search

nmap / nmap

Nmap - the Network Mapper. Github mirror of official SVN repository.
https://svn.nmap.org/
Other
9.87k stars 2.37k forks source link

Lua/NSE error - ssh-auth-methods.nse #1014

Open FrankSpierings opened 6 years ago

FrankSpierings commented 6 years ago

I receive the following error (ip removed):

NSE: ssh-auth-methods against #.#.#.#:22 threw an error!
ERROR
stack traceback:
    [C]: in function 'libssh2.session_open'
    /usr/local/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
    /usr/local/bin/../share/nmap/scripts/ssh-auth-methods.nse:33: in function </usr/local/bin/../share/nmap/scripts/ssh-auth-methods.nse:30>
    (...tail calls...)

This occurs when a ssh connection can not be actually made. "The SYN cookies are a lie". They make nmap think the port is open.

dmiller-nmap commented 6 years ago

Thanks for the report. It looks like we should be checking for Lua errors thrown by libssh2 functions, so I'll add that in. Then we will be able to just treat this as a failed connection without cluttering the debug output with errors.

FrankSpierings commented 6 years ago

That would help me out quite a bit!

kuchynkap commented 3 years ago

I receive this error even on version 7.80:

NSE: Starting ssh-auth-methods against #.#.#.#:22. NSE: ssh-auth-methods against #.#.#.#:22 threw an error! /usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake. stack traceback: [C]: in function 'libssh2.session_open' /usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect' /usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:31> (...tail calls...)

Version info: Nmap version 7.80 ( https://nmap.org ) Platform: x86_64-pc-linux-gnu Compiled with: liblua-5.3.3 openssl-1.1.1d nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.9.1 nmap-libdnet-1.12 ipv6 Compiled without: Available nsock engines: epoll poll select

AsaiKen commented 1 year ago

I also got this error on Ubuntu 22.04 LTS, nmap 7.80. This nmap was installed with "apt" command. Is there any workaround for this?

normal log

$ nmap localhost -p22 --script=ssh-auth-methods.nse
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-19 05:04 JST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000069s latency).
Other addresses for localhost (not scanned): ::1

PORT   STATE SERVICE
22/tcp open  ssh
|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds

debug log

$ nmap localhost -p22 --script=ssh-auth-methods.nse -d
Starting Nmap 7.80 ( https://nmap.org ) at 2023-01-19 05:03 JST
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 05:03
Completed NSE at 05:03, 0.00s elapsed
Initiating Ping Scan at 05:03
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 05:03, 0.00s elapsed (1 total hosts)
Overall sending rates: 18018.02 packets / s.
mass_rdns: Using DNS server 127.0.0.53
Initiating Connect Scan at 05:03
Scanning localhost (127.0.0.1) [1 port]
Discovered open port 22/tcp on 127.0.0.1
Completed Connect Scan at 05:03, 0.00s elapsed (1 total ports)
Overall sending rates: 21276.60 packets / s.
NSE: Script scanning 127.0.0.1.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 05:03
NSE: Starting ssh-auth-methods against localhost (127.0.0.1:22).
NSE: ssh-auth-methods against localhost (127.0.0.1:22) threw an error!
/usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake.
stack traceback:
        [C]: in function 'libssh2.session_open'
        /usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
        /usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:31>
        (...tail calls...)

Completed NSE at 05:03, 0.01s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up, received syn-ack (0.000073s latency).
Other addresses for localhost (not scanned): ::1
Scanned at 2023-01-19 05:03:21 JST for 0s

PORT   STATE SERVICE REASON
22/tcp open  ssh     syn-ack
Final times for host: srtt: 73 rttvar: 3763  to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 05:03
Completed NSE at 05:03, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.20 seconds
huornlmj commented 1 year ago

Same here: ssh-auth-methods: ERROR: Script execution failed (use -d to debug) nmap 

$ nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.0 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
$ uname -a
Linux REDACTED 5.19.0-32-generic #33~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Jan 30 17:03:34 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
huornlmj commented 1 year ago

On my system I installed nmap via Ubuntu's APT, and I get the above errors. However If I clone the repo on the same machine and ./configure / make, then try the same scan, the ssh-auth-method script works without error.

dsl101 commented 1 year ago

No such luck for me :(. I get the same error with the APT package and a local build...

