Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smb-enum-shares

From: Barry Dragoon <barry.dragoon () gmail com>
Date: Fri, 23 Dec 2016 07:30:36 -0800
I can't get it to work either.  I believe it has to do with the script
smbauth.lua not being able to create a valid ntlmv2 hash to pass to the
windows operating system (OS).

The newer windows OSes are validating the request for access with a
different methodology than the earlier versions.  It seems that changing
the default security policy on the local machine might work by allowing
ntlmv1 credentials to pass, but then you're defeating the builtin security
of the windows OS.

Try running your command using the debug options (-d up to -d9) to see what
is actually occurring.
--
Barry Dragoon, nmap n00b

On Thu, Dec 22, 2016 at 6:00 PM, Louis Sanchez <loudawgmv540 () gmail com>
wrote:


I cannot get this to work, I'm not sure if it's a bug. See below, I
verified that the share is open using smbmap. The account I made is smbuser
with a password smbuser.


root@kali:~# nmap --script smb-enum-shares --script-args
smbuser=smbuser,smbpass=smbuser -p445 192.168.2.247

Starting Nmap 7.01 ( https://nmap.org ) at 2016-12-22 20:55 EST
Nmap scan report for Louis-Surface (192.168.2.247)
Host is up (0.00088s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Nmap done: 1 IP address (1 host up) scanned in 3.45 seconds
root@kali:~# smbmap -H 192.168.2.247 -u smbuser -p smbuser
[+] Finding open SMB ports....
[+] User SMB session establishd on 192.168.2.247...
[+] IP: 192.168.2.247:445 Name: Louis-Surface

Disk                                                   Permissions
----                                                   -----------
ADMIN$                                             NO ACCESS
C$                                                 NO ACCESS
IPC$                                               READ ONLY
share                                             READ, WRITE
Users                                             READ ONLY


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: