Nmap Development mailing list archives
Re: [NSE RFC] SMB Probe
From: Ron <ron () skullsecurity net>
Date: Sun, 07 Sep 2008 22:42:46 -0500
Hi, Kris Katterjohn wrote:
Hi, Just a little note, there's a Comm nselib designed for handling typical network exchanges. Upon first glance your TCP socket gets transferred around throughout the functions, so that won't work, but your UDP code from netbios_do_nbstat() could be replaced with it if you're interested.
Sounds handy, I didn't know about that. I don't like the way the socket is being passed around right, so finding another way would be good. I'll definitely look into it.
Also, your script can probably be used as a base for an SMB nselib as your functions seem to be separately fairly well already (like your name encode and decode functions, your functions to manipulate a header, etc). I think moving code to nselibs is best, if they provide enough stand-alone functionality to warrant it (which your code seems to). All of this is just after an initial inspection, so I could be off-base.
That's the way I was planning on going with this, so we're on the same page there. I don't have a clue how to write nselibs, but I'm a quick learner. I just need to put a little thought into how to structure it. As I've written this email, I think I've figured out how to do it. Stay tuned!
I think maybe combining lines (like "SMB Security") into one would be better, if they don't get incredibly long. I'm not sure if this is what you meant by "an array of strings". I like all of your output as well, but it's best to use the verbosity level to gauge how much to print rather than printing it all by default. Check some of the other scripts to see how their output is controlled by it.
I was a little concerned about line length, does anybody have a definition of "incredibly long" for Nmap? Is going over the 80 column mark generally ok, or frowned upon? For the array, I was thinking of keeping the out put strings in an array at the top of the file and reading it at the end. Currently, I build the string as I go by adding 'response = response .. "whatever\n"'. That doesn't have a good feeling to it, in my opinion, I might redo that bit.
I thinking adding more to this script (or nselib..), and using it to replace the other scripts (as you mentioned), is best. You seem to be already on your way with this, so it's just my two cents.
Thanks. :)
Just to show, it works well for me on my Linux box after turning on Samba: Host script results: | Probe SMB for information: (using port 139): | SMB Security: User-level authentication | SMB Security: Challenge/response passwords supported | SMB Security: Message signing not supported | System time from SMB: 2008-09-07 17:19:46 [UTC-5] | Computer name from SMB: MSHOME\ | OS detection from SMB: Unix | Null sessions enabled |_ Guest account enabled
Awesome, I was going to ask somebody to try on Samba! I notice that the domain is populated but the computer isn't ("MSHOME\"), not sure if I'm parsing something incorrectly or if Samba's sending back a blank string. If it's not too much trouble, can you send me a packet capture of the scan? I don't have a Samba server handy. Thanks, Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE RFC] SMB Probe Ron (Sep 07)
- Re: [NSE RFC] SMB Probe Kris Katterjohn (Sep 07)
- Re: [NSE RFC] SMB Probe Ron (Sep 07)
- Re: [NSE RFC] SMB Probe Kris Katterjohn (Sep 07)
- Re: [NSE RFC] SMB Probe Ron (Sep 07)
- Message not available
- Message not available
- RE: [NSE RFC] SMB Probe Aaron Leininger (Sep 08)
- RE: [NSE RFC] SMB Probe Aaron Leininger (Sep 08)
- Message not available
- Re: [NSE RFC] SMB Probe Kris Katterjohn (Sep 07)