search

TKCERT / winnti-nmap-script

Nmap Script to scan for Winnti infections
GNU General Public License v3.0
70 stars 11 forks source link

Error when running script #1

Closed silascutler closed 6 years ago

silascutler commented 6 years ago

Nmap is throwing the following error: Tested on 7.25 Beta1 and 7.01

Nmap 7.25BETA1 ( https://nmap.org ) at 2018-03-09 20:22 EST
NSE: failed to initialize the script engine:
/root/nmap-7.20BETA/nse_main.lua:254: /usr/share/nmap/scripts/winnti-detect.nse:268: ')' expected near '&'
stack traceback:
    [C]: in function 'assert'
    /root/nmap-7.20BETA/nse_main.lua:254: in function 'loadscript'
    /root/nmap-7.20BETA/nse_main.lua:582: in function 'new'
    /root/nmap-7.20BETA/nse_main.lua:805: in function 'get_chosen_scripts'
    /root/nmap-7.20BETA/nse_main.lua:1252: in main chunk
    [C]: in ?

QUITTING!
Starting Nmap 7.01 ( https://nmap.org ) at 2018-03-09 20:11 EST
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:254: /usr/bin/../share/nmap/scripts/winnti-detect.nse:268: ')' expected near '&'
stack traceback:
        [C]: in function 'assert'
        /usr/bin/../share/nmap/nse_main.lua:254: in function 'loadscript'
        /usr/bin/../share/nmap/nse_main.lua:582: in function 'new'
        /usr/bin/../share/nmap/nse_main.lua:805: in function 'get_chosen_scripts'
        /usr/bin/../share/nmap/nse_main.lua:1249: in main chunk
        [C]: in ?

QUITTING!

Error is at:

local wnti_get_helo_pkt = function()
  local l1 = math.random(1, 0xffffffff)
  local l2 = os.time()
  local l3 = math.random(1, 0xffffffff)

>>>  local t3 = ( ( (l3 & 0xffff) << 16) | ((l3 & 0xffff0000) >> 16) )
  local l0 = t3 ~ l2

  local pkt_helo = string.pack("<I4I4I4I4", l0, l1, l2, l3)

  stdnse.debug("Constructed HELO packet: %s", tohex(pkt_helo))

  return pkt_helo
end
sruester commented 6 years ago

Please try at least 7.25BETA2 instead of 7.25BETA1. Run the script with debugging option -d and post the output here. Also check which lua version you're using with ldd $(which nmap). It should be at least 5.3 and 5.3.3 works for me. It might also be a configuration problem as from the message you posted I can see that you run 7.25BETA1 but the scripts are taken from /root/nmap-7.20BETA

sruester commented 6 years ago

I added installation instructions to README. Please try them out.