getting NT_STATUS_WERR_ACCESS_DENIED from winreg.openhkpd
smb-system-info.nse:131:
attempt to perform arithmetic on field 'number_of_processors' (a string value)
stack traceback:
smb-system-info.nse:131: in function 'get_info_registry'
smb-system-info.nse:182: in function <smb-system-info.nse:180>
(tail call): ?
* Adding path-mtu.nse for Path MTU Discovery
* Nmap now stores the MTU for interfaces (from SIOCGIFMTU or libdnet)
* Scripts can access the MTU for host.interface via host.interface_mtu
* Nmap prints the MTU for interfaces in --iflist
The scripts are:
- oracle-brute uses the brute and tns library to perform password guessing
- oracle-enum-users attempts to determine valid Oracle user names
[Patrik]
Domino oriented scripts:
- domino-enum-users.nse guesses users and attempts to download ID files by
exploiting (CVE-2006-5835).
- domino-enum-passwords attempts to download Internet passwords and ID files
from the web server.
- domcon-brute performs password guessing against the remote console.
- domcon-cmd adds support for running custom remote console commands.
[Patrik]
- informix-brute uses the brute framework to perform password guessing
- informix-query add support for running SQL queries against Informix
- informix-tables lists table- and column-names for a given database
[Patrik]
first was that pos was declared as a local variable and shadowed the pos
parameter. The second was that when multiple WWW-Authenticate headers
were present, the wrong pos would be returned after reading the first
one. The arrow shows the pos it was returning:
Digest realm="My Site", domain="/", Basic realm="My Site"
^
It now returns this correct pos, ready to read the next challenge:
Digest realm="My Site", domain="/", Basic realm="My Site"
^
This was a problem I had already solved for Ncat but I copied the logic
imperfectly to http.lua.
non-whitespace characters, the position counter was advanced one past
where it was supposed to be. This didn't have any bad effect when the
server used CRLF to separate header fields, because it ate the CR and
still recognized LF as ending the field. But it concatenated multiple
header fields when the server only used LF to separate them.
empty password in our password list. If you want to turn it off, it
would be better to provide an interface that allows an iterator to throw
out certain passwords.
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)
to this:
socket:connect(host, port)
connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
