Nmap Development mailing list archives
Re: [NSE] SMB authentication patch
From: David Fifield <david () bamsoftware com>
Date: Fri, 10 Oct 2008 14:11:05 -0600
On Thu, Oct 09, 2008 at 07:11:00PM -0500, Ron wrote:
I think I've got the SMB authentication all working nicely. I haven't tested it as thoroughly as I'd like to, so this is more of a RFC release than a stable release. But please, have a look and let me know what you think!
I tried the patch on both the nse_openssl branch and the trunk. The two
are practically the same since the openssl merge. Against Windows XP I
ran the command
./nmap --datadir=. --script=all --script-args smbuser=jrandom,smbpassword=jrandom -F -d3 192.168.0.190 2>&1 |
tee smb-nse_openssl.log
jrandom:jrandom is a real account I set up for the test.
The script scan runs for a while and then appears to hit an infinite
loop. I saw this in the output:'
SCRIPT ENGINE DEBUG: Performing nbstat on host '192.168.0.190'
SCRIPT ENGINE DEBUG: [using cached value]
SCRIPT ENGINE DEBUG: Received 113 bytes from SMB
SCRIPT ENGINE DEBUG: SMB: Couldn't find a username to use, not logging in
SCRIPT ENGINE DEBUG: SMB: couldn't find domain to use, using blank
SCRIPT ENGINE DEBUG: SMB: Using default logon type: ntlm
SCRIPT ENGINE DEBUG: SMB: Using password passed as an nmap parameter: jrandom
SCRIPT ENGINE DEBUG: SMB: Lanman hash: 885610396a5a130faad3b435b51404ee
SCRIPT ENGINE DEBUG: SMB: NTLM hash: 2d32638c9bda55178bcb6c07885e481a
SCRIPT ENGINE DEBUG: SMB: Creating NTLMv1 response
SCRIPT ENGINE DEBUG: SMB: Lanman response: 82a5125d979e7e04a4e3693e240fdf518a18eaaf4d16daa4
SCRIPT ENGINE DEBUG: SMB: NTLM response: 82a5125d979e7e04a4e3693e240fdf518a18eaaf4d16daa4
SCRIPT ENGINE: ./nselib/smb.lua:1183: bad argument #4 to 'pack' (string expected, got nil)
NSOCK (2.5610s) msevent_new (IOD #4) (EID #106)
NSOCK (2.5610s) Read request for 2 bytes from IOD #4 [192.168.0.190:5900] EID 106
NSOCK (2.5610s) msevent_new (IOD #3) (EID #117)
A little while after that it loops with
NSOCK (14.6500s) nsock_loop() started (timeout=50ms). 0 events pending
NSOCK (14.6510s) nsock_loop() started (timeout=50ms). 0 events pending
NSOCK (14.6510s) nsock_loop() started (timeout=50ms). 0 events pending
NSOCK (14.6510s) nsock_loop() started (timeout=50ms). 0 events pending
I'll send you the complete log.
David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- [NSE] SMB authentication patch Ron (Oct 09)
- Re: [NSE] SMB authentication patch David Fifield (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 13)
- Re: [NSE] SMB authentication patch Ron (Oct 13)
- Re: [NSE] SMB authentication patch David Fifield (Oct 13)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch Ron (Oct 10)
- Re: [NSE] SMB authentication patch David Fifield (Oct 13)
- Re: [NSE] SMB authentication patch Ron (Oct 13)