Nmap Development mailing list archives
Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service
From: David Fifield <david () bamsoftware com>
Date: Wed, 2 Jun 2010 09:19:21 -0600
On Wed, Jun 02, 2010 at 12:57:11PM +0200, Dražen Popović wrote:
On Wed, 2010-06-02 at 00:22 +0000, Richard Miles wrote:Thanks for the update. Nice to know that it works with limited account. Maybe the exploitation failed with null session because you used router as a pipe. Have you tested others?This service can be accessed across the "router" pipe, according to the protocol specification. But on WinXP this service is also accessible across the "srvsvc" pipe, which is accessible for everyone with access to port 445. Question for nmap-dev: To add one scripts argument such as "smbpipe", or to add some code that determines the remote OS (results from nmap os fingerprint or smb-os-discovery) and chooses the pipe accordingly?
Ideally, the script makes the decision on a per-host basis. So if one host is better using "router" and one is better using "srvsvc", they both get the best option. Something you could do is just try both options every time. Or if you have results from smb-os-discovery, use that as a heuristic to choose the right one. (Sort of like how our comm.tryssl function always tries SSL first if it's a common SSL port or version detection has found SSL.) An smbpipe argument is reasonable, but it probably won't be used much except by very knowledgable users. Also, as we don't have a way to set script arguments per-host, it would be the setting for every host. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 28)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 28)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 30)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 30)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Ron (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (Jun 01)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (Jun 02)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service David Fifield (Jun 02)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 30)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 28)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Ron (May 31)