Nmap Development mailing list archives
Re: Failed authentication with smb-psexec.nse
From: Ron <ron () skullsecurity net>
Date: Thu, 25 Nov 2010 12:20:01 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hey, I'm out of town right now, but I'll take a look at this when I get home (unless somebody else wants to delve into it). Thanks for the great report/pcaps! Ron On Tue, 23 Nov 2010 11:21:53 -0600 Francois Lachance <digitallachance () gmail com> wrote:
I have been trying to use the smb-psexec.nse script in order to run executable on a Windows target. Unfortunately, I am not getting past the authentication part. I have attached two packet captures, one of the nmap attempt and one of a Windows client making a drive connection. The capture shows the SMB Command: Negotiate Protocol (0x72) and the result from the target. From what I can tell, the key difference is found when comparing the returned result on line 239 of nmap-nego-ptoto.txt and line 243 of explorer-nego-proto.txt. In the successful connection, the returned response is "Dialect Index: 5: NT LM 0.12", whereas in the failed attempt, the returned response is "Dialect Index: 0: NT LM 0.12".From what I can see, our network has been configured (through GPO) to onlyuse NTLMv2 authentication (Send NTLMv2 response only\refuse LM). Since I am not seeing NTLMv2 in the list of requested protocol in the packet trace of the nmap capture (lines 112-121 in nmap-nego-proto.txt), am I right in assuming that smb-psexec will never work in my environment? I would wager that implementing NTLMv2 is not a trivial task... Thanks!
- -- Ron Bowes Blog: http://www.skullsecurity.org Twitter: https://twitter.com/iagox86 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAkzuqNUACgkQ2t2zxlt4g/TPIACgxCZnqzVBuUgiGyOkEzZn/Eka 40EAoJNHFFUFVMnHRn6AhCU0obEQg8gJ =xFYU -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Failed authentication with smb-psexec.nse Francois Lachance (Nov 26)
- Re: Failed authentication with smb-psexec.nse Ron (Nov 26)