Nmap Development mailing list archives

Re: SMB NSE scripts throw errors when scanning FreeNAS (BSD) server

From: Paulino Calderon <paulino () calderonpale com>
Date: Thu, 3 Aug 2017 17:12:54 -0500

Hey,
When I was writing the script, I did came across several samba instances
that reported an incorrect date. However, it never failed to parse the date
completely like in your case.

Let me update the script so at least it fails gracefully in those cases.

Thanks for the report!

El 3 ago. 2017 4:43 PM, "Barry G" <barrygould () gmail com> escribió:

Hi,

While looking for SMBv1 hosts, I got an error in the NSE scripts running
nmap -p139,445 192.168.11.0/24 --script smb-protocols.nse

Host is Win 8.1 64-bit PC, Nmap 7.60 running as local admin.

Target is a FreeNAS server, FreeNAS-9.10.2-U5, virtualized on VMWare
ESXi 5.5, on the same LAN.

It does seem to work against localhost, but I don't have any other SMB
hosts online at the moment to test.

Output below.

Thanks!
Barry

nmap -p139,445 192.168.11.9 --script smb-protocols.nse


Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-03 14:20 Pacific
Daylight Tim
e
Nmap scan report for freenas.x.net (192.168.11.9)
Host is up (0.00s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:06:F8:E1 (VMware)

Host script results:
|_smb-protocols: ERROR: Script execution failed (use -d to debug)

Nmap done: 1 IP address (1 host up) scanned in 2.67 seconds

nmap -p139,445 192.168.11.9 --script smb-protocols.nse -d

wpcap.dll present, library version: Npcap version 0.93, based on libpcap
version
 1.8.1

Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-03 14:20 Pacific
Daylight Tim
e
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:20
Completed NSE at 14:20, 0.00s elapsed
Initiating ARP Ping Scan at 14:20
Scanning 192.168.11.9 [1 port]
Packet capture filter (device eth1): arp and arp[18:4] = 0x74D02B2B and
arp[22:2
] = 0x82AD
Completed ARP Ping Scan at 14:20, 0.12s elapsed (1 total hosts)
Overall sending rates: 8.13 packets / s, 341.46 bytes / s.
mass_rdns: Using DNS server 192.168.11.1
Initiating Parallel DNS resolution of 1 host. at 14:20
mass_rdns: 0.23s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 14:20, 0.00s elapsed
DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 1, OK: 1, NX: 0, DR:
0, SF:
0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 14:20
Scanning freenas.x.net (192.168.11.9) [2 ports]
Packet capture filter (device eth1): dst host 192.168.11.13 and (icmp or
icmp6 o
r ((tcp or udp or sctp) and (src host 192.168.11.9)))
Discovered open port 445/tcp on 192.168.11.9
Discovered open port 139/tcp on 192.168.11.9
Completed SYN Stealth Scan at 14:20, 0.03s elapsed (2 total ports)
Overall sending rates: 100.00 packets / s, 4400.00 bytes / s.
NSE: Script scanning 192.168.11.9.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:20
NSE: Starting smb-protocols against 192.168.11.9.
NSE: [smb-protocols 192.168.11.9] SMB: Added account '' to account list
NSE: [smb-protocols 192.168.11.9] SMB: Added account 'guest' to account
list
NSE: smb-protocols against 192.168.11.9 threw an error!
C:\Program Files (x86)\Utilities\Nmap/nselib/smb2.lua:396: time result
cannot be
 represented in this installation
stack traceback:
        [C]: in function 'os.date'
        C:\Program Files (x86)\Utilities\Nmap/nselib/smb2.lua:396: in
function '
smb2.negotiate_v2'
        C:\Program Files (x86)\Utilities\Nmap/nselib/smb.lua:1167: in
function '
smb.list_dialects'
        ...ram Files (x86)\Utilities\Nmap/scripts\smb-protocols.nse:58:
in funct
ion <...ram Files (x86)\Utilities\Nmap/scripts\smb-protocols.nse:54>
        (...tail calls...)

Completed NSE at 14:20, 0.07s elapsed
Nmap scan report for freenas.x.net (192.168.11.9)
Host is up, received arp-response (0.0013s latency).
Scanned at 2017-08-03 14:20:33 Pacific Daylight Time for 1s

PORT    STATE SERVICE      REASON
139/tcp open  netbios-ssn  syn-ack ttl 64
445/tcp open  microsoft-ds syn-ack ttl 64
MAC Address: 00:0C:29:06:F8:E1 (VMware)
Final times for host: srtt: 1250 rttvar: 3312  to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:20
Completed NSE at 14:20, 0.00s elapsed
Read from C:\Program Files (x86)\Utilities\Nmap: nmap-mac-prefixes
nmap-payloads
 nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 3.11 seconds
           Raw packets sent: 3 (116B) | Rcvd: 3 (116B)

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/

Current thread:

SMB NSE scripts throw errors when scanning FreeNAS (BSD) server Barry G (Aug 12)
- Re: SMB NSE scripts throw errors when scanning FreeNAS (BSD) server Paulino Calderon (Aug 03)
  - Re: SMB NSE scripts throw errors when scanning FreeNAS (BSD) server Paulino Calderon (Aug 04)
    - Re: SMB NSE scripts throw errors when scanning FreeNAS (BSD) server Barry G (Aug 17)