Nmap Development mailing list archives
Re: [NSE patch]
From: Fyodor <fyodor () insecure org>
Date: Tue, 26 Aug 2008 16:14:15 -0700
On Mon, Aug 25, 2008 at 10:50:14PM -0500, Ron wrote:
Host script results: | Discover OS Version over NetBIOS and SMB: OS version cannot be determined. |_ Never received a response to SMB Setup AndX Request | Discover OS Version over NetBIOS and SMB: Windows XP |_ Discover system time over SMB: 2008-08-25 19:56:53 UTC-7 I found that this problem occurs with the previous version too, so it isn't caused by your changes.I noticed that as well, I'll take a look at it.
Great.
Port TCP/445 = SMB Raw, which can be used to dump the OS version, time, etc. Port TCP/139 = SMB over NetBIOS, which can do the same thing as NetBIOS raw, _except_ it requires the computer's name to do it Port UDP/137 = NetBIOS Name service, which can provide the name. So right now, my logic is: If tcp/445 is open, query it directly. Else, if tcp/139 is open, grab the name from udp/137 and use that The name request is just a little UDP packet, it can be sent pretty easily from anywhere. But, the question is, where *should* it be sent from?
Interesting. One idea would be to have a name lookup script which triggers if any of these ports are open (because the user might not have done a UDP scan, but if 139 or 445 TCP are open, it is probably worth sending the probe to 137/udp). That script could have a runlevel set so that it runs early, and saves the data in the NSE registry in case any scripts need it. Or your library approach suonds like a good one too. Or the labor can be divided between a library and a script.
Think that'd be something useful to write? I'm up for doing it if it's going to be used.
Yes, I think it would be useful. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE patch] Ron (Aug 25)
- Re: [NSE patch] Fyodor (Aug 25)
- Re: [NSE patch] Ron (Aug 25)
- Re: [NSE patch] Fyodor (Aug 26)
- Re: [NSE patch] Ron (Aug 26)
- Re: [NSE patch] Ron (Aug 25)
- Re: [NSE patch] jah (Aug 26)
- Re: [NSE patch] David Fifield (Sep 14)
- Re: [NSE patch] Ron (Sep 15)
- Re: [NSE patch] Fyodor (Aug 25)