Nmap Development mailing list archives
Re: [NSE + NSELib] Netbios and SMB [stable!]
From: Ron <ron () skullsecurity net>
Date: Fri, 12 Sep 2008 15:59:41 -0500
Brandon Enright wrote:
Hi Ron. I'm extremely excited about these scripts and libraries. I've been to busy recently to follow all of your posts religiously but these scripts look great and I'm going to work on testing them soon.
Thanks, Brandon!
Again, I'm really glad to see all the great work you've put into these. Can you comment on how far we are away from a library like Metasploit's Pex::DCERPC module? For example, if we wanted to interact with the Server service via 4b324fc8-1670-01d3-1278-5a47bf6ee188 what would be involved. Here is Metasploit code: http://www.milw0rm.com/exploits/2162 I haven't looked at any Nessus scripts for detecting SMB/RPC vulnerabilities lately (in part because I hate Nasl) but I'm curious if that's a direction you're heading in.
Yes, that's the direction I'm heading in. Right now, I'm avoiding looking at others' source and implementing this from scratch (based on specs + packet dumps), since I don't want to be influenced by how somebody else does it, and also because I don't want to end up bound to a specific license. But yes, my ultimate goal is to be able to bind to a service and make calls from it. The first thing I'm going to do is bind to the SAML service and look up user lists, password policies, and that type of thing. From there, I'd like to look at digging deeper, like looking for vulnerabilities.
I agree that this ability would be nice. Have you considered using null sessions to enumerate basic information? I know this would mostly limit you to gathering information on Win2k but it would be a great start and could probably be enhanced with real credentials later if the user supplied them.
Yup, I plan to do that. I've already implemented code in C to log in with credentials, and it'd actually be a fairly easy change. I already enumerate some basic information withuot credentials, though, and I'll definitely do more. I can't go any further than I am till I stop, go back, and learn more, though. Except for credentials, I've reached the limit of my knowledge. :)
Brandon
Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Brandon Enright (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Sven Klemm (Sep 13)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 13)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Sven Klemm (Sep 15)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Sven Klemm (Sep 17)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 13)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Brandon Enright (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] David Fifield (Sep 15)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 15)