PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 04:31:29 +00:00
Code Issues Projects Releases Wiki Activity

Use the correct the port range, 512-1023, not 513-1024.

Browse Source 
Detect if binding a socket to a given port failed and retry.
Close #3196
This commit is contained in:
nnposter
2025-11-01 22:52:49 +00:00
parent 8d7fa538e3
commit f5a3251e97
2 changed files with 29 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@@ -3,6 +3,10 @@
o [GH#3194] RPC-based scripts were sporadically failing due to privileged o [GH#3194] RPC-based scripts were sporadically failing due to privileged
port conflicts. [nnposter] port conflicts. [nnposter]
o [GH#3196] Script rlogin-brute was sporadically failing due to using
an off-by-one range for privileged ports and not handling potential
port conflicts. [nnposter]
Nmap 7.98 [2025-08-21] Nmap 7.98 [2025-08-21]
o [SECURITY] Rebuilt the Windows self-installer with NSIS 3.11, addressing o [SECURITY] Rebuilt the Windows self-installer with NSIS 3.11, addressing

48
scripts/rlogin-brute.nse
View File

@@ -51,34 +51,36 @@ Driver = {
end, end,
-- connects to the rlogin service -- connects to the rlogin service
-- it sets the source port to a random value between 513 and 1024 -- it sets the source port to a random value between 512 and 1023
connect = function(self) connect = function(self)
local status, err
local status
self.socket = brute.new_socket() self.socket = brute.new_socket()
-- apparently wee need a source port below 1024 -- Let's make several attempts to bind to an unused well-known port
-- this approach is not very elegant as it causes address already in for _ = 1, 10 do
-- use errors when the same src port is hit in a short time frame. local srcport = math.random(512, 1023)
-- hopefully the retry count should take care of this as a retry status, err = self.socket:bind(nil, srcport)
-- should choose a new random port as source. if status then
local srcport = math.random(513, 1024) self.socket:set_timeout(self.timeout)
self.socket:bind(nil, srcport) status, err = self.socket:connect(self.host, self.port)
self.socket:set_timeout(self.timeout) if status then
local err -- socket:connect() succeeds even if mksock_bind_addr() fails.
status, err = self.socket:connect(self.host, self.port) -- It just assigns an ephemeral port instead of our choice,
-- so we need to check the actual source port afterwards.
if ( status ) then local lport
local lport, _ status, err, lport = self.socket:get_info()
status, _, lport = self.socket:get_info() if status then
if (not(status) ) then if lport == srcport then
return false, "failed to retrieve socket status" return status
end
status = false
err = "Address already in use"
end
end
end end
else
self.socket:close() self.socket:close()
end end
if ( not(status) ) then if not status then
stdnse.debug3("ERROR: failed to connect to server") stdnse.debug2("Unable to bind to a well-known port (%s)", err)
end end
return status return status
end, end,