Nmap Development mailing list archives
[NSE] Nmap SMB RFC
From: Ron <ron () skullsecurity net>
Date: Thu, 16 Oct 2008 23:04:32 -0500
Hi all, I just finished writing/testing the next round of changes to my SMB library, which incorporates the ability to log into SMB on port 445 or 139 (using the OpenSSL library for NTLM authentication; although Lanman and NTLMv2 are supported, they aren't default). In addition to the login stuff, I've made countless changes, features, bug fixes, and general improvements. I just finished running every script on every Windows OS (from 2k SP0 to Vista), with a variety of user accounts (administrator, user, guest, anonymous), and everything seems to be working. But, before I call it 'stable', I'd like at least one or two others to get it working successfully! I've attached a tgz of the files. Extract this into the appropriate place and run like this: nmap -p445 --script smb-enumdomains,smb-enumsessions,smb-enumshares,smb-enumusers --script-args=smbuser=<username>,smbpass=<password> <target> -v If you're using certain versions of windows (like some versions of Windows XP Professional, as David and myself discovered), you may only be able to scan with the 'guest' account unless you change the local security policy. And on Windows 2000, you probably don't need an account at all for most things. On Windows Vista, enum-sessions won't give you the logged-in users because I apparently don't get access to the registry (you will get the connected SMB sessions, though). Also, if you need to specify a domain for the login, use a smbdomain= parameter. If you prefer to grab this code from SVN, my current working version is here: http://svn.skullsecurity.org:81/ron/security/nmap-ron/ (you don't need a password to get access, and the current revision is 269 -- I can't promise that any version besides that will be stable) Thanks, and I'm looking forward to hearing your feedback! Ron -- Ron Bowes http://www.skullsecurity.org/ http://www.javaop.com/
Attachment:
nmap-smb-20081016.tgz
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] Nmap SMB RFC Ron (Oct 16)