Re: [NSE] samba-vuln-cve-2017-7494.nse: Script to detect CVE-2017-7494

[Wong Wai Tuck <wongwaituck () gmail com>]

Hi everyone,

The script has more or less been finalized. It would be greatly appreciated
if you could look through the script in the pull request [1], and if there
are any issues, do flag them out to me soon! I will be committing it in a
few days if there are no issues.

Thank you!

[1]: https://github.com/nmap/nmap/pull/893

Wai Tuck

On Sat, May 27, 2017 at 6:53 PM Wong Wai Tuck <wongwaituck () gmail com> wrote:

> Hi Dan
>
> Thanks for pointing out the NSE check script! It will be a very useful
> companion for the summer.
>
> I have made the modifications as required and made a pull request on
> Github [1].
>
> Do review and let me know what needs changing!
>
> [1]: https://github.com/nmap/nmap/pull/893
>
>
> Wai Tuck
>
>
> On Sat, May 27, 2017 at 3:37 AM Daniel Miller <bonsaiviking () gmail com>
> wrote:
>
> > Wai Tuck,
> >
> > Thanks for this really useful script! I see a couple things that could be
> > changed, though:
> >
> > 1. On line 189 you check for "share['anonynmous_can_write'])" but that
> > is misspelled. It should be 'anonymous_can_write'
> >
> > 2. It seems like the last few conditions involving nt_pipe_support could
> > be combined and possibly even worked into the loop just before the `break`
> > statement. I'm sure it works fine as-is, but it seems like it could be a
> > little cleaner.
> >
> > 3. There are a few bugs that the NSE check script will catch, mostly
> > missing `local` declarations:
> > https://secwiki.org/w/Nmap/Code_Standards#Tools_to_help
> >
> > Looking forward to seeing this in Nmap!
> >
> > Dan
> >
> > On Fri, May 26, 2017 at 10:40 AM, Wong Wai Tuck <wongwaituck () gmail com>
> > wrote:
> >
> > > Hey all,
> > >
> > > I've been working on the vulnerability detection script [1] since
> > > yesterday and would like to share what I've done so far. I have attached
> > > the script in this email as well.
> > >
> > > The script currently checks for the following before determining whether
> > > it is vulnerable:
> > >   1) whether the service running is the correct version of Samba
> > >   2) whether there exists writable shares for the execution of the script
> > >   3) whether the workaround (disabling of named pipes, i.e. nt pipe
> > > support = no) was applied
> > >
> > > You can see it in action here [2].
> > >
> > > Really grateful for my mentor, George, who pointed out the vulnerability
> > > to me when it was released, and who patiently gave me prompt feedback as I
> > > wrote the script. I made reference to the Metasploit module as it was being
> > > developed, so really grateful for the discussion there [3].
> > >
> > > We will be polishing the script over the weekend and we're thinking
> > > about adding a more concrete check, i.e. actually writing a file into the
> > > share and accessing it. We would appreciate any feedback on this and any
> > > help to test the script against other targets!
> > >
> > > Thanks and have a great weekend all!
> > >
> > > [1]:
> > > https://gist.github.com/wongwaituck/62c863ba7aa28a2d22d0fe9cbe14a18b
> > > [2]: https://www.youtube.com/watch?edit=vd&v=JuPZc7um8x4
> > > [3]: https://github.com/rapid7/metasploit-framework/pull/8450
> > >
> > > With Regards
> > > Wai Tuck
> > >
> > > _______________________________________________
> > > Sent through the dev mailing list
> > > https://nmap.org/mailman/listinfo/dev
> > > Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/