Re: [NSE] MSRPC Libraries (stable, I hope!)

[Ron <ron () skullsecurity net>]

David Fifield wrote:
> On Thu, Oct 30, 2008 at 08:47:36PM -0500, Ron wrote:
>
> smb-enumsessions.nse gives a wrong answer when I use a guest user. It
> says nobody is logged in even when someone is:
>
> $ ./nmap --datadir=. --script=smb-enumsessions.nse -PN -F --script-args smbguest=1 192.168.0.190
> ...
> Host script results:
> |  MSRPC: NetSessEnum():
> |  Users logged in:
> |  |_ <nobody>
> |_ ERROR: Couldn't enumerate network sessions: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsessenum)
>
> Compare that with the results with an authenticated user:
>
> $ ./nmap --datadir=. --script=smb-enumsessions.nse -PN -F --script-args smbuser=jrandom,smbpass=jrandom 192.168.0.190
> ...
> Host script results:
> |  MSRPC: NetSessEnum():
> |  Users logged in:
> |  |_ MAC-MINI\david since 2008-11-03 10:06:41
> |  Active SMB Sessions:
> |_ |_ JRANDOM is connected from 192.168.0.21 for [just logged in, it's probably you], idle for [not idle]
>
> The problem is the <nobody> in the first output. Is this just a case of
> Windows lying to the guest user? If so, that's understandable, it just
> needs to be documented in the script.
>
> David Fifield


That one was a little sneaker than I thought, I had the array 
manipulation in the wrong place. I fixed it, and my quick tests show it 
works. Can you confirm?

(committed fix to main branch)

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org