Nmap Development mailing list archives
Re: Getting system time from SMB (445 or 139)
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Sat, 23 Aug 2008 06:08:32 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, 23 Aug 2008 00:54:05 -0500 or thereabouts Ron <ron.bowes () javaop com> wrote:
So, although I can improve on this a lot, I put together a first draft. I'd like to go through and convert the current plugin to using the pack/unpack stuff, but that'll be another day. I've attached my version of the nse, as well as a diff against the current svn head (taken with 'svn diff'). For now, I tagged it onto your line like this: |_ Discover OS Version over NetBIOS and SMB: Windows 2000 (Time: 2008-08-22 23:47:55)
Actually Judy Novak of Sourcefire wrote that script. If the packet it sends is already what you need to get the results then that script is probably the right place to put it. We might try renaming the script to something more generic like netbios-smb-information.nse I doubt this will be the last useful addition to the script.
Is there any way to return multiple results from a single NSE script, though?
With portrule scripts, returning a multiline string (embedded "\n") will produce reasonable output. I haven't tried hostrule scripts but I suspect they also gracefully handle multiline output.
There are a whole bunch of things I can find/return from those packets that may be of interest, but I don't know how (if it's even possible) to return multiple results. Any ideas?
You might try looking at SSLv2-support.nse for an idea of how to format output and how to check the verbosity setting of Nmap to determine how much info to return in different cases. Hopefully hostrule scripts handle the output well.
Thanks, and let me know what you think (this is the first time I've even *seen* Lua)! Ron
Heck, if you can read and modify netbios-smb-os-discovery.nse you know as much Lua as me :) I'm working on grepping logs to find hosts that already return useful info for netbios-smb-os-discovery.nse so that I can test your addition. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkivqWcACgkQqaGPzAsl94LF/ACgggupaRhU/W1eoYsNE+xtGK/l 5vkAn22SzEScEQwf1cu6y5ZkB+srImiw =0oS1 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 23)
- Re: Getting system time from SMB (445 or 139) Ron (Aug 22)
- Re: Getting system time from SMB (445 or 139) Brandon Enright (Aug 22)