Nmap Development mailing list archives
RE:SMB probe script
From: mike <dmciscobgp () hotmail com>
Date: Mon, 8 Sep 2008 21:24:04 +0000
hello Ron. i looked into that script a bit more. i noticed that you are using a generic "nmap" for the OS identifier in the packet payload. is this wise? wouldn't that set off many a application/inspection tools people are using for payload/OS fingerprinting? why not set it to a simple "Windows 2k" or something that could actually be seen as legit? maybe this isn't a big deal to everyone so i will just mention it and move on i also noticed the same thing i mentioned above when you call for the generic "Native LANman". is that even recognized as legit by the SMB server? i guess if it works, it works i was wondering about 2 things i would hope you could include, since you have already gone so far into the kind of detail this SMB script already gives us: would there be a way to dump the received hashes back to stdout (for cracking later)? i beleive it is based on the SPNEGO that is used, correct? lastly, i was watching the SMB tree requests and transactions in tshark and i saw alot of times when you were setting HOME and TEST as queries, my target would send me back "NT_STATUS_UNRECOGNIZED_NAME" failures. can i ask what the TEST and HOME references are for? is that for IPC logins? i always thought if you got back STATUS_FAILURES, then you would have the TID pulled you created and you would be disconnected. again, maybe you know alot more about this than i do. still interested in that patch addon for the stdout for LAN manager version *do you ever think you will tackle the issues i brought up with trying to get payload established to port 138? did you read what i submitted about what could possibly be done? (forcing issued MASTERBROWSER announcements for response) thank you m|ke _________________________________________________________________ Want to do more with Windows Live? Learn “10 hidden secrets” from Jamie. http://windowslive.com/connect/post/jamiethomson.spaces.live.com-Blog-cns!550F681DAD532637!5295.entry?ocid=TXT_TAGLM_WL_domore_092008 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- RE:SMB probe script mike (Sep 08)
- Re: SMB probe script Ron (Sep 08)