Nmap Development mailing list archives
[NSE] db2-das-info.nse: IBM DB2 Server Profile export + Version detection - Re-engineered
From: Tom Sellers <nmap () fadedcode net>
Date: Wed, 27 Jan 2010 18:49:54 -0600
I have just committed a new version of the IBM DB2 Server Profile export/version detection NSE script, db2-das-info.nse, that I wrote in December [1]. The original seemed to work well on many systems, but would choke on others. Patrik "HeyNewSoftware!,HereIsAScriptForThat" Karlsson jumped in, figured out some key details about the packet structure and then rebuilt the script in a much more functional, modular and maintainable format. In short, the script connects to the IBM DB2 Administration Server (DAS) on TCP or UDP port 523 and exports the server profile. No authentication is required for this request. The script will also set the port product and version if a version scan is requested. The data it returns matches what would be returned if one were to use the Export Server Profile command using the DB2 Control Center GUI: PORT STATE SERVICE VERSION 523/tcp open ibm-db2 IBM DB2 Database Server 9.07.0 | db2-das-info: DB2 Administration Server Settings | ;DB2 Server Database Access Profile | ;Use BINARY file transfer | ;Comment lines start with a ";" | ;Other lines must be one of the following two types: | ;Type A: [section_name] | ;Type B: keyword=value | | [File_Description] | Application=DB2/LINUX 9.7.0 | Platform=18 | File_Content=DB2 Server Definitions | File_Type=CommonServer | File_Format_Version=1.0 | DB2System=MYBIGDATABASESERVER | ServerType=DB2LINUX | | [adminst>dasusr1] | NodeType=1 | DB2Comm=TCPIP | Authentication=SERVER | HostName=MYBIGDATABASESERVER | PortNumber=523 | IpAddress=127.0.1.1 | | [inst>db2inst1] | NodeType=1 | DB2Comm=TCPIP | Authentication=SERVER | HostName=MYBIGDATABASESERVER | ServiceName=db2c_db2inst1 | PortNumber=50000 | IpAddress=127.0.1.1 | QuietMode=No | TMDatabase=1ST_CONN | | [db>db2inst1:TOOLSDB] | DBAlias=TOOLSDB | DBName=TOOLSDB | Drive=/home/db2inst1 | Dir_entry_type=INDIRECT |_Authentication=NOTSPEC There is quite a bit of recon value in the data returned: DB2 version, server OS/platform, database names and port numbers, file system path names, hostname and IP address. Oddly enough I have see DB2 return the IPv6 address when queried over the IPv4 interface. Any testing or feedback with the functionality and structure of the script would be greatly appreciated! (If it works blame Patrik, if it doesn't then I did it.) Of particular interest are: 1. The debug output is VERY verbose at the moment. This is due to instrumenting the packet manipulation process. Should we comment out some of this detail? 2. Testing and feedback against unusual platforms would be great, we have already seen where dealing with atypical setups can cause problems. Thanks, Tom 1. http://seclists.org/nmap-dev/2009/q4/659
Attachment:
db2-das-info.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] db2-das-info.nse: IBM DB2 Server Profile export + Version detection - Re-engineered Tom Sellers (Jan 27)
- Re: [NSE] db2-das-info.nse: IBM DB2 Server Profile export + Version detection - Re-engineered Fyodor (Jan 28)
- Re: [NSE] db2-das-info.nse: IBM DB2 Server Profile export + Version detection - Re-engineered Matt Selsky (Jan 30)
- Re: [NSE] db2-das-info.nse: IBM DB2 Server Profile export + Version detection - Re-engineered Patrik Karlsson (Jan 30)