Nmap Development mailing list archives
Re: Getting system time from SMB (445 or 139)
From: Ron <ron () skullsecurity net>
Date: Fri, 22 Aug 2008 22:31:09 -0500
Brandon Enright wrote:
On Fri, 22 Aug 2008 22:17:04 -0500 or thereabouts Ron Well don't take the "packet construction" in those scripts as Gospel. They should be using pack/unpack but that wasn't available until recently. It sure would be nice to have SMB/NetBIOS fields documented somewhere too. I always have to turn to the Wireshark dissector. Between pack/unpack and the new NSE doc system you could probably make your script a real good resource for others. I still have to go back and doc a few scripts and convert them to pack/unpack. Brandon
This is the document I've been working from, besides Wireshark dissectors: http://www.ubiqx.org/cifs/SMB.html It's actually a fantastic book! I'm currently working on a lot of SMB stuff in C, mostly for my own education, and my ultimate goal is to write a SMB proxy for pen-testing. But anything I pick up along the way that could apply to nmap I'll definitely contribute. My ultimate goal (from the nmap side) would be the ability to log in (given (guessing?) a username/pass or an anonymous account) and probing for interesting information (enumerating users would be cool, for example). But my current goal is to see what lua looks like, and get the timestamp back if I manage to retain my sanity. :) I just did a quick packet dump from netbios-smb-os-discovery.nse, and it looks like all the packets necessary to get the system time are being sent, so it seems to me that life will be easy. Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)