Nmap Development mailing list archives
Re: version check in nfs-ls?
From: Djalal Harouni <tixxdz () opendz org>
Date: Thu, 14 Apr 2011 00:59:37 +0100
On 2011-04-08 14:24:50 -0500, Daniel Miller wrote:
Hey list, Ran across an issue with nfs-ls while scanning my HP printer (I was surprised to see that it had NFS on it!). Here's what I was seeing: $ sudo nmap --script rpcinfo -p 111,2049 -sU 192.168.1.XStarting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:12 CDT Nmap scan report for 192.168.1.X Host is up (0.00092s latency). PORT STATE SERVICE 111/udp open rpcbind | rpcinfo: | program version port/proto service | 100000 2,2,3,3 34861/udp rpcbind | 100000 2,3 34861/112 rpcbind | 100003 2 2049/112 nfs | 100003 2 2049/udp nfs | 100005 1 34862/112 mountd |_ 100005 1 34862/udp mountd 2049/udp open nfs MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard) Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds $ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:07 CDT Nmap scan report for 192.168.1.X Host is up (0.0027s latency). PORT STATE SERVICE 111/udp open rpcbind | nfs-ls: | Arguments: | maxfiles: 10 (file listing output limited) | | NFS Export /hpmnt/dsk_ram0 |_ ERROR: versions mismatch, nfs v2 - mount v1 2049/udp open nfs MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard) Nmap done: 1 IP address (1 host up) scanned in 0.22 secondsI'm not sure why this version discrepancy matters. I found the check in nfs-ls.nse:-- use simple chack since NFSv1 is not used anymore. if (mnt_comm.version ~= nfs_comm.version) then rpc.Helper.UnmountPath(mnt_comm, mount) return false, string.format("versions mismatch, nfs v%d - mount v%d", nfs_comm.version, mnt_comm.version) endCommenting out this block allows the script to continue, producing this output:$ sudo nmap --script nfs-ls -p 111,2049 -sU 192.168.1.X Starting Nmap 5.51SVN ( http://nmap.org ) at 2011-04-08 14:14 CDT Nmap scan report for 192.168.1.X Host is up (0.0019s latency). PORT STATE SERVICE 111/udp open rpcbind | nfs-ls: | Arguments: | maxfiles: 10 (file listing output limited) | | NFS Export: /hpmnt/dsk_ram0 | PERMISSION UID GID SIZE MODIFICATION TIME FILENAME | drwxrwxrwx 0 0 512 2011-04-08 10:44 /hpmnt/dsk_ram0 | drwxrwxrwx 0 0 512 2011-04-08 10:44 PJL | drwxrwxrwx 0 0 512 2011-04-08 10:44 PostScript | drwxrwx--- 0 0 512 2011-04-08 10:44 saveDevice |_ drwxrwxrwx 7 0 512 2011-04-08 10:44 webServer 2049/udp open nfs MAC Address: 00:17:08:XX:XX:XX (Hewlett Packard) Nmap done: 1 IP address (1 host up) scanned in 0.29 secondsAnyone able to shed light on this? In what cases is this check necessary?
Hi Dan, Since the user can use the 'mount.version' and 'nfs.version' to specify which versions to use, I've added these checks to avoid failures (NFSv3 works only with Mount v3), but it seems that I've missed Mount v1 (too old). I'll try to do more tests early next week and get back to you, thx. -- tixxdz http://opendz.org _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- version check in nfs-ls? Daniel Miller (Apr 08)
- Re: version check in nfs-ls? Daniel Miller (Apr 08)
- Re: version check in nfs-ls? Djalal Harouni (Apr 13)
- Re: version check in nfs-ls? Djalal Harouni (Apr 13)
- Re: version check in nfs-ls? Djalal Harouni (Apr 23)
- Re: version check in nfs-ls? Daniel Miller (Apr 25)