Nmap Development mailing list archives
Re: Getting system time from SMB (445 or 139)
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 23 Aug 2008 03:22:57 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, 22 Aug 2008 22:17:04 -0500 or thereabouts Ron <ron () skullsecurity net> wrote:
Brandon Enright wrote:On Fri, 22 Aug 2008 21:06:07 -0500 or thereabouts Ron <ron () skullsecurity net> wrote: Hi Ron, You should probably take a look at "netbios-smb-os-discovery.nse" and "nbstat.nse" for an idea of how to start. Alternatively, if send me a packet capture (pcap please) for the query on 445 and the queries on 139 I'd be willing to hack the script together. BrandonThanks for the info, Brandon! Thanks for offering, but I'd like to try my hand at this. SMB decoding and nmap scripts are two things I've been wanting to learn, so this is the perfect opportunity. :) I'll let you know if I get stuck, though! Ron
Well don't take the "packet construction" in those scripts as Gospel. They should be using pack/unpack but that wasn't available until recently. It sure would be nice to have SMB/NetBIOS fields documented somewhere too. I always have to turn to the Wireshark dissector. Between pack/unpack and the new NSE doc system you could probably make your script a real good resource for others. I still have to go back and doc a few scripts and convert them to pack/unpack. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkivgpEACgkQqaGPzAsl94KOdACdEVlqnGNSIZvMm8vvGaqtT6ah 9zYAoJmZkR0jAtzZJaHRjXWdETNGWdyt =r5mG -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)