Re: [NSE] pwdump script

[Ron <ron () skullsecurity net>]

David Fifield wrote:
> $ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190
> Host script results:
> |_ smb-pwdump: ERROR: Couldn't upload the files: Couldn't upload nselib/data/lsr
> emora.dll: NT_STATUS_ACCESS_DENIED
>
> I think this is due to the guest/classic login option in XP
> Professional. I see a lot of log messages with -d2 like
>
> SCRIPT ENGINE DEBUG: SMB: Extended login as \jrandom failed, but was given guest access (username may be wrong, or 
> system may only allow guest)
> SCRIPT ENGINE DEBUG: Couldn't delete lsremora.dll: NT_STATUS_ACCESS_DENIED
Yep, you're correct.

> I changed the setting from guest to classic and ran again.
>
> $ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190
> Host script results:
> |_ smb-pwdump: ERROR: Couldn't create the service on the remote machine: NT_STATUS_UNKNOWN (0x000006e4) 
> (svcctl.openscmanagerw)
>
> I'll send you the log file for that.
>
> David Fifield

I haven't been able to figure out how to access the service control
service on Windows XP. I've spent a lot of time on that issue, and
unfortunately I haven't been able to resolve it. I even posted to the
Metasploit mailing list, since they do it, but it didn't help.

Currently, it'll work against Windows 2000 or 2003.

Thanks, though!
Ron


-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org