# /usr/local/bin/nmap --version
Nmap version 7.94 ( https://nmap.org )
Platform: x86_64-unknown-linux-gnu
Compiled with: nmap-liblua-5.4.4 openssl-1.1.1 libssh2-1.8.0 libz-1.2.11 libpcre-8.39 nmap-libpcap-1.10.4 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

and 

# uname -a
Linux REDACTED 4.15.0-163-generic #171-Ubuntu SMP Fri Nov 5 11:55:11 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

and

NSE: ssh-auth-methods against REDACTED threw an error!
/usr/local/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake.
stack traceback:
        [C]: in function 'libssh2.session_open'
        /usr/local/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
        /usr/local/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/local/bin/../share/nmap/scripts/ssh-auth-methods.nse:31>
        (...tail calls...)

Completed NSE at 13:21, 0.04s elapsed
sliddjur commented 2 months ago

Same error. on a raspberry pi 4 with ubuntu 22.04.

rpi4:~$ nmap --version
Nmap version 7.80 ( https://nmap.org )
Platform: aarch64-unknown-linux-gnu
Compiled with: liblua-5.3.6 openssl-3.0.2 nmap-libssh2-1.8.2 libz-1.2.11 libpcre-8.39 libpcap-1.10.1 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select

rpi4:~$ uname -a
Linux rpi4 5.15.0-1055-raspi #58-Ubuntu SMP PREEMPT Sat May 4 03:52:40 UTC 2024 aarch64 aarch64 aarch64 GNU/Linux

rpi4:~$ dpkg -l | grep libssh
ii  libssh-4:arm64                  0.9.6-2ubuntu0.22.04.3                  arm64        tiny C SSH library (OpenSSL flavor)
ii  libssh-gcrypt-4:arm64           0.9.6-2ubuntu0.22.04.3                  arm64        tiny C SSH library (gcrypt flavor)
ii  libssh2-1:arm64                 1.10.0-3                                arm64        SSH2 client-side library

Same error as above user

rpi4:~$ nmap localhost -p22 --script=ssh-auth-methods.nse
Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-03 10:01 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00048s latency).

PORT   STATE SERVICE
22/tcp open  ssh
|_ssh-auth-methods: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 0.77 seconds

rpi4:~$ nmap localhost -p22 --script=ssh-auth-methods.nse -d
Starting Nmap 7.80 ( https://nmap.org ) at 2024-07-03 10:01 CEST
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI: 
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:01
Completed NSE at 10:01, 0.00s elapsed
Initiating Ping Scan at 10:01
Scanning localhost (127.0.0.1) [2 ports]
Completed Ping Scan at 10:01, 0.00s elapsed (1 total hosts)
Overall sending rates: 2375.30 packets / s.
mass_rdns: Using DNS server 127.0.0.53
Initiating Connect Scan at 10:01
Scanning localhost (127.0.0.1) [1 port]
Discovered open port 22/tcp on 127.0.0.1
Completed Connect Scan at 10:01, 0.00s elapsed (1 total ports)
Overall sending rates: 1663.89 packets / s.
NSE: Script scanning 127.0.0.1.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:01
NSE: Starting ssh-auth-methods against localhost (127.0.0.1:22).
NSE: ssh-auth-methods against localhost (127.0.0.1:22) threw an error!
/usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: Unable to complete libssh2 handshake.
stack traceback:
    [C]: in function 'libssh2.session_open'
    /usr/bin/../share/nmap/nselib/libssh2-utility.lua:36: in method 'connect'
    /usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:34: in function </usr/bin/../share/nmap/scripts/ssh-auth-methods.nse:31>
    (...tail calls...)

Completed NSE at 10:01, 0.04s elapsed
Nmap scan report for localhost (127.0.0.1)
Host is up, received syn-ack (0.00051s latency).
Scanned at 2024-07-03 10:01:50 CEST for 0s

PORT   STATE SERVICE REASON
22/tcp open  ssh     syn-ack
Final times for host: srtt: 510 rttvar: 3811  to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 10:01
Completed NSE at 10:01, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.78 seconds