Re: [Plugins-writers] problems with NASL SSH feature / local checks

From: Nicolas Pouvesle (nico.pou@private)
Date: Tue Sep 28 2004 - 06:50:52 PDT


Could you try the following patch and give us feedback ?
It should fix both problems.

In the loop, the variable 'i' was overwritten during send_ssh_packet
(Renaux fixed it).

For the size of your file, it was limitted to 32768 bytes. This patch
should allow you to receive 19MB of data.


Nicolas



Le mardi 28 septembre 2004 à 11:38 +0000, Boris Wolf a écrit :
> Hi,
> 
> I played a bit with the new local scan / SSH features in
> NASL and found a couple of strange things:
> 
> 1. I tried to write a NASL script to retrieve certain
> report files (text files) from a remote machine. My code
> looks somewhat like this:
> 
> # ... SSH login procedure ...
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report.txt", timeout:60);
> 
> if (buf) {
> 	my_report += buf;
> }
> 
> # ...
> 
> security_note(port:port, data:my_report);
> 
> Everything works fine with this code but when the report.txt file
> reaches a certain size my NASL script simply hangs and times out
> after a while. My report file was 350K. I reduced its size in steps
> and around a file size of 10K the script starts working again.
> Any idea what the problem might be?
> 
> 2. My second problem is really strange and I'm wondering if I'm
> overlooking anything obvious... ;)
> 
> It also has to do with the new SSH capability.
> 
> I tried a script looking like this
> 
> # ... SSH login procedure ...
> 
> for (i=1; i<=3; i++) {
>   buf = ssh_cmd(socket:sock, cmd:"cat report"+i+".txt", timeout:60);
>   if (buf) {
>     my_report += buf;
>   }
> }
> 
> security_note(port:port, data:my_report);
> 
> It seems this script only executes the first iteration of the loop 
> and then silently dies. If I rewrite the script
> 
> # ... SSH login procedure ...
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report1.txt", timeout:60);
> my_report += buf;
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report2.txt", timeout:60);
> my_report += buf;
> 
> buf = ssh_cmd(socket:sock, cmd:"cat report3.txt", timeout:60);
> my_report += buf;
> 
> security_note(port:port, data:my_report);
> 
> then everything works fine. It almost seems like ssh_cmd() and 
> for-loops don't like each other.
> 
> Does anyone have similar experience? Any suggestions are greatly
> appreciated.
> 
> Best,
> Boris
> 
> 
> 
> _______________________________________________
> Plugins-writers mailing list
> Plugins-writers@private
> http://mail.nessus.org/mailman/listinfo/plugins-writers
-- 
Nicolas Pouvesle <nico.pou@private>



_______________________________________________
Plugins-writers mailing list
Plugins-writers@private
http://mail.nessus.org/mailman/listinfo/plugins-writers



This archive was generated by hypermail 2.1.3 : Tue Sep 28 2004 - 06:55:09 PDT