Nmap Development mailing list archives
R: [SCRIPT] NetBIOS name and MAC query script
From: "Speziale Daniele" <daniele.speziale () telecomitalia it>
Date: Wed, 28 Mar 2007 09:31:48 +0200
Thank you. At all. Daniele -----Messaggio originale----- Da: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] Per conto di Brandon Enright Inviato: mercoledì 28 marzo 2007 4.33 A: DePriest, Jason R. Cc: nmap-dev () insecure org; bmenrigh () ucsd edu Oggetto: Re: [SCRIPT] NetBIOS name and MAC query script Thank you, this was enough information to update the script (attached) to report the logged in username when NetBIOS actually reports the info [1]. I don't know if this will work against Windows 9x/Me or not but it seems to work against 2k and XP boxes. Please let me know how it works. Brandon [1] NetBIOS doesn't seem to explicitly report computername vs domainname vs username etc. Oftentimes it doesn't even report the username. This script is using a best-guess heuristic to determine the computername and username. I think I've got it all correct but more testing/review is in order. On Tue, 27 Mar 2007 16:07:14 -0600 "DePriest, Jason R." <jrdepriest () gmail com> wrote:
On 3/27/07, Brandon Enright wrote:DePriest, Jason R. wrote:I can give you detailed results from an nbtscan and a packet capture of the traffic. Would that be sufficient to help out? -JasonIf you have a case where nbtscan was able to determine the remote user that was logged in that ouput and packet capture would be most useful. I suppose I could look at the nbtscan source code but I'd hate to run into odd legal/licensing problems in doing so. BrandonIt looked like nbtstat provided more verbosity for the end-user, so I used it instead. Nbtstat actually shows you the raw data received minus the tcp and ethernet layer stuff. I am including the full packet capture data from a tshark dump as well. See the attachment for the pcap and txt files with the data. -Jason
-------------------------------------------------------------------- CONFIDENTIALITY NOTICE This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to webmaster () telecomitalia it. Thank you www.telecomitalia.it -------------------------------------------------------------------- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [SCRIPT] NetBIOS name and MAC query script, (continued)
- Re: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 24)
- Re: [SCRIPT] NetBIOS name and MAC query script Diman Todorov (Mar 25)
- R: [SCRIPT] NetBIOS name and MAC query script Speziale Daniele (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- Re: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 27)
- Re: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- R: [SCRIPT] NetBIOS name and MAC query script Speziale Daniele (Mar 28)
- Re: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 24)