Nmap Development mailing list archives

Re: [NSE] MSRPC Libraries (stable, I hope!)

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 3 Nov 2008 19:04:26 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 30 Oct 2008 20:47:36 -0500
Ron <ron () skullsecurity net> wrote:

Brandon -- when you're back, would you mind doing a test against your
network with whatever version happens to be at the head of my nmap-exp
branch?


Sorry I was out so long.  A check against the HEAD of your branch fails
much more gracefully now.  My trouble hosts are reporting:

Host script results:
|  OS from SMB: Unix
|  LAN Manager: Samba 3.0.25a
|  Name: AD\
|_ System time: 2008-11-03 18:55:02 UTC-8
|  System info:  
|_ |_ Account being used was unable to probe for information, try using an administrative account
|_ MSRPC: List of domains: ERROR: Read off the end of the packet (samr.enumdomainusers)
|_ MSRPC: Server statistics: ERROR: MSRPC call returned a fault (packet type)
|  SMB Security: User-level authentication
|  SMB Security: Challenge/response passwords supported
|_ SMB Security: Message signing not supported
|  MSRPC: List of user accounts:  
|  Administrator
|    |_ Type: User
|    |_ Domain: AD
|    |_ RID: 500
|    |_ Source: LSA Bruteforce
|  Guest
|    |_ Type: User
|    |_ Domain: AD
|    |_ RID: 501
|    |_ Source: LSA Bruteforce
|  <censored>
|    |_ Type: User
|    |_ Domain: AD
|    |_ RID: 502
|_   |_ Source: LSA Bruteforce
|  MSRPC: NetShareEnumAll():  
|  Anonymous shares:
|     IPC$
|     |_ Type: STYPE_IPC_HIDDEN
|     |_ Comment: IPC Service (Auth Samba Server)
|     |_ Users: 1, Max: <unlimited>
|     |_ Path: C:\tmp
|_ Restricted shares:
|  MSRPC: NetSessEnum():  
|  Users logged in:
|  |_ <nobody>
|_ ERROR: Couldn't enumerate network sessions: NT_STATUS_WERR_UNKNOWN_LEVEL (srvsvc.netsessenum)



The only thing I find suspicious about the output of this broken host
is that the name had a trailing backslash when all other hosts report
"<domain>\<name>" rather than just "<domain>\"

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkkPSzoACgkQqaGPzAsl94KAVQCgpBrZy7gidzPE3G13IfID1GjV
0MMAn0AASaDaXjPQn6b2H3VVquiGdPAw
=3e3o
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Re: [NSE] MSRPC Libraries (stable, I hope!), (continued)
- - - Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Oct 29)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
  - Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) Fyodor (Oct 29)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 29)
  - Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Oct 30)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 03)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 03)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) Ron (Nov 04)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) David Fifield (Nov 04)
    - Re: [NSE] MSRPC Libraries (stable, I hope!) Brandon Enright (Nov 03)