* if (afterthisport) - printf("Next Port After %d, %d\n", afterthisport->portno, iter->second->portno); fflush(0); -*/ - - if (!allow_portzero && iter->second && iter->second->portno == 0) iter++; - - -/* First we look for TCP ports ... */ -if (current_proto == IPPROTO_TCP) { - if ((allowed_protocol == 0 || allowed_protocol == IPPROTO_TCP) && - current_proto == IPPROTO_TCP) - while (iter != tcp_ports.end()) { - if (!allowed_state || iter->second->state == allowed_state) { - //printf("Returning %d\n", iter->second->portno); - return iter->second; + if (afterthisport) { + if (afterthisport->proto == IPPROTO_TCP) { + iter = tcp_ports.find(afterthisport->portno); + assert(iter != tcp_ports.end()); + iter++; + while(iter != tcp_ports.end()) { + if (!allowed_state || iter->second->state == allowed_state) + return iter->second; + iter++; } + /* No more TCP ports ... */ + if (allowed_protocol != 0) + return NULL; + + iter = udp_ports.begin(); + } else { + assert(afterthisport->proto == IPPROTO_UDP); + iter = udp_ports.find(afterthisport->portno); + assert(iter != udp_ports.end()); iter++; } - - /* Uh-oh. We have tried all tcp ports, lets move to udp */ - current_proto = IPPROTO_UDP; - iter = udp_ports.begin(); -} - -if ((allowed_protocol == 0 || allowed_protocol == IPPROTO_UDP) && - current_proto == IPPROTO_UDP) { - while (iter != udp_ports.end()) { - if (!allowed_state || iter->second->state == allowed_state) { - //printf("Returning %d\n", iter->second->portno); - return iter->second; + while(iter != udp_ports.end()) { + if (!allowed_state || iter->second->state == allowed_state) + return iter->second; + iter++; + } + return NULL; + } + + // First-time call - try TCP ports first + if (allowed_protocol == 0 || allowed_protocol == IPPROTO_TCP) { + iter = tcp_ports.begin(); + while (iter != tcp_ports.end()) { + if (!allowed_state || iter->second->state == allowed_state) + return iter->second; + iter++; } - iter++; } + + // Maybe we'll have better luck with UDP + if (allowed_protocol == 0 || allowed_protocol == IPPROTO_UDP) { + iter = udp_ports.begin(); + while (iter != udp_ports.end()) { + if (!allowed_state || iter->second->state == allowed_state) + return iter->second; + iter++; + } + } + + // Nuthing found + return NULL; } -/* No more ports */ -return NULL; -} // Move some popular TCP ports to the beginning of the portlist, because // that can speed up certain scans. You should have already done any port diff --git a/scan_engine.cc b/scan_engine.cc index 94ff91ee6..2f6f40030 100644 --- a/scan_engine.cc +++ b/scan_engine.cc @@ -690,7 +690,7 @@ bool GroupScanStats::sendOK() { don't give us a proper pcap time. Also for connect scans, since we don't get an exact response time with them either. */ if (USI->scantype == CONNECT_SCAN || !pcap_recv_timeval_valid()) { - int to_ms = (int) MAX(to.srtt * .75 / 1000, 20); + int to_ms = (int) MAX(to.srtt * .75 / 1000, 50); if (TIMEVAL_MSEC_SUBTRACT(USI->now, last_wait) > to_ms) return false; } @@ -2276,6 +2276,7 @@ static bool do_one_select_round(UltraScanInfo *USI, struct timeval *stime) { recvfrom6_t optlen = sizeof(int); char buf[128]; int numGoodSD = 0; + int err = 0; #ifdef LINUX int res; struct sockaddr_storage sin,sout; @@ -2294,15 +2295,17 @@ static bool do_one_select_round(UltraScanInfo *USI, struct timeval *stime) { timeout.tv_sec = timeleft / 1000; timeout.tv_usec = (timeleft % 1000) * 1000; - if (CSI->numSDs) + if (CSI->numSDs) { selectres = select(CSI->maxValidSD + 1, &fds_rtmp, &fds_wtmp, &fds_xtmp, &timeout); + err = socket_errno(); + } else { /* Apparently Windows returns an WSAEINVAL if you select without watching any SDs. Lame. We'll usleep instead in that case */ usleep(timeleft * 1000); selectres = 0; } - } while (selectres == -1 && socket_errno() == EINTR); + } while (selectres == -1 && err == EINTR); gettimeofday(&USI->now, NULL); @@ -3139,10 +3142,18 @@ void ultra_scan(vector &Targets, struct scan_lists *ports, stype scantype) { UltraScanInfo *USI = NULL; time_t starttime; + if (Targets.size() == 0) { return; } +#ifdef WIN32 + if (scantype != CONNECT_SCAN && Targets[0]->ifType() == devt_loopback) { + log_write(LOG_STDOUT, "Skipping %s against %s because Windows does not support scanning your own machine (localhost) this way.\n", scantype2str(scantype), Targets[0]->NameIP()); + return; + } +#endif + startTimeOutClocks(Targets); USI = new UltraScanInfo(Targets, ports, scantype); diff --git a/scripts/Makefile b/scripts/Makefile index 3820f433a..e28ef718d 100644 --- a/scripts/Makefile +++ b/scripts/Makefile @@ -79,7 +79,7 @@ distro: $(SHTOOL) mkdir /usr/tmp/nmap-$(NMAP_VERSION)/mswin32 cd ../mswin32; cp -ra *.[hHcC] *.cc ARPA NET NETINET RPC icon1.ico \ ifaddrlist.h lib libpcap-note.txt nmap.rc \ - nmap_performance.reg nmap.sln nmap.vcproj winip pcap-include \ + nmap_performance.reg nmap.sln nmap.vcproj pcap-include \ /usr/tmp/nmap-$(NMAP_VERSION)/mswin32 $(SHTOOL) mkdir /usr/tmp/nmap-$(NMAP_VERSION)/$(LIBPCAPDIR) diff --git a/targets.cc b/targets.cc index d03d75310..bc189be3d 100644 --- a/targets.cc +++ b/targets.cc @@ -423,7 +423,7 @@ if (hs->randomize) { /* TODO: Maybe I should allow real ping scan of directly connected ethernet hosts? */ /* Then we do the mass ping (if required - IP-level pings) */ - if (*pingtype == PINGTYPE_NONE) { + if (*pingtype == PINGTYPE_NONE || hs->hostbatch[0]->ifType() == devt_loopback) { for(i=0; i < hs->current_batch_sz; i++) { initialize_timeout_info(&hs->hostbatch[i]->to); hs->hostbatch[i]->flags |= HOST_UP; /*hostbatch[i].up = 1;*/ @@ -1073,7 +1073,7 @@ while(pt->block_unaccounted) { case ECONNREFUSED: case EAGAIN: #ifdef WIN32 -// case WSAENOTCONN: // needed? this fails around here on my system + case WSAENOTCONN: #endif if (sock_err == EAGAIN && o.verbose) { log_write(LOG_STDOUT, "Machine %s MIGHT actually be listening on probe port %d\n", hostbatch[hostindex]->targetipstr(), o.ping_synprobes[p]); diff --git a/tcpip.cc b/tcpip.cc index f43731cf3..6929f95c6 100644 --- a/tcpip.cc +++ b/tcpip.cc @@ -138,8 +138,6 @@ extern void CloseLibs(void); #endif #ifdef WIN32 -#include "mswin32/winip/winip.h" - #include "pcap-int.h" void nmapwin_init();