My TODO list for smb/msrpc scripts

[Ron <ron () skullsecurity net>]

Hey all,

Since there's a GSoC student who's planning on looking at the SMB/MSRPC code (good luck! You'll need it ;) ), I thought 
I'd share my personal TODO list, since I haven't touched the SMB/MSRPC stuff for awhile (aside from bugfixes). I'm sure 
there are plenty of other things to do, but this is what I wrote down:

o Script: Windows system logs (like sysinternals' psloglist)
o Script: Services (like psservice)
o Look into combining similar scripts, especially the 'get info' stuff
o Look into writing a new interface to the SMB/MSRPC libraries that would be based on information type, rather than 
actual remote functions. Things like get_users(), get_shares(), etc. I've already started this a little at the bottom 
of smb.lua and msrpc.lua, but I'd move it to its own thing. 
  -> During or after this change, I'd look at finding a way to share the same SMB session through a script (or even 
multiple scripts) rather than logging in/out dozens of times
o Improve domain support all around -- in particular, let the user give the domain in the format DOMAIN\username or 
username@DOMAIN anywhere that usernames are accepted
o smb-brute.nse -- look at how we can resume after a timeout rather than just dying. Perhaps look at how smb 
bruteforcing can be combined into ncrack (that's a whole other discussion)
o Look at writing fuzzer scripts, similar to SPIKE
o Add an option to smb-brute.nse to only bruteforce accounts that are detected as admin
o Find a way to stop the ms08-067 check from crashing hosts
o Look at moving to using .idl files instead of manually coding all the msrpc stuff

If I think of more, I'll post them. 

Ron

-- 
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

Attachment: _bin
Description:

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/