[NSE] SMB2/SMB3 library and scripts smb-protocols, smb2-capabilities and smb2-security-mode

[Paulino Calderon <paulino () calderonpale com>]

Hi list,

I've been working on the NSE library for handling SMB2/SMB3 packets and although it is still a work in progress, there 
are some modules ready!

Besides a new version of smb.lua and obviously smb2.lua, I'm attaching some new scripts:
* smb-protocols: Lists supported SMB1/SMB2/SMB3 protocols and dialects 
* smb2-capabilities: Lists the capabilities of SMB2/SMB3 servers
* smb2-security-mode: Reads the message signing configuration in SMB2/SMB3 servers.

My plan is to keep implementing all missing features as I go adding SMB2/SMB3 support to our existing SMB scripts. As 
this can take me some time, I'm planning on merging these new changes in the coming days if feedback does not bring up 
any important issues. I've tested this against all modern versions of Windows and Samba but I've found there are some 
strange implementations out there! Any comments or bug reports are greatly appreciated!

smb-protocols.nse
==============
description = [[
Attempts to list the supported protocols and dialects of a SMB server.

The script attempts to initiate a connection using the dialects:
* NT LM 0.12 (SMBv1)
* 2.02       (SMBv2)
* 2.10       (SMBv2)
* 3.00       (SMBv3)
* 3.02       (SMBv3)
* 3.11       (SMBv3)

Aditionally if SMBv1 is found enabled, it will mark it as insecure.
]]

---
-- @usage nmap -p445 --script smb-protocols <target>
-- @usage nmap -p139 --script smb-protocols <target>
--
-- @output
-- | smb-protocols: 
-- |   dialects: 
-- |     NT LM 0.12 (SMBv1) [dangerous, but default]
-- |     2.02
-- |     2.10
-- |     3.00
-- |     3.02
-- |_    3.11

smb2-capabilities.nse
=================
description = [[
Attempts to list the supported capabilities in a SMBv2 server for each
 enabled dialect.

The script sends a SMB2_COM_NEGOTIATE command and parses the response
 using the SMB dialects:
* 2.02
* 2.10
* 3.00
* 3.02
* 3.11

References:
* https://msdn.microsoft.com/en-us/library/cc246561.aspx
]]

---
-- @usage nmap -p 445 --script smb2-capabilities <target>
-- @usage nmap -p 139 --script smb2-capabilities <target>
--
-- @output
-- | smb2-capabilities: 
-- |   2.02: 
-- |     Distributed File System
-- |   2.10: 
-- |     Distributed File System
-- |     Leasing
-- |     Multi-credit operations

smb2-security-mode.nse
=================
description = [[
Determines the message signing configuration in SMBv2 servers
 for all supported dialects.

The script sends a SMB2_COM_NEGOTIATE request for each SMB2/SMB3 dialect
 and parses the security mode field to determine the message signing
 configuration of the SMB server.

References:
* https://msdn.microsoft.com/en-us/library/cc246561.aspx
]]

---
-- @usage nmap -p 445 --script smb2-security-mode <target>
-- @usage nmap -p 139 --script smb2-security-mode <target>
--
-- @output
-- | smb2-security-mode: 
-- |   3.11: 
-- |_    Message signing enabled but not required

Links
======
smb2.lua: https://github.com/cldrn/nmap/blob/smbv2/nselib/smb2.lua
smb.lua: https://github.com/cldrn/nmap/blob/smbv2/nselib/smb.lua
smb-protocols: https://github.com/cldrn/nmap/blob/smbv2/scripts/smb-protocols.nse
smb2-capabilities: https://github.com/cldrn/nmap/blob/smbv2/scripts/smb2-capabilities.nse
smb2-security-mode: https://github.com/cldrn/nmap/blob/smbv2/scripts/smb2-security-mode.nse
smb2 branch: https://github.com/cldrn/nmap/tree/smbv2

Attachment: smb.lua.patch
Description:

Attachment: smb2-capabilities.nse
Description:

Attachment: smb-protocols.nse
Description:

Attachment: smb.lua
Description:

Attachment: smb2.lua
Description:

Attachment: smb2-security-mode.nse
Description:

Paulino Calderon Pale || @calderpwn on Twitter || http://www.calderonpale.com



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/