Nmap Development mailing list archives

Trouble running smb-psexec.nse (NT_STATUS_INVALID_PARAMETER)

From: David Fifield <david () bamsoftware com>
Date: Fri, 12 Feb 2010 13:39:00 -0700
I'm having trouble running smb-psexec.nse. I'm getting this error
message:

$ nmap --script=smb-psexec --script-args smbuser=jrandom,smbpass=jrandom -p 445 -PN 192.168.0.190 -d
NSE: SMB: Attempting to log into the system to enumerate shares
NSE: SMB: Added account '' to account list
NSE: SMB: Added account 'guest' to account list
NSE: SMB: Added account 'jrandom' to account list
NSE: SMB: Found 8 shares, will attempt to find more information
NSE: SMB: Trying a random share to see if server responds properly: nmap-share-test
NSE: SMB: Getting information for share: ADMIN$
NSE: SMB: Checking if share ADMIN$ can be read by the current user
NSE: SMB: Checking if share ADMIN$ can be read by the anonymous user
NSE: SMB: Checking if share ADMIN$ can be written by the current user
NSE: SMB: Checking if share ADMIN$ can be written by the anonymous user
NSE: SMB: Getting information for share: C$
NSE: SMB: Checking if share C$ can be read by the current user
NSE: SMB: Checking if share C$ can be read by the anonymous user
NSE: SMB: Checking if share C$ can be written by the current user
NSE: SMB: Checking if share C$ can be written by the anonymous user
NSE: SMB: Getting information for share: IPC$
NSE: SMB: Checking if share IPC$ can be read by the current user
NSE: SMB: Checking if share IPC$ can be read by the anonymous user
NSE: SMB: Checking if share IPC$ can be written by the current user
NSE: SMB: Checking if share IPC$ can be written by the anonymous user
NSE: SMB: Getting information for share: My Pictures
NSE: SMB: Checking if share My Pictures can be read by the current user
NSE: SMB: Checking if share My Pictures can be read by the anonymous user
NSE: SMB: Checking if share My Pictures can be written by the current user
NSE: SMB: Checking if share My Pictures can be written by the anonymous user
NSE: SMB: Getting information for share: Printer
NSE: SMB: Checking if share Printer can be read by the current user
NSE: SMB: Checking if share Printer can be read by the anonymous user
NSE: SMB: Checking if share Printer can be written by the current user
NSE: SMB: Error while getting share details: Error writing test file to disk as user: NT_STATUS_INVALID_PARAMETER
NSE: Finished smb-psexec against 192.168.0.190.

Host script results:
| smb-psexec:
|_  ERROR: Error writing test file to disk as user: NT_STATUS_INVALID_PARAMETER (May not have an administrator account)

If I modify smb.share_user_can_write to handle NT_STATUS_INVALID_PARAMETER
the same way as NT_STATUS_ACCESS_DENIED, then the check gets past the
Printer share and continues running. However it still fails later with

NSE: smb-psexec: Entering cleanup() -- errors here can generally be ignored
NSE: Stopping service: 1c59e4ba
NSE: smb-psexec: [cleanup] Couldn't stop service: NT_STATUS_SERVICE_DOES_NOT_EXIST (svcctl.openservicew)
NSE: Deleting service: 1c59e4ba
NSE: smb-psexec: [cleanup] Couldn't delete service: NT_STATUS_SERVICE_DOES_NOT_EXIST (svcctl.openservicew)
NSE: SMB: Couldn't delete ADMIN$\b3c98143.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete ADMIN$\b3c9b403.out: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete ADMIN$\9b422d27.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete C$\b3c98143.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete C$\b3c9b403.out: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete C$\9b422d27.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete My Pictures\b3c98143.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete My Pictures\b3c9b403.out: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete My Pictures\9b422d27.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete SharedDocs\b3c98143.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete SharedDocs\b3c9b403.out: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete SharedDocs\9b422d27.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete david\b3c98143.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete david\b3c9b403.out: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete david\9b422d27.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete print$\b3c98143.txt: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete print$\b3c9b403.out: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: SMB: Couldn't delete print$\9b422d27.out.tmp: NT_STATUS_OBJECT_NAME_NOT_FOUND
NSE: smb-psexec: Leaving cleanup()
NSE: Finished smb-psexec against 192.168.0.190.
Completed NSE at 13:37, 1.27s elapsed

Host script results:
| smb-psexec:
|_  ERROR: Couldn't upload the service file: Couldn't find the file

This is against Windows XP Professional SP3, with the login policy set
to "Classic" (not "Guest only").

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Current thread:

Trouble running smb-psexec.nse (NT_STATUS_INVALID_PARAMETER) David Fifield (Feb 12)
- Re: Trouble running smb-psexec.nse (NT_STATUS_INVALID_PARAMETER) Ron (Feb 12)
  - Re: Trouble running smb-psexec.nse (NT_STATUS_INVALID_PARAMETER) David Fifield (Feb 12)