Nmap Development mailing list archives
Re: [SCRIPT] NetBIOS name and MAC query script
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 27 Mar 2007 21:58:17 -0600
If you would like more raw data to tweak your heuristics, I can run nbtscan against a subnet or two of mixed hosts and send you the pcap data and a key for what IPs are what. If you want that, I'd rather just send it to you directly instead of to the entire list. -Jason On 3/27/07, Brandon Enright <bmenrigh () ucsd edu> wrote:
Thank you, this was enough information to update the script (attached) to report the logged in username when NetBIOS actually reports the info [1]. I don't know if this will work against Windows 9x/Me or not but it seems to work against 2k and XP boxes. Please let me know how it works. Brandon [1] NetBIOS doesn't seem to explicitly report computername vs domainname vs username etc. Oftentimes it doesn't even report the username. This script is using a best-guess heuristic to determine the computername and username. I think I've got it all correct but more testing/review is in order. On Tue, 27 Mar 2007 16:07:14 -0600 "DePriest, Jason R." <jrdepriest () gmail com> wrote:On 3/27/07, Brandon Enright wrote:DePriest, Jason R. wrote:I can give you detailed results from an nbtscan and a packet capture of the traffic. Would that be sufficient to help out? -JasonIf you have a case where nbtscan was able to determine the remote user that was logged in that ouput and packet capture would be most useful. I suppose I could look at the nbtscan source code but I'd hate to run into odd legal/licensing problems in doing so. BrandonIt looked like nbtstat provided more verbosity for the end-user, so I used it instead. Nbtstat actually shows you the raw data received minus the tcp and ethernet layer stuff. I am including the full packet capture data from a tshark dump as well. See the attachment for the pcap and txt files with the data. -Jason
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Re: [SCRIPT] NetBIOS name and MAC query script, (continued)
- Re: [SCRIPT] NetBIOS name and MAC query script Eddie Bell (Mar 24)
- Re: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 24)
- Re: [SCRIPT] NetBIOS name and MAC query script Diman Todorov (Mar 25)
- R: [SCRIPT] NetBIOS name and MAC query script Speziale Daniele (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- Re: R: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- Re: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 27)
- Re: [SCRIPT] NetBIOS name and MAC query script DePriest, Jason R. (Mar 27)
- R: [SCRIPT] NetBIOS name and MAC query script Speziale Daniele (Mar 28)
- Re: [SCRIPT] NetBIOS name and MAC query script Brandon Enright (Mar 24)
- Re: [SCRIPT] NetBIOS name and MAC query script Eddie Bell (Mar 24)