You are not logged in.

#1 2018-09-16 15:55:49

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Receiving Segmentation fault (core dumped) on nbtscan

Hi, i just installed Arch on my VM and have been trying to do nbtscan on my network but receiving " Segmentation fault (core dumped) " on running the command, i have been a debian user for quite long and never received such error on nbtscan, i thought it must be some dependency file error of my distro so tried the same command on Manjaro and received the same message.

Later i tried this on Black arch and it worked like a charm but i dont want to switch to black arch as it contains loads of tool which i am in no need of, as a security guy i want my distro with applications of my choices only so switched from Kali to Arch.
Any help will be appreciated resolving this segmentation fault issue.
Thank you. smile

Offline

#2 2018-09-16 17:09:59

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 8,407
Website

Re: Receiving Segmentation fault (core dumped) on nbtscan

How did you install nbtscan, and how are you trying to run it? What is the full output?


Sakura:-
Mobo: MSI X299 TOMAHAWK ARCTIC // Processor: Intel Core i7-7820X 3.6GHz // GFX: nVidia GeForce GTX 970 // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 5x 1TB HDD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#3 2018-09-16 17:41:19

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

i installed it with command " sudo pacman -S nbtscan "
and ran it with command " nbtscan <IP> "

[root@archlinux ~]# nbtscan 192.168.0.1/24
Doing NBT name scan for addresses from 192.168.0.1/24

IP address       NetBIOS Name     Server    User             MAC address     
------------------------------------------------------------------------------
192.168.0.0    Sendto failed: Permission denied
Segmentation fault (core dumped)
[root@archlinux ~]#

This is the o/p i got.. But instead of segementation fault i should have got all other ip's which are connected to my network.

Offline

#4 2018-09-16 17:46:32

WorMzy
Forum Moderator
From: Scotland
Registered: 2010-06-16
Posts: 8,407
Website

Re: Receiving Segmentation fault (core dumped) on nbtscan

Take a look at the core dump, and see what the backtrace looks like.

https://wiki.archlinux.org/index.php/Co … _core_dump


Sakura:-
Mobo: MSI X299 TOMAHAWK ARCTIC // Processor: Intel Core i7-7820X 3.6GHz // GFX: nVidia GeForce GTX 970 // RAM: 32GB (4x 8GB) Corsair DDR4 (@ 3000MHz) // Storage: 1x 3TB HDD, 5x 1TB HDD, 2x 120GB SSD, 1x 275GB M2 SSD

Making lemonade from lemons since 2015.

Offline

#5 2018-09-16 18:17:08

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

[root@archlinux ~]# coredumpctl info match
No coredumps found.
[root@archlinux ~]# coredumpctl gdb match
No match found.
[root@archlinux ~]# (gdb)
GNU gdb (GDB) 8.2
Copyright (C) 2018 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-pc-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word".
(gdb) bt
No stack.
(gdb)

This is what i got on backtrace.

Offline

#6 2018-09-16 18:19:53

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

Also on using "coredumpctl list"
TIME                            PID   UID   GID SIG COREFILE  EXE
Thu 2018-09-13 01:38:07 IST    1627  1000   985  11 missing   /usr/bin/gnome-co>
Thu 2018-09-13 10:52:10 IST    1288     0     0  11 missing   /usr/bin/nbtscan

it's saying missing on corefile..

Offline

#7 2018-09-16 18:31:59

loqs
Member
Registered: 2014-03-06
Posts: 6,402

Re: Receiving Segmentation fault (core dumped) on nbtscan

Please try the following

gdb nbtscan
run  192.168.0.1/24 #wait for the segmentation fault
bt

Offline

#8 2018-09-16 19:24:44

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

IP address       NetBIOS Name     Server    User             MAC address     
------------------------------------------------------------------------------
192.168.0.0    Sendto failed: Permission denied

Program received signal SIGSEGV, Segmentation fault.
0x00005555555557fd in ?? ()
(gdb) bt
#0  0x00005555555557fd in ?? ()
#1  0x00007ffff7de6223 in __libc_start_main () from /usr/lib/libc.so.6
#2  0x0000555555555eba in ?? ()

Here's the output.

