Apache JServer Protocol requests. [Patrik Karlsson]
o [NSE] Added the script ajp-brute, which enables password brute force auditing
against the Apache JServ Protocol service. [Patrik Karlsson]
GetAdaptersAddresses is supposed to return ERROR_BUFFER_OVERFLOW and set
len to the required size when len is too small. So normally we would
call the function once with a small len, and then again with the longer
len. But, on Windows 2003, apparently you only get ERROR_BUFFER_OVERFLOW
the *first* time you call the function with a too-small len--the next
time you get ERROR_INVALID_PARAMETER. So this function would fail the
second and later times it is called.
So, make the first call using a large len. On Windows 2003, this will
work the first time as long as there are not too many adapters. (It will
still fail with ERROR_INVALID_PARAMETER if there are too many adapters,
but this will happen infrequently because of the large buffer.) Other
systems that always return ERROR_BUFFER_OVERFLOW when appropriate will
enlarge the buffer if the initial len is too short.
Windows resets the connection if we try to reconect too fast to the same port after doing a SYN scan and not completing the handshake. In my tests, sleep values above 0.1s prevent the connection reset so it's set to 0.2 .
An IPMP interface is a special kind of interface made up of other
interfaces. The other interfaces are hidden by default unless this flag
is passed to ioctl(SIOCGLIFCONF). This allows me to scan over an IPMP
interface in a simple setup.
This element is intended to report information about command-line target
specifications. Now it's used with status="skipped" to indicate that a
specification was ignored.
starts an application, and sends a sequence of keystrokes to it. [Patrik
Karlsson]
o [NSE] Added the script mmouse-brute that performs brute force password
auditing against the Mobile Mouse service. [Patrik Karlsson]
This is the way it worked for IPv6 (with the exception of a slash in an
IPv6 address, which has also been made into a warning)--warn about the
bogus specification and carry on with the other targets.
The main use for this is preventing the whole scan from being stopped
when a bad specification appears in a hostgroup after the first.
