Re: pitching in on the port 138 idea

[Ron <ron () skullsecurity net>]

mike wrote:
> hey
>  
> i hope to get some more of you out there on board in this idea of trying to get info from the datagram port 138 
> service. a friend of mine and i spent the day crafting several packets to initiate a response. we got the packet 
> fields down to being almost flawless, except when it came to the nagging issue of the scope id! i was constantly 
> getting protocol dissector errors related to the netbios name not being a proper first-level encoding. this was even 
> after i had done the proper 32 byte mangle and added the scope at the end. i am lost at this point
>  
> i wish to pursue this with or without you guys simply because we have a tool like nmap that can easily dump the NAME 
> table on 137 and SHARES on 139/445 and i simply feel the next step in the NETBIOS enumeration should be to retreive 
> the users BROWSER table, which is held on port 138. this can be done, i just know it! all that i have read tells me 
> it can be done. i just don't know enough about why i am getting the errors i am seeing. i know i should be able to 
> retreive info because, for one, there is no security in place, as in , using an auth level to gain access. also, it 
> even uses, in some cases, tcp for transfering MASTER BROWSER information and forcing elections. i appologize if i am 
> taking up time in an "nmap only" related discussion, but i can see this being very viable if ever figured out and 
> finally implemented. no tool i know of right now can dump info from this elusive service. let nmap be the first
>  
> m|ke

For what it's worth, I'm currently working on a NetBIOS nselib, which
will eventually include the ability to send/receive datagram requests on
port 138. No promises I'll be able to get data from them, but at least
we'll be able to send stuff easily. :)

Ron


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org