Nmap Development mailing list archives
Re: [NSELIB/NSE] Updates SMB/MSRPC scripts
From: David Fifield <david () bamsoftware com>
Date: Fri, 3 Oct 2008 18:12:38 -0600
On Fri, Oct 03, 2008 at 11:09:16AM -0500, Ron wrote:
I've taken David's suggestions about the previous version of my SMB/MSRPC libraries and incorporated them. So basically, these would be the change notes: - Rolled together multiple ways of doing the same thing
So smb-enumusers.nse covers what you previously sent as smb-msrpc-bruteusers.nse, smb-msrpc-enumusers.nse, and smb-enum.nse? The new organization is logical, it's easier to predict what the scripts will do from their names.
- Removed smbconstants in favour of a two-way table
You can make the constants tables even more concise and expressive by writing local command_codes = { SMB_COM_CREATE_DIRECTORY = 0x00, SMB_COM_DELETE_DIRECTORY = 0x01, ... } Likewise you can say command_codes.SMB_COM_CREATE_DIRECTORY rather than command_codes['SMB_COM_CREATE_DIRECTORY']. This is possible because all the table keys are legal identifiers. All the constants should be moved to the end of smb.lua--does that work?
-- The 'referent_id' value is ignored, as far as I can tell, so this value is passed for it. No, it isn't random. :) REFERENT_ID = 0x50414d4e
Heh.
As before, this will only work against Windows 2000. Once I get authentication in place (which is the next big task, besides fixes/improvements requested right now), it'll work against Windows 2000 - Windows Vista (doesn't work with NT or below, they don't have the required interfaces).
Yes, as I understand it authentication for these scripts and modules is wrapped up with the integration of the openssl module. Ron's scripts are going to be the first test of the module, apart from Sven's own SSH-hostkey.nse. When authentication in these scripts work and the openssl module has gotten some exercise I think we can add them at roughly the same time.
So there you go, please let me know what you think and, if you want me to continue, encourage me! :)
Keep up the good work! Seriously, I think that the smb and msrpc modules are going to serve as examples of how to write other large NSE modules. I'd like to commit this as soon as someone can independently verify that all the scripts work against Windows 2000. I don't have a machine to test against. The command to do it is nmap --script=smb-enumdomains.nse,smb-enumusers.nse,smb-enumshares.nse <target> Also try running with verbosity. For what it's worth, here's what I see running against Windows XP: Host script results: |_ MSRPC: List of domains: ERROR: NT_STATUS_ACCESS_DENIED | MSRPC: NetShareEnumAll(): | Couldn't enum all shares, checking for common ones (NT_STATUS_ACCESS_DENIED) | Anonymous shares: IPC$ |_ Restricted shares: ADMIN$, C$ | MSRPC: List of user accounts: | Enum via SAMR error: NT_STATUS_ACCESS_DENIED | Enum via LSA error: NT_STATUS_ACCESS_DENIED |_ Sorry, couldn't find any account names anonymously! David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 03)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 03)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 03)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts jah (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Fyodor (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts David Fifield (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Fyodor (Oct 04)
- RE: [NSELIB/NSE] Updates SMB/MSRPC scripts Aaron Leininger (Oct 04)
- Re: [NSELIB/NSE] Updates SMB/MSRPC scripts Ron (Oct 04)
- RE: [NSELIB/NSE] Updates SMB/MSRPC scripts Rob Nicholls (Oct 05)