Nmap Development mailing list archives

Re: [NSE RFC] SMB Probe

From: Kris Katterjohn <katterjohn () gmail com>
Date: Sun, 07 Sep 2008 22:57:29 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ron wrote:

Just to show, it works well for me on my Linux box after turning on Samba:

Host script results:
|  Probe SMB for information: (using port 139):
|  SMB Security: User-level authentication
|  SMB Security: Challenge/response passwords supported
|  SMB Security: Message signing not supported
|  System time from SMB: 2008-09-07 17:19:46 [UTC-5]
|  Computer name from SMB: MSHOME\
|  OS detection from SMB: Unix
|  Null sessions enabled
|_ Guest account enabled

Awesome, I was going to ask somebody to try on Samba! I notice that the
domain is populated but the computer isn't ("MSHOME\"), not sure if I'm
parsing something incorrectly or if Samba's sending back a blank string.
If it's not too much trouble, can you send me a packet capture of the
scan? I don't have a Samba server handy.


Samba is probably sending a blank string like it sends all 0s for the MAC
address (you can also see a comment in nbstat.nse talking about the latter).

Just let me know if I can send you something else to help.

Thanks,

Ron


Thanks,
Kris Katterjohn

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSMSipf9K37xXYl36AQIpkBAAsKHMApMuW2O6Ox7seC5ySKn1qwOd20WK
eSZYDAokOLEEHUAOqWa5zLtBegxmPZINVsytbqa4b0uC80JSOM4x/DLdn0/NybI5
jjDE+ZSrzwTxA6cyN4G8VKdK3fiDEPQltb9I2SiZLQGeeaSYkg2Hjwo6VrGP1a8l
YE5XAuySgSEieZ76QBiayqVbt5H3X8vkfaPDSyiCe9DMfsmrcLWhoKFoCMGzPsTN
OVommI8nDptKavTkSU/kmI3UP5YVSTEpo84lKJjPOezsmoq43VmyiozStY3dE+rt
MWBQ5YMaxPNQm83o6abs3+sgsil9COnu/jrhUGNHF1MsYAbPFq6yGyF5VsrnScD+
C83qrjgpvFYFGdAGQt1tyFoxHT9d7q9vc/SPEN3dMrZBuULN4UW3EkYISt3OWysi
PKtv02uCmmGPjo3yDG61C6zOkoH6lK7yTmzAR51/LpDC35Osa5QxNG5vC1T49d7z
B77pV4W7yk6N5N5IKuXxKBxfhHARwFztx17uG7mpgmjzi72wLeKoMTM1Yg9DfUGp
uJn6FEQWCytzZ6Cr/tCb9BqxzUvhlu1JZOH2Exex1X6itFByQxoZMGOxqWjtCJRV
MvueGu6rvHYQDFggvem+HPfupiKPL+o6gICpwI7ruIN/lBF6hCdWJjY0zSr8MOHq
U/l2d1g6n3A=
=tsis
-----END PGP SIGNATURE-----

Attachment: smb-probe.pcap
Description:


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

[NSE RFC] SMB Probe Ron (Sep 07)
- Re: [NSE RFC] SMB Probe Kris Katterjohn (Sep 07)
  - Re: [NSE RFC] SMB Probe Ron (Sep 07)
    - Re: [NSE RFC] SMB Probe Kris Katterjohn (Sep 07)
- Message not available
  - Message not available
    - RE: [NSE RFC] SMB Probe Aaron Leininger (Sep 08)
    - RE: [NSE RFC] SMB Probe Aaron Leininger (Sep 08)