Nmap Development mailing list archives
Re: [NSE] SMB authentication patch
From: David Fifield <david () bamsoftware com>
Date: Fri, 10 Oct 2008 14:11:05 -0600
On Thu, Oct 09, 2008 at 07:11:00PM -0500, Ron wrote:
I think I've got the SMB authentication all working nicely. I haven't tested it as thoroughly as I'd like to, so this is more of a RFC release than a stable release. But please, have a look and let me know what you think!
I tried the patch on both the nse_openssl branch and the trunk. The two are practically the same since the openssl merge. Against Windows XP I ran the command ./nmap --datadir=. --script=all --script-args smbuser=jrandom,smbpassword=jrandom -F -d3 192.168.0.190 2>&1 | tee smb-nse_openssl.log jrandom:jrandom is a real account I set up for the test. The script scan runs for a while and then appears to hit an infinite loop. I saw this in the output:' SCRIPT ENGINE DEBUG: Performing nbstat on host '192.168.0.190' SCRIPT ENGINE DEBUG: [using cached value] SCRIPT ENGINE DEBUG: Received 113 bytes from SMB SCRIPT ENGINE DEBUG: SMB: Couldn't find a username to use, not logging in SCRIPT ENGINE DEBUG: SMB: couldn't find domain to use, using blank SCRIPT ENGINE DEBUG: SMB: Using default logon type: ntlm SCRIPT ENGINE DEBUG: SMB: Using password passed as an nmap parameter: jrandom SCRIPT ENGINE DEBUG: SMB: Lanman hash: 885610396a5a130faad3b435b51404ee SCRIPT ENGINE DEBUG: SMB: NTLM hash: 2d32638c9bda55178bcb6c07885e481a SCRIPT ENGINE DEBUG: SMB: Creating NTLMv1 response SCRIPT ENGINE DEBUG: SMB: Lanman response: 82a5125d979e7e04a4e3693e240fdf518a18eaaf4d16daa4 SCRIPT ENGINE DEBUG: SMB: NTLM response: 82a5125d979e7e04a4e3693e240fdf518a18eaaf4d16daa4 SCRIPT ENGINE: ./nselib/smb.lua:1183: bad argument #4 to 'pack' (string expected, got nil) NSOCK (2.5610s) msevent_new (IOD #4) (EID #106) NSOCK (2.5610s) Read request for 2 bytes from IOD #4 [192.168.0.190:5900] EID 106 NSOCK (2.5610s) msevent_new (IOD #3) (EID #117) A little while after that it loops with NSOCK (14.6500s) nsock_loop() started (timeout=50ms). 0 events pending NSOCK (14.6510s) nsock_loop() started (timeout=50ms). 0 events pending NSOCK (14.6510s) nsock_loop() started (timeout=50ms). 0 events pending NSOCK (14.6510s) nsock_loop() started (timeout=50ms). 0 events pending I'll send you the complete log. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] SMB authentication patch Ron (Oct 09)
- Re: [NSE] SMB authentication patch David Fifield (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 13)
- Re: [NSE] SMB authentication patch Ron (Oct 13)
- Re: [NSE] SMB authentication patch David Fifield (Oct 13)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 13)
- Re: [NSE] SMB authentication patch Ron (Oct 13)