Security Basics mailing list archives
Re: nmap smb-brute questions
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 23 Sep 2013 15:40:04 -0700
On 09/17/2013 02:17 AM, Ansgar Wiechers wrote:
On 2013-09-16 ToddAndMargo wrote:When I look at my /etc/services, I get the following smb services: netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp microsoft-ds 445/tcp microsoft-ds 445/udp Question 1): Why is the example only checking UDP:137, and TCP:139? Ports 137,138,139,445 are all using both UDP and TCP according to /etc/services. Is the example not meant to be a good example?AFAIK was IANA practice to assign UDP and TCP port number for a service, regardless of which of the two protocols it actually used. NetBIOS does not use 137/tcp and 139/udp, so it'd be pointless to scan those ports. [...]On the following command, I also get back: # nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116 ... Host script results: | smb-brute: | administrator:<blank> => Valid credentials, account disabled |_ guest:<blank> => Valid credentials, account disabled Question 4): does the "Valid credentials, account disabled" mean the script could not break in?Yes. Regards Ansgar Wiechers
Hi Ansgar, Thank you! -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap smb-brute questions ToddAndMargo (Sep 16)
- Re: nmap smb-brute questions Ansgar Wiechers (Sep 23)
- Re: nmap smb-brute questions ToddAndMargo (Sep 24)
- Re: nmap smb-brute questions Ansgar Wiechers (Sep 23)