Nmap Development mailing list archives
Re: [NSE] pwdump script
From: David Fifield <david () bamsoftware com>
Date: Wed, 11 Feb 2009 16:59:00 -0700
On Sun, Jan 04, 2009 at 09:10:23PM -0600, Ron wrote:
I wanted to get people's opinions on a NSE script that I'm in the process of writing (well, almost finished writing). Basically, using the remote files included with pwdump6, and an administrator-level account, it dumps the password hashes from the target system. (the .exe and .dll that are required are run on the remote system, not the local system, so it doesn't matter which OS you're coming from).
I finally got around to trying this. I followed your instructions with pwdump6-1.7.2. $ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190 Host script results: |_ smb-pwdump: ERROR: Couldn't upload the files: Couldn't upload nselib/data/lsr emora.dll: NT_STATUS_ACCESS_DENIED I think this is due to the guest/classic login option in XP Professional. I see a lot of log messages with -d2 like SCRIPT ENGINE DEBUG: SMB: Extended login as \jrandom failed, but was given guest access (username may be wrong, or system may only allow guest) SCRIPT ENGINE DEBUG: Couldn't delete lsremora.dll: NT_STATUS_ACCESS_DENIED I changed the setting from guest to classic and ran again. $ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190 Host script results: |_ smb-pwdump: ERROR: Couldn't create the service on the remote machine: NT_STATUS_UNKNOWN (0x000006e4) (svcctl.openscmanagerw) I'll send you the log file for that. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] pwdump script Ron (Jan 04)
- Re: [NSE] pwdump script Raul Siles (Jan 06)
- Re: [NSE] pwdump script Ron (Jan 06)
- Re: [NSE] pwdump script David Fifield (Feb 11)
- Re: [NSE] pwdump script Ron (Feb 11)
- Re: [NSE] pwdump script David Fifield (Feb 11)
- Re: [NSE] pwdump script Ron (Feb 11)
- Re: [NSE] pwdump script Kristof Boeynaems (Feb 12)
- Re: [NSE] pwdump script Ron (Feb 12)
- Re: [NSE] pwdump script Ron (Feb 11)
- Re: [NSE] pwdump script Raul Siles (Jan 06)