kerberos-get-realm.nse

[David Fifield <david () bamsoftware com>]

On Mon, Dec 28, 2009 at 05:28:43PM +0100, Patrik Karlsson wrote:
> On 22 dec 2009, at 17.50, David Fifield wrote:
> > It's a pity we can't use the probe that makes Windows disclose the
> > realm. Out of curiosity, what were the contents of the reply? Maybe it
> > can be made into an NSE script.
>
> Here's a first attempt on that script. It tries to retrieve both the
> realm and the server time from the error message. I have tested it
> against W2K3 where it retrieves both and against Heimdal on Linux
> where it only extracts the time.
>
> The script name may be slightly misleading, but getting the realm name
> is what I initially wanted to do. As always, comments, suggestions and
> bug reports are welcome.

It looks good. It's too bad it only works on Windows as far as we know
so far. Getting the date is a nice thing, but service detection should
already do that. One thing you could do is print out the deviation from
local time like http-date does:

PORT   STATE SERVICE
80/tcp open  http
|_http-date: Sat, 21 Nov 2009 21:08:31 GMT; -40d6h32m17s from local time.

Feel free to factor out that time difference–formatting code from
http-date.

I tried to test this but I couldn't figure out how to activate a
Kerberos server on Windows XP. Do you have to have a server edition or
something?

You need to document the meaning of the 0xa9 byte in
extract_kerberos_realm.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/