Nmap Development mailing list archives
Re: Module ideas for smb-psexec.nse?
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 6 Oct 2009 11:15:16 -0500
I forgot about another use for netstat that will show you all the applications that are listening on which ports. It would be helpful for tracking down tricky UDP services or just determining if a port is open that nmap is unsure about. - - - - - - - - C:\Windows\system32>netstat -a -b -n Active Connections Proto Local Address Foreign Address State TCP 0.0.0.0:135 0.0.0.0:0 LISTENING RpcSs [svchost.exe] TCP 0.0.0.0:445 0.0.0.0:0 LISTENING Can not obtain ownership information x: Windows Sockets initialization failed: 5 TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING [wininit.exe] TCP 0.0.0.0:1026 0.0.0.0:0 LISTENING Eventlog [svchost.exe] TCP 0.0.0.0:1027 0.0.0.0:0 LISTENING [lsass.exe] TCP 0.0.0.0:1028 0.0.0.0:0 LISTENING Schedule [svchost.exe] TCP 0.0.0.0:1029 0.0.0.0:0 LISTENING [services.exe] TCP 127.0.0.1:1030 0.0.0.0:0 LISTENING [syslog-ng.exe] TCP 127.0.0.1:1032 127.0.0.1:1033 ESTABLISHED [firefox.exe] TCP 127.0.0.1:1033 127.0.0.1:1032 ESTABLISHED [firefox.exe] TCP 127.0.0.1:1036 127.0.0.1:1037 ESTABLISHED [firefox.exe] TCP 127.0.0.1:1037 127.0.0.1:1036 ESTABLISHED [firefox.exe] TCP 192.168.1.2:139 0.0.0.0:0 LISTENING Can not obtain ownership information x: Windows Sockets initialization failed: 5 TCP 192.168.1.2:1080 91.199.212.171:80 CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:1081 91.209.196.180:80 CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:1086 67.51.175.171:80 CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:1087 208.116.13.67:80 CLOSE_WAIT [cmdagent.exe] TCP 192.168.1.2:1090 208.19.38.40:80 ESTABLISHED [jusched.exe] TCP 192.168.1.2:1157 74.125.93.17:443 TIME_WAIT TCP 192.168.1.2:1158 74.125.93.19:443 ESTABLISHED [firefox.exe] TCP 192.168.56.1:139 0.0.0.0:0 LISTENING Can not obtain ownership information x: Windows Sockets initialization failed: 5 TCP [::]:135 [::]:0 LISTENING RpcSs [svchost.exe] TCP [::]:445 [::]:0 LISTENING Can not obtain ownership information x: Windows Sockets initialization failed: 5 TCP [::]:1025 [::]:0 LISTENING [wininit.exe] TCP [::]:1026 [::]:0 LISTENING Eventlog [svchost.exe] TCP [::]:1027 [::]:0 LISTENING [lsass.exe] TCP [::]:1028 [::]:0 LISTENING Schedule [svchost.exe] TCP [::]:1029 [::]:0 LISTENING [services.exe] UDP 0.0.0.0:123 *:* [ntpd.exe] UDP 0.0.0.0:500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:4500 *:* IKEEXT [svchost.exe] UDP 0.0.0.0:5355 *:* Dnscache [svchost.exe] UDP 0.0.0.0:39041 *:* [lxducoms.exe] UDP 0.0.0.0:51477 *:* [cygserver.exe] UDP 0.0.0.0:61358 *:* [cygrunsrv.exe] UDP 0.0.0.0:61444 *:* [cygrunsrv.exe] UDP 127.0.0.1:123 *:* [ntpd.exe] UDP 127.0.0.1:1900 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:54569 *:* SSDPSRV [svchost.exe] UDP 127.0.0.1:61367 *:* [syslog-ng.exe] UDP 192.168.1.2:123 *:* [ntpd.exe] UDP 192.168.1.2:137 *:* Can not obtain ownership information x: Windows Sockets initialization failed: 5 UDP 192.168.1.2:138 *:* Can not obtain ownership information x: Windows Sockets initialization failed: 5 UDP 192.168.1.2:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.1.2:54567 *:* SSDPSRV [svchost.exe] UDP 192.168.56.1:123 *:* [ntpd.exe] UDP 192.168.56.1:137 *:* Can not obtain ownership information x: Windows Sockets initialization failed: 5 UDP 192.168.56.1:138 *:* Can not obtain ownership information x: Windows Sockets initialization failed: 5 UDP 192.168.56.1:1900 *:* SSDPSRV [svchost.exe] UDP 192.168.56.1:54568 *:* SSDPSRV [svchost.exe] UDP [::]:500 *:* IKEEXT [svchost.exe] UDP [::]:5355 *:* Dnscache [svchost.exe] UDP [::1]:1900 *:* SSDPSRV [svchost.exe] UDP [::1]:54565 *:* SSDPSRV [svchost.exe] UDP [fe80::100:7f:fffe%12]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::100:7f:fffe%12]:54566 *:* SSDPSRV [svchost.exe] UDP [fe80::1870:525c:80da:88a8%11]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::1870:525c:80da:88a8%11]:54562 *:* SSDPSRV [svchost.exe] UDP [fe80::2c20:ca0e:54e8:7fd2%15]:546 *:* Dhcp [svchost.exe] UDP [fe80::2c20:ca0e:54e8:7fd2%15]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::2c20:ca0e:54e8:7fd2%15]:54564 *:* SSDPSRV [svchost.exe] UDP [fe80::4421:b801:9c87:9217%10]:1900 *:* SSDPSRV [svchost.exe] UDP [fe80::4421:b801:9c87:9217%10]:54563 *:* SSDPSRV [svchost.exe] - - - - - - - - There are third-party apps that can display this information in a much prettier format (fport and OpenPorts for example), but netstat is built-in and should always be available. -Jason On Mon, Oct 5, 2009 at 8:27 PM, Ron <> wrote:
Hey all, After a lot of hard work, my development on smb-psexec.nse is finally reaching its conclusion! But before that happens, I'm trying to include some awesome defaults. I'm not really an expert on the Windows commandline, though, so I'm hoping to get some help or ideas. I'm attaching the script itself, for reference, which has a ton of documentation at the top. I'm also attaching the three modules I've made so far, which should be enough to give you some idea how this is supposed to work (backdoor.lua isn't done yet, obviously, but the others work pretty well). I'm hoping to get some really cool default modules! If somebody gives me ideas for commands whose output would be useful, go ahead and mention it, I can take care of writing the actual commands. Looking forward to seeing your ideas! Ron -- Ron Bowes http://www.skullsecurity.org/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Module ideas for smb-psexec.nse? Ron (Oct 05)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)