Npcap(win) Diagreport runs amok if SMB server not running #338
Comments
|
Thanks for reporting this! I'll investigate alternatives. This article seems to be a well-researched discussion of the topic of detecting elevated privileges: https://www.robvanderwoude.com/battech_elevation.php |
|
Ended up using the |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
On Windows, Npcap's DiagReport.bat starts by running the command "net session" and assumes any error from this requires that it asks the OS to rerun it as an Administrator.
This has two fatal flaws:
If "net session" fails for any other reason, "DiagReport.bat" will relaunch itself as administrator in an infinite recursive loop, essentially DOS-ing the shell and window manager, as each relaunch pops up a console window on top of all regular windows, stealing keyboard focus away from any attempts to kill the madness other than an external power off. (Test note: The runaway happens once it is already running as administrator, as there will be no further UAC prompt).
At least on Windows 8.1, if the SMB server service named "LanmanServer" or just "Server" is stopped (as a general OS hardening measure), "net session" will fail with an explicit error message to this effect, triggering this npcap bug.
Manual workaround:
Step 0: If already runaway, log off or power off the computer.
Step 1: Convert DiagReport.bat from LF to CRLF format.
Step 2: Comment out the line "net session >nul 2>&1" near the top of the file.
Step 3: Manually run DiagReport.bat as Administrator ("elevated").
This was seen in WireShark bundled Npcap 0.995, 64 bit. As of today, the broken code is still at https://github.com/nmap/npcap/blob/master/installer/DiagReport.bat
The text was updated successfully, but these errors were encountered: