[prev in list] [next in list] [prev in thread] [next in thread]
List: nmap-dev
Subject: Bug in ncat?
From: Pierluigi Vittori <pierluigi.vittori () gmail ! com>
Date: 2014-06-26 14:18:31
Message-ID: CA+a7n19psAJBwPTWfszixB6OH955qQ4XnqT7pPb8f4ifgDt3iQ () mail ! gmail ! com
[Download RAW message or body]
Hi there,
I think I found a small bug in ncat, namely in the code that builds
the authentication string in the socks5 protocol.
The original code writes the PLEN byte in the wrong position and then
gets overwritten by the password string itself.
Here's the patch, it works for me with my authenticated ss5 server:
diff -u -r nmap-6.46.orig/ncat/ncat_connect.c ../nmap-6.46/ncat/ncat_connect.c
--- nmap-6.46.orig/ncat/ncat_connect.c 2014-02-20 22:22:22.000000000 +0100
+++ ../nmap-6.46/ncat/ncat_connect.c 2014-06-26 08:07:36.682892626 +0200
@@ -723,7 +723,7 @@
memcpy(socks5auth.data+1,username,strlen(username));
len = 2 + strlen(username); // (version + strlen) + username
- socks5auth.data[len]=strlen(password);
+ socks5auth.data[len-1]=strlen(password);
memcpy(socks5auth.data+len,password,strlen(password));
len += 1 + strlen(password);
Hope it helps.
Ciao,
Pierluigi
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic