Nmap Development mailing list archives
Re: Module ideas for smb-psexec.nse?
From: "DePriest, Jason R." <jrdepriest () gmail com>
Date: Tue, 6 Oct 2009 11:44:38 -0500
A couple more. This will determine what options the system gets booted with. Should show you if the system is capable of dual-booting while using the Windows MBR. Windows XP - - - - - - - - C:\>ver Microsoft Windows XP [Version 5.1.2600] C:\>bootcfg /query Boot Loader Settings -------------------- timeout: 30 default: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS Boot Entries ------------ Boot entry ID: 1 Friendly Name: "Microsoft Windows XP Professional" Path: multi(0)disk(0)rdisk(0)partition(1)\WINDOWS OS Load Options: /noexecutate=optin /fastdetect - - - - - - - - Windows Vista+ - - - - - - - - - C:\Windows\system32>bcdedit /enum Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {current} resumeobject {768789e4-35e9-11dd-b461-e92a35599e1c} displayorder {current} toolsdisplayorder {memdiag} timeout 10 resume No Windows Boot Loader ------------------- identifier {current} device partition=C: path \Windows\system32\winload.exe description Microsoft Windows Vista locale en-US inherit {bootloadersettings} recoverysequence {572bcd55-ffa7-11d9-aae2-0007e994107d} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {768789e4-35e9-11dd-b461-e92a35599e1c} nx OptOut - - - - - - - - - Also take a look at the 'fsutil' command. It can give you lots of information about the hard disk drives on the system and their file systems. But I'm not sure if it would be that useful for this script. It should work for XP+. For example: - - - - - - - - - - C:\Windows\system32>fsutil fsinfo ---- FSINFO Commands Supported ---- drives List all drives drivetype Query drive type for a drive volumeinfo Query volume information ntfsinfo Query NTFS specific volume information statistics Query file system statistics C:\Windows\system32>fsutil fsinfo drives Drives: C:\ D:\ E:\ F:\ C:\Windows\system32>fsutil fsinfo drivetype c: c: - Fixed Drive C:\Windows\system32>fsutil fsinfo volumeinfo c: Volume Name : Volume Serial Number : 0x36e8bede Max Component Length : 255 File System Name : NTFS Supports Case-sensitive filenames Preserves Case of filenames Supports Unicode in filenames Preserves & Enforces ACL's Supports file-based Compression Supports Disk Quotas Supports Sparse files Supports Reparse Points Supports Object Identifiers Supports Encrypted File System Supports Named Streams Supports Transactions C:\Windows\system32>fsutil fsinfo ntfsinfo c: NTFS Volume Serial Number : 0x3fdbad5436e8bede Version : 3.1 Number Sectors : 0x0000000023b0f7ff Total Clusters : 0x0000000004761eff Free Clusters : 0x0000000001f33af7 Total Reserved : 0x0000000000000d20 Bytes Per Sector : 512 Bytes Per Cluster : 4096 Bytes Per FileRecord Segment : 1024 Clusters Per FileRecord Segment : 0 Mft Valid Data Length : 0x00000000155e0000 Mft Start Lcn : 0x000000000000000a Mft2 Start Lcn : 0x0000000000100000 Mft Zone Start : 0x00000000042db5c0 Mft Zone End : 0x00000000042e7de0 RM Identifier: DDE3DDCB-FAAC-11DD-9251-806E6F6E6963 - - - - - - - - - Thanks. -Jason On Mon, Oct 5, 2009 at 8:27 PM, Ron <> wrote:
Hey all, After a lot of hard work, my development on smb-psexec.nse is finally reaching its conclusion! But before that happens, I'm trying to include some awesome defaults. I'm not really an expert on the Windows commandline, though, so I'm hoping to get some help or ideas. I'm attaching the script itself, for reference, which has a ton of documentation at the top. I'm also attaching the three modules I've made so far, which should be enough to give you some idea how this is supposed to work (backdoor.lua isn't done yet, obviously, but the others work pretty well). I'm hoping to get some really cool default modules! If somebody gives me ideas for commands whose output would be useful, go ahead and mention it, I can take care of writing the actual commands. Looking forward to seeing your ideas! Ron -- Ron Bowes http://www.skullsecurity.org/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Module ideas for smb-psexec.nse? Ron (Oct 05)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)
- Re: Module ideas for smb-psexec.nse? Ron (Oct 06)
- Re: Module ideas for smb-psexec.nse? DePriest, Jason R. (Oct 06)