Offline

#9 2018-09-16 19:42:22

loqs
Member
Registered: 2014-03-06
Posts: 6,402

Re: Receiving Segmentation fault (core dumped) on nbtscan

See Debug_-_Getting_Traces for steps to rebuild the nbtscan package with debug symbols.

Offline

#10 2018-09-16 19:47:48

RoundCube
Member
Registered: 2016-05-14
Posts: 26

Re: Receiving Segmentation fault (core dumped) on nbtscan

I filled a bug report a month ago, which however didn't receive attention.
FS#59669

Offline

#11 2018-09-16 21:50:41

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

Permission is denied on the broadcast address (.0) and it segfaults on the gateway (.1) - all other addresses seem fine here.
So to mitigate the problem: nbtscan 192.168.0.2-255

Is nbtscan actually still maintained? The upstream domain seems down.

It segfaults in nbtscan.c:537 "delta = rtt - srtt;"
Trying to inject printf("%f - %f - %f\n", rtt, srtt, delta); causes the segfault to move to line 532, so we got a nice stack overflow here.
If somebody has a valgrind that does not run into https://bugs.archlinux.org/task/59551, you might want to throw that against nbtscan.

Offline

#12 2018-09-16 21:58:10

loqs
Member
Registered: 2014-03-06
Posts: 6,402

Re: Receiving Segmentation fault (core dumped) on nbtscan

valgrind nbtscan 192.168.0.1/24
==20862== Memcheck, a memory error detector
==20862== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==20862== Using Valgrind-3.14.0.GIT and LibVEX; rerun with -h for copyright info
==20862== Command: nbtscan 192.168.0.1/24
==20862== 
Doing NBT name scan for addresses from 192.168.0.1/24

IP address       NetBIOS Name     Server    User             MAC address      
------------------------------------------------------------------------------
192.168.0.0	Sendto failed: Permission denied
192.168.0.3      REDACTED             <server>  <unknown>        REDACTED
==20862== 
==20862== HEAP SUMMARY:
==20862==     in use at exit: 4,951 bytes in 151 blocks
==20862==   total heap usage: 158 allocs, 7 frees, 7,630 bytes allocated
==20862== 
==20862== LEAK SUMMARY:
==20862==    definitely lost: 3,652 bytes in 146 blocks
==20862==    indirectly lost: 0 bytes in 0 blocks
==20862==      possibly lost: 0 bytes in 0 blocks
==20862==    still reachable: 1,299 bytes in 5 blocks
==20862==         suppressed: 0 bytes in 0 blocks
==20862== Rerun with --leak-check=full to see details of leaked memory
==20862== 
==20862== For counts of detected and suppressed errors, rerun with: -v
==20862== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 0 from 0)

Offline

#13 2018-09-16 22:17:09

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

Yeahno, beyond valgrind. Linking in ASAN

==19889==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000040 (pc 0x562730adcf6c bp 0x7ffe6e5a6d20 sp 0x7ffe6e5a67e0 T0)
==19889==The signal is caused by a READ memory access.
==19889==Hint: address points to the zero page.
    #0 0x562730adcf6b in main /tmp/nbtscan-1.5.1a/nbtscan.c:534
    #1 0x7f3fff2c2222 in __libc_start_main (/usr/lib/libc.so.6+0x24222)
    #2 0x562730addd5d in _start (/tmp/nbtscan-1.5.1a/nbtscan+0x6d5d)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /tmp/nbtscan-1.5.1a/nbtscan.c:534 in main
==19889==ABORTING

So it would seem hostinfo->header->transaction_id is invalid, likely because parse_response() is parsing some nonsense.
The code says "Copyright (C) Andrew Tridgell 1992-199" resp. " Copyright (C) 1999-2003 Alla Bezroutchko" what does not sound very promising…

Offline

#14 2018-09-17 06:57:21

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

What do you suggest i should now? As per my knowledge nbtscan is still maintained and works fine in Debian and Black Arch. As a security guy nbtscan is one of the basic tool which i need during my work.

