Re: [NSE] SMB authentication patch

[David Fifield <david () bamsoftware com>]

On Fri, Oct 10, 2008 at 07:14:47PM -0500, Ron wrote:
> > It's hard to give a blank password. Just using
> >     --script-args smbusername=user
> > doesn't work, using
> >     --script-args smbusername=user,smbpassword=
> > doesn't work ("Error parsing --script-args"). I had to use
> >     --script-args smbusername=user,smbpassword=\'\'
>
> All right, I fixed the problem with blank passwords (now just leave off
> the parameter), and I changed it so blank usernames won't throw an error
> (it'll print a warning if vebose is high enough then proceed with a null
> session).

I tried this new version and the blank passwords work.

> For your 'david' account, a pcap would still be useful for me, but can
> you also run "user2sid.exe david" for me, and tell me the last part of
> the sid (or the whole thing)? I've attached the program, although you
> can find it around the Internet if you prefer.

I'll send you a separate message with a pcap log and the user2sid
results.

> I also wrote a new script for enumerating sessions last night (my friend
> was doing a pentest and needed the functionality). I've attached that as
> well. It'll be improved more in the near future, so consider this a
> preview. :)

I tried that and got

Host script results:
|_ MSRPC: NetSessEnum(): ERROR: Read off the end of the packet

I'll send you a pcap log of that too.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org