Nmap Development mailing list archives
Failed authentication with smb-psexec.nse
From: Francois Lachance <digitallachance () gmail com>
Date: Tue, 23 Nov 2010 11:21:53 -0600
I have been trying to use the smb-psexec.nse script in order to run executable on a Windows target. Unfortunately, I am not getting past the authentication part. I have attached two packet captures, one of the nmap attempt and one of a Windows client making a drive connection. The capture shows the SMB Command: Negotiate Protocol (0x72) and the result from the target. From what I can tell, the key difference is found when comparing the returned result on line 239 of nmap-nego-ptoto.txt and line 243 of explorer-nego-proto.txt. In the successful connection, the returned response is "Dialect Index: 5: NT LM 0.12", whereas in the failed attempt, the returned response is "Dialect Index: 0: NT LM 0.12".
From what I can see, our network has been configured (through GPO) to only
use NTLMv2 authentication (Send NTLMv2 response only\refuse LM). Since I am not seeing NTLMv2 in the list of requested protocol in the packet trace of the nmap capture (lines 112-121 in nmap-nego-proto.txt), am I right in assuming that smb-psexec will never work in my environment? I would wager that implementing NTLMv2 is not a trivial task... Thanks!
Attachment:
explorer-nego-proto.txt
Description:
Attachment:
nmap-nego-proto.txt
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Failed authentication with smb-psexec.nse Francois Lachance (Nov 26)
- Re: Failed authentication with smb-psexec.nse Ron (Nov 26)