Nmap Development mailing list archives
Jiayi's Status Report - #9 of 17
From: Jiayi Ye <yejiayily () gmail com>
Date: Tue, 30 Jun 2015 00:25:00 +0800
Hi, Accomplishments : * Continued working on smb2. Implemented command SMB2_COM_SESSION_SETUP. Now we can send SMB2_COM_NEGOTIATE request to smb2 server and receive SMB2 NEGOTIATE Response, then send SMB2_COM_SESSION_SETUP request 1 and receive SMB2 SESSION_SETUP response with NT_STATUS_MORE_PROCESSING_REQUIRED status, then send SMB2_COM_SESSION_SETUP request 2 with username and password. But I received response with nt_status_request_not_accepted rather than NT_STATUS_SUCCESS. I’ll fix it then. [1] * Set up vuln environment related with CVE-2015-1635. Tried to update http-vuln-cve2015-1635 to support information leak. I am still trying the byte ranges to perform reliable information disclosure. [2] Priorities: * Implement smb2 commands such as SMB2_COM_TREE_CONNECT. * Find way to exploit information disclosure related with CVE-2015-1635. * Solve the licenses problem with vuln script. Test vuln script. Update document of vuln script. [1] https://svn.nmap.org/nmap-exp/jiayi/nselib/smb2.lua [2] https://svn.nmap.org/nmap-exp/jiayi/scripts/http-vuln-cve2015-1635.nse Thanks, Jiayi Ye
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Jiayi's Status Report - #9 of 17 Jiayi Ye (Jun 29)