Nmap Development mailing list archives
Re: [NSE] MSRPC Libraries (stable, I hope!)
From: Ron <ron () skullsecurity net>
Date: Mon, 03 Nov 2008 08:41:25 -0600
David Fifield wrote:
Cool! I was waiting for Brandon to get back in town, since he is the one that found some nasty bugs before. But now that he's back, he's confirmed that, while it still doesn't work properly, it fails gracefully, which is what I was going for.On Thu, Oct 30, 2008 at 08:47:36PM -0500, Ron wrote: Looks good to me. I don't see any reason not to merge these new improvements. What follows is a few suggestions I thought of while reviewing the code.
I'll talk to you off the list about merging.
Good point. I sort of added that quick, and didn't put a lot of thought into it, but your way makes more sense. I'll add it later, don't want to risk breaking anything right now.Let me suggest a way to make the error handling more concise. There are a lot of places in the code that say if(nmap.debugging() > 0) then return "ERROR: " .. msg else return nil end You could define a function to encapsulate this common pattern: local function err(msg) if nmap.debugging() > 0 then return "ERROR: " .. msg else return nil end end Then the code in case of error would be simply return err(msg)
Heh, oops. That's one of those stupid mistakes I was fighting with and eventually conceded defeat. :)I think I have an answer to this question in nselib/smb.lua: -- If the name wasn't found in the array, do a linear search on it (TODO: Why is this happening??) It's because the table near the bottom should be called status_codes, not status_names (compare command_codes immediately above). As it is, you never fill in the table status_codes, and the table status_names holds what status_codes should hold.
Oops, that one's a problem with error handling. If an error is returned, it still tries to print the empty list. That should probably be fixed, but I won't be able to until tomorrow.smb-enumsessions.nse gives a wrong answer when I use a guest user. It says nobody is logged in even when someone is: $ ./nmap --datadir=. --script=smb-enumsessions.nse -PN -F --script-args smbguest=1 192.168.0.190 ... Host script results: | MSRPC: NetSessEnum(): | Users logged in: | |_ <nobody> |_ ERROR: Couldn't enumerate network sessions: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsessenum) Compare that with the results with an authenticated user: $ ./nmap --datadir=. --script=smb-enumsessions.nse -PN -F --script-args smbuser=jrandom,smbpass=jrandom 192.168.0.190 ... Host script results: | MSRPC: NetSessEnum(): | Users logged in: | |_ MAC-MINI\david since 2008-11-03 10:06:41 | Active SMB Sessions: |_ |_ JRANDOM is connected from 192.168.0.21 for [just logged in, it's probably you], idle for [not idle] The problem is the <nobody> in the first output. Is this just a case of Windows lying to the guest user? If so, that's understandable, it just needs to be documented in the script.
Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE] MSRPC Libraries (stable, I hope!), (continued)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Fyodor (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 03)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 03)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 04)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 04)