Nmap Development mailing list archives
Re: pitching in on the port 138 idea
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 9 Sep 2008 22:00:18 -0500
On Tue, Sep 9, 2008 at 7:20 AM, mike <> wrote:
hey i hope to get some more of you out there on board in this idea of trying to get info from the datagram port 138 service. a friend of mine and i spent the day crafting several packets to initiate a response. we got the packet fields down to being almost flawless, except when it came to the nagging issue of the scope id! i was constantly getting protocol dissector errors related to the netbios name not being a proper first-level encoding. this was even after i had done the proper 32 byte mangle and added the scope at the end. i am lost at this point i wish to pursue this with or without you guys simply because we have a tool like nmap that can easily dump the NAME table on 137 and SHARES on 139/445 and i simply feel the next step in the NETBIOS enumeration should be to retreive the users BROWSER table, which is held on port 138. this can be done, i just know it! all that i have read tells me it can be done. i just don't know enough about why i am getting the errors i am seeing. i know i should be able to retreive info because, for one, there is no security in place, as in , using an auth level to gain access. also, it even uses, in some cases, tcp for transfering MASTER BROWSER information and forcing elections. i appologize if i am taking up time in an "nmap only" related discussion, but i can see this being very viable if ever figured out and finally implemented. no tool i know of right now can dump info from this elusive service. let nmap be the first m|ke
Can you share some of your methodology such as specific hping2 / scapy / raw packet creation you are attempting? Also, if packet captures would be helpful to you, what exactly would you need? -Jason _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- pitching in on the port 138 idea mike (Sep 09)
- Re: pitching in on the port 138 idea DePriest, Jason R. (Sep 09)
- Re: pitching in on the port 138 idea Ron (Sep 09)
- Re: pitching in on the port 138 idea DePriest, Jason R. (Sep 09)