Re: [NSE patch]

[Fyodor <fyodor () insecure org>]

On Mon, Aug 25, 2008 at 10:50:14PM -0500, Ron wrote:
> > Host script results:
> > |  Discover OS Version over NetBIOS and SMB: OS version cannot be determined.
> > |_ Never received a response to SMB Setup AndX Request
> > |  Discover OS Version over NetBIOS and SMB: Windows XP
> > |_ Discover system time over SMB: 2008-08-25 19:56:53 UTC-7
> >
> > I found that this problem occurs with the previous version too, so it
> > isn't caused by your changes.
> I noticed that as well, I'll take a look at it.

Great.

> Port TCP/445 = SMB Raw, which can be used to dump the OS version, time, etc.
> Port TCP/139 = SMB over NetBIOS, which can do the same thing as NetBIOS
> raw, _except_ it requires the computer's name to do it
> Port UDP/137 = NetBIOS Name service, which can provide the name.
>
> So right now, my logic is:
> If tcp/445 is open, query it directly.
> Else, if tcp/139 is open, grab the name from udp/137 and use that
>
> The name request is just a little UDP packet, it can be sent pretty
> easily from anywhere. But, the question is, where *should* it be sent from?

Interesting.  One idea would be to have a name lookup script which
triggers if any of these ports are open (because the user might not
have done a UDP scan, but if 139 or 445 TCP are open, it is probably
worth sending the probe to 137/udp).  That script could have a
runlevel set so that it runs early, and saves the data in the NSE
registry in case any scripts need it.

Or your library approach suonds like a good one too.  Or the labor can
be divided between a library and a script.

> Think that'd be something useful to write? I'm up for doing it if it's
> going to be used.

Yes, I think it would be useful.

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org