Re: Getting system time from SMB (445 or 139)

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 22 Aug 2008 22:17:04 -0500 or thereabouts Ron
<ron () skullsecurity net> wrote:

> Brandon Enright wrote:
> > On Fri, 22 Aug 2008 21:06:07 -0500 or thereabouts Ron
> > <ron () skullsecurity net> wrote:
> >
> > Hi Ron,
> >
> > You should probably take a look at
> > "netbios-smb-os-discovery.nse" and "nbstat.nse" for an idea of how
> > to start.
> >
> > Alternatively, if send me a packet capture (pcap please) for the
> > query on 445 and the queries on 139 I'd be willing to hack the
> > script together.
> >
> > Brandon
>
> Thanks for the info, Brandon!
>
> Thanks for offering, but I'd like to try my hand at this. SMB decoding
> and nmap scripts are two things I've been wanting to learn, so this is
> the perfect opportunity. :)
>
> I'll let you know if I get stuck, though!
>
> Ron

Well don't take the "packet construction" in those scripts as Gospel.
They should be using pack/unpack but that wasn't available until
recently.

It sure would be nice to have SMB/NetBIOS fields documented somewhere
too.  I always have to turn to the Wireshark dissector. Between
pack/unpack and the new NSE doc system you could probably make your
script a real good resource for others.  I still have to go back and
doc a few scripts and convert them to pack/unpack.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkivgpEACgkQqaGPzAsl94KOdACdEVlqnGNSIZvMm8vvGaqtT6ah
9zYAoJmZkR0jAtzZJaHRjXWdETNGWdyt
=r5mG
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org