Nmap Development mailing list archives
Re: [NSE] MSRPC Libraries (stable, I hope!)
From: David Fifield <david () bamsoftware com>
Date: Mon, 3 Nov 2008 11:39:37 -0700
On Thu, Oct 30, 2008 at 08:47:36PM -0500, Ron wrote:
Hey David (and all), I made some changes the the output and committed them to my nmap-exp branch: svn://svn.insecure.org/nmap-exp/ron/nmap-smb Basically: - one level of verbose/debug (-v or -d) will give you just important stuff (failed logins, errors, etc) - two levels of verbose/debug will give you function calls/packets being sent - three levels of verbose/debug will give you everything - errors will no longer be displayed in the Nmap output unless -d is set. This cleans things up a lot. Could you take a look and let me know if it's better now, and tell me where else it could improve? That'd be great!
Looks good to me. I don't see any reason not to merge these new improvements. What follows is a few suggestions I thought of while reviewing the code. Let me suggest a way to make the error handling more concise. There are a lot of places in the code that say if(nmap.debugging() > 0) then return "ERROR: " .. msg else return nil end You could define a function to encapsulate this common pattern: local function err(msg) if nmap.debugging() > 0 then return "ERROR: " .. msg else return nil end end Then the code in case of error would be simply return err(msg) I think I have an answer to this question in nselib/smb.lua: -- If the name wasn't found in the array, do a linear search on it (TODO: Why is this happening??) It's because the table near the bottom should be called status_codes, not status_names (compare command_codes immediately above). As it is, you never fill in the table status_codes, and the table status_names holds what status_codes should hold. smb-enumsessions.nse gives a wrong answer when I use a guest user. It says nobody is logged in even when someone is: $ ./nmap --datadir=. --script=smb-enumsessions.nse -PN -F --script-args smbguest=1 192.168.0.190 ... Host script results: | MSRPC: NetSessEnum(): | Users logged in: | |_ <nobody> |_ ERROR: Couldn't enumerate network sessions: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsessenum) Compare that with the results with an authenticated user: $ ./nmap --datadir=. --script=smb-enumsessions.nse -PN -F --script-args smbuser=jrandom,smbpass=jrandom 192.168.0.190 ... Host script results: | MSRPC: NetSessEnum(): | Users logged in: | |_ MAC-MINI\david since 2008-11-03 10:06:41 | Active SMB Sessions: |_ |_ JRANDOM is connected from 192.168.0.21 for [just logged in, it's probably you], idle for [not idle] The problem is the <nobody> in the first output. Is this just a case of Windows lying to the guest user? If so, that's understandable, it just needs to be documented in the script. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [NSE] MSRPC Libraries (stable, I hope!), (continued)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Fyodor (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 03)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 03)
- Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 04)
- Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 04)