Nmap Development mailing list archives
Re: Updated SMB scripts
From: David Fifield <david () bamsoftware com>
Date: Sun, 28 Dec 2008 12:02:40 -0700
On Tue, Dec 23, 2008 at 07:24:38PM -0600, Ron wrote:
Brandon, Patrick, and myself have worked hard to update and stabilize the smb/msrpc scripts, and I think we've pulled it off. That being said, my tests are against a very limited network and Brandon's are unauthenticated. I'd feel a lot better if people would do their own tests, especially if you have accounts on the target systems. Since Brandon successfully tested the script against nearly 400,000 hosts (granting that most of them are offline), I merged my changes into the main Nmap branch. If you want to test go ahead and grab them from there.
It looks like you forgot to "svn add" the msrpcperformance module. I get SCRIPT ENGINE: './scripts/smb-enum-processes.nse' threw a run time error and could not be loaded. ./scripts/smb-enum-processes.nse:92: module 'msrpcperformance' not found: There's a new script, smb-enum-processes.nse. Can you summarize the other changes? Or point me to a mailing list post (I haven't been following closely). After copying msrpcperformance.nse from nmap-smb, # nmap -p139,445 --script=smb-check-vulns,smb-enum-processes,smb-enum-shares,smb-os-discovery,smb-server-stats,smb-enum-domains,smb-enum-sessions,smb-enum-users,smb-security-mode,smb-system-info 192.168.0.190 Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-28 11:52 MST Interesting ports on 192.168.0.190: PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 00:16:CB:AE:D4:AC (Apple Computer) Host script results: | smb-os-discovery: Windows XP | LAN Manager: Windows 2000 LAN Manager | Name: MSHOME\MAC-MINI |_ System time: 2008-12-28 11:52:20 UTC-7 | smb-security-mode: User-level authentication | SMB Security: Challenge/response passwords supported |_ SMB Security: Message signing not supported | smb-enum-users: |_ MAC-MINI\,\xE0J\xC0V, MAC-MINI\Administrator, MAC-MINI\david, MAC-MINI\Guest, MAC-MINI\HelpAssistant, MAC-MINI\HelpServicesGroup, MAC-MINI\jrandom, MAC-MINI\Kurt G\xF6del, MAC-MINI\None, MAC-MINI\SUPPORT_388945a0 | smb-enum-shares: | Anonymous shares: IPC$ |_ Restricted shares: print$, SharedDocs, My Pictures, david, ADMIN$, C$, Printer | smb-enum-sessions: | Users logged in: | |_ <nobody> |_ ERROR: Couldn't enumerate network sessions: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsessenum) Nmap done: 1 IP address (1 host up) scanned in 1.33 seconds Then with authentication, after disable guest-only authentication on Windows XP Pro: # nmap --datadir=. -p139,445 --script=smb-check-vulns,smb-enum-p rocesses,smb-enum-shares,smb-os-discovery,smb-server-stats,smb-enum-domains,smb- enum-sessions,smb-enum-users,smb-security-mode,smb-system-info --script-args smb user=jrandom,smbpass=jrandom 192.168.0.190 Starting Nmap 4.76 ( http://nmap.org ) at 2008-12-28 11:54 MST Interesting ports on 192.168.0.190: PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 00:16:CB:AE:D4:AC (Apple Computer) Host script results: | smb-system-info: | OS Details | |_ Microsoft Windows XP Service Pack 3 (WinNT 5.1 build 2600) | |_ Installed on 2008-09-09 13:25:15 | |_ Registered to . (organization: ) | |_ Path: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem | |_ Systemroot: C:\WINDOWS | |_ Page files: C:\pagefile.sys 1488 2976 (cleared at shutdown => 0) | Hardware | |_ CPU 0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz [1834mhz GenuineInt el] | |_ Identifier 0: x86 Family 6 Model 15 Stepping 2 | |_ CPU 1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz [1833mhz GenuineInt el] | |_ Identifier 1: x86 Family 6 Model 15 Stepping 2 | |_ Video driver: Mobile Intel(R) 945 Express Chipset Family | Browsers |_ |_ Internet Explorer 6.0000 | smb-security-mode: User-level authentication | SMB Security: Challenge/response passwords supported |_ SMB Security: Message signing not supported |_ smb-enum-processes: Idle, System, ALG, KbdMgr, SMSS, CSRSS, WINLOGON, SERVICES, LSASS, IRW, IGFXPERS, HKCMD, RUNDLL32, SPOOLSV, AppleOSSMgr, AppleTimeSrv, SVCHOST, STACSV, mmc, WinVNC, EXPLORER | smb-os-discovery: Windows XP | LAN Manager: Windows 2000 LAN Manager | Name: MSHOME\MAC-MINI |_ System time: 2008-12-28 11:54:53 UTC-7 | smb-enum-domains: | Domain: MAC-MINI | |_ SID: S-1-5-21-117609710-839522115-1177238915 | |_ Users: Administrator, david, Guest, HelpAssistant, jrandom, Kurt G\xF6del, SUPPORT_388945a0, ,\xE0J\xC0V | |_ Creation time: 2008-09-09 13:05:32 | |_ Passwords: min length: n/a; min age: n/a; max age: 42 days | |_ Account lockout disabled | Domain: Builtin | |_ SID: S-1-5-32 | |_ Creation time: 2008-09-09 13:05:32 | |_ Passwords: min length: n/a; min age: n/a; max age: 42 days |_ |_ Account lockout disabled | smb-server-stats: | Server statistics collected since 2008-12-28 18:33:06 (-398m48s): | |_ Traffic 462679 bytes (-19.37 b/s) sent, 477458 bytes (-19.98 b/s) received | |_ Failed logins: 0 | |_ Permission errors: 0, System errors: 0 | |_ Print jobs spooled: 0 |_ |_ Files opened (including pipes): 226 | smb-enum-shares: | Anonymous shares: IPC$ |_ Restricted shares: print$, SharedDocs, My Pictures, david, ADMIN$, C$, Printer | smb-enum-users: |_ MAC-MINI\,\xE0J\xC0V, MAC-MINI\Administrator, MAC-MINI\david, MAC-MINI\Guest, MAC-MINI\HelpAssistant, MAC-MINI\HelpServicesGroup, MAC-MINI\jrandom, MAC-MINI\Kurt G\xF6del, MAC-MINI\None, MAC-MINI\SUPPORT_388945a0 | smb-enum-sessions: | Users logged in: | |_ <nobody> | Active SMB Sessions: |_ |_ JRANDOM is connected from 192.168.0.21 for [just logged in, it's probably you], idle for [not idle] Nmap done: 1 IP address (1 host up) scanned in 7.62 seconds David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Updated SMB scripts Ron (Dec 23)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Ron (Dec 24)
- Re: Updated SMB scripts Kris Katterjohn (Dec 24)
- Re: Updated SMB scripts Ron (Dec 28)
- Re: Updated SMB scripts David Fifield (Dec 28)
- Re: Updated SMB scripts David Fifield (Dec 29)
- Re: Updated SMB scripts Ron (Dec 29)
- Re: Updated SMB scripts jah (Dec 29)