Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: nmap smb-brute questions

From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 23 Sep 2013 15:40:04 -0700
On 09/17/2013 02:17 AM, Ansgar Wiechers wrote:

On 2013-09-16 ToddAndMargo wrote:

When I look at my /etc/services, I get the following smb
services:

       netbios-ns      137/tcp  # NETBIOS Name Service
       netbios-ns      137/udp
       netbios-dgm     138/tcp  # NETBIOS Datagram Service
       netbios-dgm     138/udp
       netbios-ssn     139/tcp  # NETBIOS session service
       netbios-ssn     139/udp
       microsoft-ds    445/tcp
       microsoft-ds    445/udp

Question 1):  Why is the example only checking UDP:137,
and TCP:139?  Ports 137,138,139,445 are all using both
UDP and TCP according to /etc/services.  Is the example
not meant to be a good example?


AFAIK was IANA practice to assign UDP and TCP port number for a service,
regardless of which of the two protocols it actually used. NetBIOS does
not use 137/tcp and 139/udp, so it'd be pointless to scan those ports.

[...]

On the following command, I also get back:
    # nmap --script smb-brute.nse  -p 137,138,139,445 192.168.255.116
    ...
    Host script results:
    | smb-brute:
    |   administrator:<blank> => Valid credentials, account disabled
    |_  guest:<blank> => Valid credentials, account disabled

Question 4): does the "Valid credentials, account disabled" mean
the script could not break in?


Yes.

Regards
Ansgar Wiechers



Hi Ansgar,

   Thank you!

-T


--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: