Re: [NSE + NSELib] Netbios and SMB [stable!]

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Ron.  I'm extremely excited about these scripts and libraries.  I've
been to busy recently to follow all of your posts religiously but these
scripts look great and I'm going to work on testing them soon.

On Fri, 12 Sep 2008 14:33:13 -0500
Ron <ron () skullsecurity net> wrote:

...snip...

> So yeah, comments are greatly appreciated!
>
> Ron

Again, I'm really glad to see all the great work you've put into
these.  Can you comment on how far we are away from a library like
Metasploit's Pex::DCERPC module?

For example, if we wanted to interact with the Server service via
4b324fc8-1670-01d3-1278-5a47bf6ee188 what would be involved.  Here is
Metasploit code:

http://www.milw0rm.com/exploits/2162

I haven't looked at any Nessus scripts for detecting SMB/RPC
vulnerabilities lately (in part because I hate Nasl) but I'm curious if
that's a direction you're heading in.

> PS: One of the next things I'd like to add is the ability to log into
> SMB proper, with a user-submitted username/password. But first, I need
> somebody to enhance OpenSSL bindings for Lua. Takers? :)

I agree that this ability would be nice.  Have you considered using
null sessions to enumerate basic information?  I know this would mostly
limit you to gathering information on Win2k but it would be a great
start and could probably be enhanced with real credentials later if the
user supplied them.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkjK1WoACgkQqaGPzAsl94LU+ACcCOLDVS0iLgIERI2/oYUJoNv1
MNEAoLZv7w0QYIusjP2ggcTQgBrst/2p
=yeAe
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org