Nmap Development mailing list archives
Re: [NSE + NSELib] Netbios and SMB [stable!]
From: David Fifield <david () bamsoftware com>
Date: Mon, 15 Sep 2008 12:18:40 -0600
On Fri, Sep 12, 2008 at 02:33:13PM -0500, Ron wrote:
I've spent the last week or two working on a NetBIOS and SMB library. Finally, as of right now, I have a stable version that's documented, clean, and works against every system I tried it on (with a minor exception -- I'll talk about it below). So, with that, I'm submitting it to be tested/beaten up as a real script. I included two nselib libraries: - smb.lua - netbios.lua And four scripts: - nbstat.nse (enhanced version of the current one) - smb-os-discovery.nse (makes netbios-smb-os-discovery.nse obsolete) - smb-security-mode.nse - smb-enum.nse I am going to start working on new functionality over the next few weeks, but as of right now it's useful and works, so it seems like a good place to submit it.
I added the new modules and scripts. Thanks! They all look well done, especially the documentation. I tested them this morning and they are are an improvement over what was there before. I adjusted the categories of the SMB scripts as follows: smb-os-discovery.nse -categories = {"version","default"} +categories = {"default", "discovery", "safe"} smb-enum.nse -categories = {"version","intrusive"} +categories = {"discovery", "intrusive"} smb-security-mode.nse -categories = {"version"} +categories = {"discovery", "safe"} The "version" category is only for getting results like what -sV gets. Scripts in the "version" category should produce output by assigning port.version.name, port.version.product, and other fields, and they shouldn't produce any normal script output. Because these new scripts don't work that way I put them in "discovery" instead. I saw one missed opportunity to use nselib. In smb-enum.nse you can use stdnse.strjoin instead of the custom function string_join.
The only time it DOESN'T work is against hosts with a specific firewall configuration -- if ports 445 and 137 are blocked, but 139 is allowed through, it will have trouble establishing a session. A couple tricks are tried (using the generic '*SMBSERVER' name, and using the reverse DNS name), but if those don't work it fails. I'm going to look for a way to fix that, but I'm not sure if it's possible short of asking the user for the server's name.
I think asking for the server's name in a script argument is just fine. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Brandon Enright (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Sven Klemm (Sep 13)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 13)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Sven Klemm (Sep 15)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Sven Klemm (Sep 17)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 13)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Brandon Enright (Sep 12)
- Re: [NSE + NSELib] Netbios and SMB [stable!] David Fifield (Sep 15)
- Re: [NSE + NSELib] Netbios and SMB [stable!] Ron (Sep 15)