Nmap Development mailing list archives
New script: smb-enum-groups.nse
From: Ron <ron () skullsecurity net>
Date: Wed, 11 Nov 2009 20:53:19 -0600
Hey, I just finished writing a script called smb-enum-groups.nse. It's currently in my nmap-exp branch: svn://svn.insecure.org/nmap-exp/ron/nmap-smb Here's an example output run anonymously against a fairly default Windows 2000 machine: Host script results: | smb-enum-groups: | | Builtin\Administrators (RID: 544): Administrator, ron | | Builtin\Guests (RID: 546): Guest | | Builtin\Replicator (RID: 552): <empty> | | Builtin\Power Users (RID: 547): <empty> | | Builtin\Users (RID: 545): ron |_ |_ Builtin\Backup Operators (RID: 551): <empty> And here it is run against a somewhat default Windows 2003 install (with a user account, not in the Administrators group): nmap -p445 -d --script=smb-enum-groups --script-args=smbuser=test,smbpass=test 172.16.212.129 [...] | smb-enum-groups: | | WINDOWS2003\HelpServicesGroup (RID: 1003): SUPPORT_388945a0 | | WINDOWS2003\IIS_WPG (RID: 1002): IWAM_WINDOWS2003 | | WINDOWS2003\TelnetClients (RID: 1005): <empty> | | Builtin\Print Operators (RID: 550): <empty> | | Builtin\Replicator (RID: 552): <empty> | | Builtin\Network Configuration Operators (RID: 556): <empty> | | Builtin\Performance Monitor Users (RID: 558): <empty> | | Builtin\Users (RID: 545): ron, ASPNET, test | | Builtin\Power Users (RID: 547): <empty> | | Builtin\Backup Operators (RID: 551): <empty> | | Builtin\Remote Desktop Users (RID: 555): <empty> | | Builtin\Administrators (RID: 544): Administrator, ron | | Builtin\Performance Log Users (RID: 559): <empty> | | Builtin\Guests (RID: 546): Guest, IUSR_WINDOWS2003 |_ |_ Builtin\Distributed COM Users (RID: 562): <empty> Unfortunately, anonymous and guest can't run SAMR functions against Windows XP and higher, so a user account is required. I haven't tested it significantly yet, though I'll give it a try at work against a few machines. I'm reasonably confident that it'll hold its weight fairly well. I'd like to move this (and the 'output' patch I posted about before) back into the trunk in the next few days, if nobody minds. I'd love to hear comments on this! The output formatting isn't my favourite, so I'm happy to take suggestions on how I can make it nicer. :) Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- New script: smb-enum-groups.nse Ron (Nov 11)