Offline

#15 2018-09-17 12:22:22

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

Contact the maintainer, report a bug. Apparently something in the gateway response changed, likely kernel version  related.
But the upstream URL is down, the wikipedia page links some über-dated version and the copyright notes in the code are 15 years and older - I frankly wouldn't hold my breath for a response.

As mentioned before, to mitigate the issue shortterm, you can exclude the gateway from scanning.

A crude "fix" would be to

return NULL;

instead of

return hostinfo;

in statusq.c:328

The code leaks like shit anyway and this is more robust, since the structure writes cause some overflow, moving the hostinfo memory address to 0x40…

Offline

#16 2018-09-17 17:24:53

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

If its so, then why does the same package works in Black Arch, its a arch linux distro only right !
Maybe if you want i can check on black arch and compare the results on vanilla to solve this issue??

Offline

#17 2018-09-17 17:45:23

loqs
Member
Registered: 2014-03-06
Posts: 6,402

Re: Receiving Segmentation fault (core dumped) on nbtscan

@ColdFusionX at best that would be another workaround.  nbtscan takes input from the network and does not parse it safely for all possible input values.
Even if it does parse the input it still leaks memory.
Edit:
grammar missing and

Last edited by loqs (2018-09-17 17:46:03)

Offline

#18 2018-09-17 19:32:17

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

The memory leaks are semi-neglectable, it's not a daemon and the processed information is small (at least by todays standards)
As for black arch: since it seems to be some repo on top of arch, but seems to distribute an own version of nbtscan(?) i'd look up that PKGBUILD and compare it w/ that in the community repo.
Also I'd link ASAN into that one just to see whether it's really bug-free.

Still, I doubt this code is maintained. Netbios is pretty much dead (ok: dying since a decade or so ;-)

Offline

#19 2018-09-18 07:16:59

ColdFusionX
Member
Registered: 2018-09-16
Posts: 16

Re: Receiving Segmentation fault (core dumped) on nbtscan

@seth tell me if you need something, maybe i'll be able to help
PS: not a arch pro yet so try to give me a easy task tongue

Offline

#20 2018-09-18 07:33:14

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

The PKGBUILD from blackarch (or a link to their repo, couldn't find it on their website)
If they use the same sources and no patch, you'll have to build nbtscan locally and link in ASAN, by adding " -fsanitize=address -fno-omit-frame-pointer" to the CFLAGS. Then run it. ASAN should tell you if there's something wrong.

Offline

#21 2018-10-15 09:14:27

kokoko3k
Member
Registered: 2008-11-14
Posts: 1,762

Re: Receiving Segmentation fault (core dumped) on nbtscan

Package from blackarch gives segmentation fault to me.
http://blackarch.mirror.garr.it/mirrors … pkg.tar.xz
...anyway, i found another tool, named nbtscan too, that does the same thing, and works:
http://unixwiz.net/tools/nbtscan.html

Tried the precompiled binary, works pretty much the same with the following:

./nbtscan-1.0.35-redhat-linux -w 1 -T 0 -m 192.168.0.1-254

Last edited by kokoko3k (2018-10-15 09:16:43)

Offline

#22 2018-10-15 13:45:03

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

Windows 9x, NT and 2000

binary works on Red Hat Linux 6.0 - 8.0, Debian "woody", and Mandrake 8.1

It's what I had considered the dated version, linked on wikipedia. But on a glimpse, the code looks different (and the copyright info does as well)
I'd however try to compile it, this binary is ~16 years old.

Offline

#23 2018-10-16 15:26:22

kokoko3k
Member
Registered: 2008-11-14
Posts: 1,762

Re: Receiving Segmentation fault (core dumped) on nbtscan

It builds flawlessly smile

Offline

#24 2018-10-16 15:42:23

seth
Member
Registered: 2012-09-03
Posts: 8,964

Re: Receiving Segmentation fault (core dumped) on nbtscan

You might want to raise that w/ the nbtscan maintainer and either incorporate the workaround or switch to the different source base (whatever he feels more comfortable with - also might depend on usage compatibility)
Usually this isn't a valid downstream bug, but again: I'd say *both* projects are as rotten as netbios, so this is unlikely ever to be fixed upstream.

Offline

Board footer

Powered by FluxBB