Nmap Development mailing list archives

Re: [SCRIPT] IBM DB2 Server Profile export + Version detection

From: Ron <ron () skullsecurity net>
Date: Mon, 21 Dec 2009 10:41:55 -0600

Works great for me against a handful of work servers!

The only issue I had is that port 523 isn't in the default portlist, somake sure you give it on the commandline if you're testing this.


Ron

On 12/19/2009 07:41 AM, Tom Sellers wrote:

I have finally (only a month late) finished the script to query the IBM DB2
Administration Server (DAS) service. The script connects to the DB2 DAS
service
on either TCP or UDP port 523. No authentication is required for the
connection.


The data it returns matches what would be returned if one were to use
the Export
Server Profile command using the DB2 Control Center GUI:

PORT STATE SERVICE VERSION
523/tcp open ibm-db2 IBM DB2 Database Server 9.07.0
| db2-das-info: DB2 Administration Server Settings
| ;DB2 Server Database Access Profile
| ;Use BINARY file transfer
| ;Comment lines start with a ";"
| ;Other lines must be one of the following two types:
| ;Type A: [section_name]
| ;Type B: keyword=value
|
| [File_Description]
| Application=DB2/LINUX 9.7.0
| Platform=18
| File_Content=DB2 Server Definitions
| File_Type=CommonServer
| File_Format_Version=1.0
| DB2System=MYBIGDATABASESERVER
| ServerType=DB2LINUX
|
| [adminst>dasusr1]
| NodeType=1
| DB2Comm=TCPIP
| Authentication=SERVER
| HostName=MYBIGDATABASESERVER
| PortNumber=523
| IpAddress=127.0.1.1
|
| [inst>db2inst1]
| NodeType=1
| DB2Comm=TCPIP
| Authentication=SERVER
| HostName=MYBIGDATABASESERVER
| ServiceName=db2c_db2inst1
| PortNumber=50000
| IpAddress=127.0.1.1
| QuietMode=No
| TMDatabase=1ST_CONN
|
| [db>db2inst1:TOOLSDB]
| DBAlias=TOOLSDB
| DBName=TOOLSDB
| Drive=/home/db2inst1
| Dir_entry_type=INDIRECT
|_Authentication=NOTSPEC

The script will also set the service product and version data if possible.

There is quite a bit of recon value in the data returned:
DB2 version, server OS/platform, database names and port numbers, file
system
path names, hostname and IP address.

Oddly enough I have see DB2 return the IPv6 address when queried over
the IPv4 interface.

Any testing or feedback with the functionality and structure of the
script would
be greatly appreciated!

Of particular interest are:
1. Is the feedback too verbose? This is the format that the server returns
the data in, barring some noise prior to the data. Should this be
parsed out and reformatted?

2. If you test it on server I would love to see feedback on the Platform
numbers that are returned and on what OSes. So far I have seen
Platform=18 on Linux and Platform=5 on Windows.

Thanks,

Tom








_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

[SCRIPT] IBM DB2 Server Profile export + Version detection Tom Sellers (Dec 19)
- Re: [SCRIPT] IBM DB2 Server Profile export + Version detection Ron (Dec 21)
- Re: [SCRIPT] IBM DB2 Server Profile export + Version detection Patrik Karlsson (Dec 21)
  - Re: [SCRIPT] IBM DB2 Server Profile export + Version detection David Fifield (Dec 22)
- Re: [SCRIPT] IBM DB2 Server Profile export + Version detection David Fifield (Dec 31)