Re: [NSE RFC] SMB Probe

[Kris Katterjohn <katterjohn () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ron wrote:
> Hey all,

Hi,

> I'm interested in comments on the style and such. I'm new to Lua, but
> I've been picking it up. There may be things about it I don't know, and
> I'm interested in learning. For example, I only just realized that
> 'local' is important, after debugging something nasty!

Just a little note, there's a Comm nselib designed for handling typical
network exchanges.  Upon first glance your TCP socket gets transferred around
throughout the functions, so that won't work, but your UDP code from
netbios_do_nbstat() could be replaced with it if you're interested.

Also, your script can probably be used as a base for an SMB nselib as your
functions seem to be separately fairly well already (like your name encode and
decode functions, your functions to manipulate a header, etc).  I think moving
code to nselibs is best, if they provide enough stand-alone functionality to
warrant it (which your code seems to).

All of this is just after an initial inspection, so I could be off-base.

> The other bit I'm unsure about is the output. Right now, it builds the
> string as it goes along, but I might change it to build an array of
> strings instead. It's also a little chatty at the moment, although I
> think everything it displays is important. I might up the verbosity on
> some of it, though.

I think maybe combining lines (like "SMB Security") into one would be better,
if they don't get incredibly long.  I'm not sure if this is what you meant by
"an array of strings".

I like all of your output as well, but it's best to use the verbosity level to
gauge how much to print rather than printing it all by default.  Check some of
the other scripts to see how their output is controlled by it.

> Anyways, this works well against all my test boxes, and I kept it pretty
> clean (using pack/unpack to build packets, for example). I plan to
> expand this far more in the future, this is just the basic stuff. I'd
> appreciate output, though, and I hope to get a version done soon that
> can be included.

I thinking adding more to this script (or nselib..), and using it to replace
the other scripts (as you mentioned), is best.  You seem to be already on your
way with this, so it's just my two cents.


Just to show, it works well for me on my Linux box after turning on Samba:

Host script results:
|  Probe SMB for information: (using port 139):
|  SMB Security: User-level authentication
|  SMB Security: Challenge/response passwords supported
|  SMB Security: Message signing not supported
|  System time from SMB: 2008-09-07 17:19:46 [UTC-5]
|  Computer name from SMB: MSHOME\
|  OS detection from SMB: Unix
|  Null sessions enabled
|_ Guest account enabled


Thanks,
Kris Katterjohn


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSMRXtf9K37xXYl36AQJ02Q/+OpczJDzOiVPlGANVvNM4DcNSdvcUZ6NG
G/M3iqSMv159tI4es5IopI+UgpjLYNrE1K92hdgA9zg/EgRS43/Vi8X9PS55Y/yb
ONa8n8DTUqyIxo0OeI3KZl+gXTRZ8rUwRORsA6m93LierxtuOMCPIbRpP3x2sPoZ
G/jZHlFhxsHoUZ2KK2csNLY4WtLRAiWNaMMLxR562F0IK4g0pVC10t1NnIzMuQbr
4biFKRYrhkxlUOKAJFb3+rVEMrZ30llPGfHWg7IjdqmijI47nljVOrKR2+T4Pizq
4cG6xD6bEec/mA6MVRsNsPf3O0gTQhpzEsIxPOPzlommd5KXh9c4lBiYppGP9qHs
CxoOJgiuLvpUnRKTSrblu3I3W3NqnleoqDym3QbaUJtHdBHrddHF5GVVGxpnFIxv
USz6BfMOn9CeYtr9UX0x/Q6bctEtpUEwOSs4q37V8G1gCeASGmbEXgr4GSH8UPJ9
/Es4AxypD0o5FCRFLnFCahGjTUql4hoRWLTvJPdRDxNJnedE9pDRGTFdTYaNK3j5
KLWCY7jAxrc9tNdmxOYnxl0JhIcszsbHewake1ZBS5KD6ovJVbxEwthwL/AZhtQM
r6Q+s3D6tThtAXZyG9eCn+dKsvgUlVwawpK7NyFC81ZfHzj9+Rhtn3BaSXJm5LyD
p/quPxHNG6o=
=Yv8R
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org