Security Basics mailing list archives
nmap smb-brute questions
From: ToddAndMargo <ToddAndMargo () zoho com>
Date: Mon, 16 Sep 2013 18:31:57 -0700
Hi All,
In the following "#" is my command prompt for "root".
I have been testing a script called "smb-brute":
http://nmap.org/nsedoc/scripts/smb-brute.html
I have some confusion. On the web page, there are two
examples:
nmap --script smb-brute.nse -p445 <host>
sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>
When I look at my /etc/services, I get the following smb
services:
netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
microsoft-ds 445/tcp
microsoft-ds 445/udp
Question 1): Why is the example only checking UDP:137,
and TCP:139? Ports 137,138,139,445 are all using both
UDP and TCP according to /etc/services. Is the example
not meant to be a good example?
When I scan my KVM Windows Frankenstein (w8) virtual machine,
I get back:
# nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116
...
PORT STATE SERVICE
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp open netbios-ssn
445/tcp open microsoft-ds
But when I scan the ports directly without the script, I
get back:
# nmap --reason -Pn -p 137,138,139,445 192.168.255.116
...
PORT STATE SERVICE REASON
137/tcp filtered netbios-ns no-response
138/tcp filtered netbios-dgm no-response
139/tcp filtered netbios-ssn no-response
445/tcp filtered microsoft-ds no-response
Question 2): why is one "closed and open" and the other
one "filtered"? How is it that the script can find open
ports and the direct command can not?
Question 3): on the first above scan, had it found any or
broke any hashes, would it have told me?
On the following command, I also get back:
# nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116
...
Host script results:
| smb-brute:
| administrator:<blank> => Valid credentials, account disabled
|_ guest:<blank> => Valid credentials, account disabled
Question 4): does the "Valid credentials, account disabled" mean
the script could not break in?
Many thanks,
-T
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.
http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Current thread:
- nmap smb-brute questions ToddAndMargo (Sep 16)
- Re: nmap smb-brute questions Ansgar Wiechers (Sep 23)
- Re: nmap smb-brute questions ToddAndMargo (Sep 24)
- Re: nmap smb-brute questions Ansgar Wiechers (Sep 23)