Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

[NSE] Nmap SMB RFC

From: Ron <ron () skullsecurity net>
Date: Thu, 16 Oct 2008 23:04:32 -0500
Hi all,

I just finished writing/testing the next round of changes to my SMB
library, which incorporates the ability to log into SMB on port 445 or
139 (using the OpenSSL library for NTLM authentication; although Lanman
and NTLMv2 are supported, they aren't default). In addition to the login
stuff, I've made countless changes, features, bug fixes, and general
improvements. I just finished running every script on every Windows OS
(from 2k SP0 to Vista), with a variety of user accounts (administrator,
user, guest, anonymous), and everything seems to be working. But, before
I call it 'stable', I'd like at least one or two others to get it
working successfully!

I've attached a tgz of the files. Extract this into the appropriate
place and run like this:

nmap -p445 --script
smb-enumdomains,smb-enumsessions,smb-enumshares,smb-enumusers
--script-args=smbuser=<username>,smbpass=<password> <target> -v

If you're using certain versions of windows (like some versions of
Windows XP Professional, as David and myself discovered), you may only
be able to scan with the 'guest' account unless you change the local
security policy. And on Windows 2000, you probably don't need an account
at all for most things. On Windows Vista, enum-sessions won't give you
the logged-in users because I apparently don't get access to the
registry (you will get the connected SMB sessions, though).

Also, if you need to specify a domain for the login, use a smbdomain=
parameter.

If you prefer to grab this code from SVN, my current working version is
here:
http://svn.skullsecurity.org:81/ron/security/nmap-ron/

(you don't need a password to get access, and the current revision is
269 -- I can't promise that any version besides that will be stable)

Thanks, and I'm looking forward to hearing your feedback!

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/
http://www.javaop.com/

Attachment: nmap-smb-20081016.tgz
Description: 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: