Nmap Development mailing list archives

Re: Module ideas for smb-psexec.nse?

From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 6 Oct 2009 11:44:38 -0500

A couple more.

This will determine what options the system gets booted with.  Should
show you if the system is capable of dual-booting while using the
Windows MBR.

Windows XP
- - - - - - - -

C:\>ver

Microsoft Windows XP [Version 5.1.2600]

C:\>bootcfg /query

Boot Loader Settings
--------------------
timeout: 30
default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

Boot Entries
------------
Boot entry ID:   1
Friendly Name:   "Microsoft Windows XP Professional"
Path:            multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
OS Load Options: /noexecutate=optin /fastdetect

- - - - - - - -

Windows Vista+

- - - - - - - - -

C:\Windows\system32>bcdedit /enum

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {768789e4-35e9-11dd-b461-e92a35599e1c}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 10
resume                  No

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {768789e4-35e9-11dd-b461-e92a35599e1c}
nx                      OptOut

- - - - - - - - -

Also take a look at the 'fsutil' command.  It can give you lots of
information about the hard disk drives on the system and their file
systems.  But I'm not sure if it would be that useful for this script.
 It should work for XP+.

For example:

- - - - - - - - - -

C:\Windows\system32>fsutil fsinfo
---- FSINFO Commands Supported ----

drives          List all drives
drivetype       Query drive type for a drive
volumeinfo      Query volume information
ntfsinfo        Query NTFS specific volume information
statistics      Query file system statistics

C:\Windows\system32>fsutil fsinfo drives

Drives: C:\ D:\ E:\ F:\

C:\Windows\system32>fsutil fsinfo drivetype c:
c: - Fixed Drive

C:\Windows\system32>fsutil fsinfo volumeinfo c:
Volume Name :
Volume Serial Number : 0x36e8bede
Max Component Length : 255
File System Name : NTFS
Supports Case-sensitive filenames
Preserves Case of filenames
Supports Unicode in filenames
Preserves & Enforces ACL's
Supports file-based Compression
Supports Disk Quotas
Supports Sparse files
Supports Reparse Points
Supports Object Identifiers
Supports Encrypted File System
Supports Named Streams
Supports Transactions

C:\Windows\system32>fsutil fsinfo ntfsinfo c:
NTFS Volume Serial Number :       0x3fdbad5436e8bede
Version :                         3.1
Number Sectors :                  0x0000000023b0f7ff
Total Clusters :                  0x0000000004761eff
Free Clusters  :                  0x0000000001f33af7
Total Reserved :                  0x0000000000000d20
Bytes Per Sector  :               512
Bytes Per Cluster :               4096
Bytes Per FileRecord Segment    : 1024
Clusters Per FileRecord Segment : 0
Mft Valid Data Length :           0x00000000155e0000
Mft Start Lcn  :                  0x000000000000000a
Mft2 Start Lcn :                  0x0000000000100000
Mft Zone Start :                  0x00000000042db5c0
Mft Zone End   :                  0x00000000042e7de0
RM Identifier:        DDE3DDCB-FAAC-11DD-9251-806E6F6E6963

- - - - - - - - -

Thanks.

-Jason


On Mon, Oct 5, 2009 at 8:27 PM, Ron <> wrote:

Hey all,

After a lot of hard work, my development on smb-psexec.nse is finally
reaching its conclusion! But before that happens, I'm trying to include some
awesome defaults. I'm not really an expert on the Windows commandline,
though, so I'm hoping to get some help or ideas.

I'm attaching the script itself, for reference, which has a ton of
documentation at the top. I'm also attaching the three modules I've made so
far, which should be enough to give you some idea how this is supposed to
work (backdoor.lua isn't done yet, obviously, but the others work pretty
well).

I'm hoping to get some really cool default modules! If somebody gives me
ideas for commands whose output would be useful, go ahead and mention it, I
can take care of writing the actual commands.

Looking forward to seeing your ideas!
Ron

--
Ron Bowes
http://www.skullsecurity.org/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Module ideas for smb-psexec.nse? Ron (Oct 05)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
  - Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
  - Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
  - Re: Module ideas for smb-psexec.nse? Ron (Oct 06)