pitching in on the port 138 idea

[mike <dmciscobgp () hotmail com>]

hey
 
i hope to get some more of you out there on board in this idea of trying to get info from the datagram port 138 
service. a friend of mine and i spent the day crafting several packets to initiate a response. we got the packet fields 
down to being almost flawless, except when it came to the nagging issue of the scope id! i was constantly getting 
protocol dissector errors related to the netbios name not being a proper first-level encoding. this was even after i 
had done the proper 32 byte mangle and added the scope at the end. i am lost at this point
 
i wish to pursue this with or without you guys simply because we have a tool like nmap that can easily dump the NAME 
table on 137 and SHARES on 139/445 and i simply feel the next step in the NETBIOS enumeration should be to retreive the 
users BROWSER table, which is held on port 138. this can be done, i just know it! all that i have read tells me it can 
be done. i just don't know enough about why i am getting the errors i am seeing. i know i should be able to retreive 
info because, for one, there is no security in place, as in , using an auth level to gain access. also, it even uses, 
in some cases, tcp for transfering MASTER BROWSER information and forcing elections. i appologize if i am taking up 
time in an "nmap only" related discussion, but i can see this being very viable if ever figured out and finally 
implemented. no tool i know of right now can dump info from this elusive service. let nmap be the first
 
m|ke
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org