Security Basics mailing list archives
nmap smb-brute questions
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 16 Sep 2013 18:31:57 -0700
Hi All, In the following "#" is my command prompt for "root". I have been testing a script called "smb-brute": http://nmap.org/nsedoc/scripts/smb-brute.html I have some confusion. On the web page, there are two examples: nmap --script smb-brute.nse -p445 <host> sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host> When I look at my /etc/services, I get the following smb services: netbios-ns 137/tcp # NETBIOS Name Service netbios-ns 137/udp netbios-dgm 138/tcp # NETBIOS Datagram Service netbios-dgm 138/udp netbios-ssn 139/tcp # NETBIOS session service netbios-ssn 139/udp microsoft-ds 445/tcp microsoft-ds 445/udp Question 1): Why is the example only checking UDP:137, and TCP:139? Ports 137,138,139,445 are all using both UDP and TCP according to /etc/services. Is the example not meant to be a good example? When I scan my KVM Windows Frankenstein (w8) virtual machine, I get back: # nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116 ... PORT STATE SERVICE 137/tcp closed netbios-ns 138/tcp closed netbios-dgm 139/tcp open netbios-ssn 445/tcp open microsoft-ds But when I scan the ports directly without the script, I get back: # nmap --reason -Pn -p 137,138,139,445 192.168.255.116 ... PORT STATE SERVICE REASON 137/tcp filtered netbios-ns no-response 138/tcp filtered netbios-dgm no-response 139/tcp filtered netbios-ssn no-response 445/tcp filtered microsoft-ds no-response Question 2): why is one "closed and open" and the other one "filtered"? How is it that the script can find open ports and the direct command can not? Question 3): on the first above scan, had it found any or broke any hashes, would it have told me? On the following command, I also get back: # nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116 ... Host script results: | smb-brute: | administrator:<blank> => Valid credentials, account disabled |_ guest:<blank> => Valid credentials, account disabled Question 4): does the "Valid credentials, account disabled" mean the script could not break in? Many thanks, -T -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Computers are like air conditioners. They malfunction when you open windows ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- nmap smb-brute questions ToddAndMargo (Sep 16)
- Re: nmap smb-brute questions Ansgar Wiechers (Sep 23)
- Re: nmap smb-brute questions ToddAndMargo (Sep 24)
- Re: nmap smb-brute questions Ansgar Wiechers (Sep 23)