fix panic in smb javascript template + handle panics in js #4700
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tarunKoyalwar
changed the title
fixed one more panic related to data handling in smbearlier$ nuclei -u xx.yy.ww.zz -t ~/nuclei-templates/javascript/network/smb/smb-anonymous-access.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.7
projectdiscovery.io
[INF] Current nuclei version: v3.1.7 (latest)
[INF] Current nuclei-templates version: v9.7.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 6
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
panic: runtime error: slice bounds out of range [64:35] [recovered]
panic: runtime error: slice bounds out of range [64:35] [recovered]
panic: runtime error: slice bounds out of range [64:35]
goroutine 45 [running]:
github.com/dop251/goja.(*Runtime).RunProgram.func1()
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/runtime.go:1491 +0x310
panic({0x1054aab00?, 0x14000ca5ec0?})
runtime/panic.go:914 +0x218
github.com/dop251/goja.(*vm).handleThrow(0x14000c63e60, {0x1054aab00, 0x14000ca5ec0})
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/vm.go:788 +0x3e0
github.com/dop251/goja.(*vm).runTryInner.func1()
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/vm.go:830 +0x48
panic({0x1054aab00?, 0x14000ca5ec0?})
runtime/panic.go:914 +0x218
github.com/hirochachacha/go-smb2/internal/smb2.PacketCodec.Data(...)
github.com/hirochachacha/go-smb2@v1.1.0/internal/smb2/packet.go:208
github.com/hirochachacha/go-smb2.accept(0x2000?, {0x14000834e10?, 0x140000a4380?, 0x10291c378?})
github.com/hirochachacha/go-smb2@v1.1.0/conn.go:641 +0x4a8
github.com/hirochachacha/go-smb2.(*Negotiator).negotiate(0x14000c911f2, {0x105665e98?, 0x140008b4030}, 0x140008b4018, {0x105663b48, 0x106bcc0c0})
github.com/hirochachacha/go-smb2@v1.1.0/conn.go:122 +0x268
github.com/hirochachacha/go-smb2.(*Dialer).DialContext(0x14000c911f0, {0x105663b48, 0x106bcc0c0}, {0x10566ce70, 0x14000982040})
github.com/hirochachacha/go-smb2@v1.1.0/client.go:62 +0x170
github.com/hirochachacha/go-smb2.(*Dialer).Dial(...)
github.com/hirochachacha/go-smb2@v1.1.0/client.go:34
github.com/projectdiscovery/nuclei/v3/pkg/js/libs/smb.(*SMBClient).ListShares(0x8?, {0x140015010a0?, 0xe?}, 0x5?, {0x10684dca0, 0x1}, {0x10684dca0, 0x1})
github.com/projectdiscovery/nuclei/v3/pkg/js/libs/smb/smb.go:89 +0x264
reflect.Value.call({0x10539a240?, 0x106bcc0c0?, 0x107825fd0?}, {0x1044382a9, 0x4}, {0x14000cc6180, 0x4, 0x0?})
reflect/value.go:596 +0x994
reflect.Value.Call({0x10539a240?, 0x106bcc0c0?, 0x140005c8be0?}, {0x14000cc6180?, 0x140005c9280?, 0x5?})
reflect/value.go:380 +0x94
github.com/dop251/goja.(*Runtime).newWrappedFunc.(*Runtime).wrapReflectFunc.func1({{0x105676768, 0x14000ca8ba0}, {0x1400067fca0, 0x4, 0x6}})
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/runtime.go:2057 +0x2cc
github.com/dop251/goja.(*nativeFuncObject).vmCall(0x140003dfb00, 0x14000c63e60, 0x4)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/func.go:559 +0x16c
github.com/dop251/goja.call.exec(0xc63e60?, 0x14000c63e60)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/vm.go:3366 +0x74
github.com/dop251/goja.(*vm).run(0x14000c63e60)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/vm.go:582 +0x6c
github.com/dop251/goja.(*vm).runTryInner(0x60?)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/vm.go:834 +0x58
github.com/dop251/goja.(*vm).runTry(0x14000c63e60)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/vm.go:820 +0x18c
github.com/dop251/goja.(*Runtime).RunProgram(0x1400019f400, 0x140003a9e00)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/runtime.go:1513 +0x3a8
github.com/dop251/goja.(*Runtime).RunScript(0x140009f0fa8?, {0x0?, 0x140005c38c0?}, {0x140003d5a00?, 0x14000935b60?})
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/runtime.go:1449 +0x60
github.com/dop251/goja.(*Runtime).RunString(...)
github.com/dop251/goja@v0.0.0-20230828202809-3dbe69dd2b8e/runtime.go:1438
github.com/projectdiscovery/nuclei/v3/pkg/js/compiler.(*Compiler).ExecuteWithOptions.func2()
github.com/projectdiscovery/nuclei/v3/pkg/js/compiler/compiler.go:171 +0x30
github.com/projectdiscovery/utils/context.ExecFuncWithTwoReturns[...].func1()
github.com/projectdiscovery/utils@v0.0.75/context/NContext.go:61 +0x30
created by github.com/projectdiscovery/utils/context.ExecFuncWithTwoReturns[...] in goroutine 44
github.com/projectdiscovery/utils@v0.0.75/context/NContext.go:60 +0xa0
$ ./nuclei -u xx.yy.ww.zz -t ~/nuclei-templates/javascript/network/smb/smb-anonymous-access.yaml -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.1.7
projectdiscovery.io
[INF] Current nuclei version: v3.1.7 (latest)
[INF] Current nuclei-templates version: v9.7.4 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 6
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[DBG] [smb-anonymous-access] Dumped Javascript request for xx.yy.ww.zz:445:
Variables:
1. Host => xx.yy.ww.zz
2. Pass =>
3. Port => 445
4. User => address=xx.yy.ww.zz:445
[DBG] [smb-anonymous-access] Javascript Code:
var m = require("nuclei/smb");
var c = m.SMBClient();
var response = c.ListShares(Host, Port, User, Pass);
to_json(response);
[DBG] [smb-anonymous-access] Dumped Javascript response for xx.yy.ww.zz:445:
1. error => GoError: invalid response .... .methodValueCall (native)
2. success => false address=xx.yy.ww.zz:445
[WRN] [smb-anonymous-access] Could not execute request for xx.yy.ww.zz: GoError: invalid response error: broken error response format at reflect.methodValueCall (native)
[INF] No results found. Better luck next time!cc: @DhiyaneshGeek |
ehsandeep
approved these changes
Jan 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Proposed Changes