Nmap Development mailing list archives
smb scripts against Windows 7?
From: David Fifield <david () bamsoftware com>
Date: Tue, 5 Jun 2012 18:46:41 -0700
I've tried running the smb scripts against Windows 7 SP1, with disappointing results. I have a share set up, and I'm providing a user name and password. I can mount the share from Linux as a cifs mount. Interestingly I see a bunch of users in the debug output, but not in the script output. Is this a problem with a new authentication method? David Fifield $ sudo nmap --script='smb-* and not smb-flood and not smb-brute' -p 445 192.168.0.2 -d --script-args smbuser=david,smbpass=password Starting Nmap 6.01 ( http://nmap.org ) at 2012-06-05 18:39 PDT NSE: Script scanning 192.168.0.2. NSE: Starting runlevel 1 (of 2) scan. NSE: Starting smb-enum-domains against 192.168.0.2. NSE: Starting smb-enum-groups against 192.168.0.2. NSE: Starting smb-enum-processes against 192.168.0.2. NSE: Starting smb-enum-sessions against 192.168.0.2. NSE: Starting smb-enum-shares against 192.168.0.2. NSE: Starting smb-enum-users against 192.168.0.2. NSE: Starting smb-mbenum against 192.168.0.2. NSE: Starting smb-os-discovery against 192.168.0.2. NSE: Starting smb-psexec against 192.168.0.2. NSE: Starting smb-security-mode against 192.168.0.2. NSE: Starting smb-server-stats against 192.168.0.2. NSE: Starting smb-system-info against 192.168.0.2. Initiating NSE at 18:39 NSE: MSRPC: Attempting to enumerate groups on 192.168.0.2 NSE: SMB: Attempting to log into the system to enumerate shares NSE: smb-psexec: Looking for the service file: nmap_service or nmap_service.exe NSE: smb-psexec: Attempting to find file: nmap_service NSE: Finished smb-psexec against 192.168.0.2. NSE: SMB: Added account '' to account list NSE: SMB: Added account 'guest' to account list NSE: SMB: Added account 'david' to account list NSE: SMB: Enumerating shares failed, guessing at common ones (SMB: Failed to receive bytes after 5 attempts: EOF) NSE: Finished smb-security-mode against 192.168.0.2. NSE: Finished smb-enum-processes against 192.168.0.2. NSE: Finished smb-os-discovery against 192.168.0.2. NSE: Finished smb-system-info against 192.168.0.2. NSE: Finished smb-server-stats against 192.168.0.2. NSE: Finished smb-mbenum against 192.168.0.2. NSE: SMB: Extended login to 192.168.0.2 as \david failed (NT_STATUS_NOT_SUPPORTED) NSE: SMB: Extended login to 192.168.0.2 as \guest failed (NT_STATUS_NOT_SUPPORTED) NSE: SMB: Extended login to 192.168.0.2 as \<blank> failed (NT_STATUS_NOT_SUPPORTED) NSE: Finished smb-enum-domains against 192.168.0.2. NSE: Finished smb-enum-sessions against 192.168.0.2. NSE: SMB: Extended login to 192.168.0.2 as \<blank> failed (NT_STATUS_NOT_SUPPORTED) NSE: SMB: ERROR: All logins failed, sorry it didn't work out! NSE: Finished smb-enum-shares against 192.168.0.2. NSE: SMB: ERROR: No accounts left to try NSE: Finished smb-enum-users against 192.168.0.2. NSE: MSRPC: Found 2 groups in lose NSE: MSRPC: Adding group 'HelpLibraryUpdaters' (RID: 1003) with 0 members NSE: MSRPC: Adding group 'HomeUsers' (RID: 1000) with 3 members NSE: MSRPC: Found 14 groups in Builtin NSE: MSRPC: Adding group 'Administrators' (RID: 544) with 2 members NSE: MSRPC: Adding group 'Backup Operators' (RID: 551) with 0 members NSE: MSRPC: Adding group 'Cryptographic Operators' (RID: 569) with 0 members NSE: MSRPC: Adding group 'Distributed COM Users' (RID: 562) with 0 members NSE: MSRPC: Adding group 'Event Log Readers' (RID: 573) with 0 members NSE: MSRPC: Adding group 'Guests' (RID: 546) with 1 members NSE: MSRPC: Adding group 'IIS_IUSRS' (RID: 568) with 1 members NSE: MSRPC: Adding group 'Network Configuration Operators' (RID: 556) with 0 members NSE: MSRPC: Adding group 'Performance Log Users' (RID: 559) with 0 members NSE: MSRPC: Adding group 'Performance Monitor Users' (RID: 558) with 0 members NSE: MSRPC: Adding group 'Power Users' (RID: 547) with 0 members NSE: MSRPC: Adding group 'Remote Desktop Users' (RID: 555) with 0 members NSE: MSRPC: Adding group 'Replicator' (RID: 552) with 0 members NSE: MSRPC: Adding group 'Users' (RID: 545) with 3 members NSE: SMB: ERROR: No accounts left to try NSE: Finished smb-enum-groups against 192.168.0.2. Completed NSE at 18:39, 0.06s elapsed NSE: Starting runlevel 2 (of 2) scan. NSE: Starting smb-check-vulns against 192.168.0.2. Initiating NSE at 18:39 NSE: SMB: ERROR: No accounts left to try NSE: Finished smb-check-vulns against 192.168.0.2. Completed NSE at 18:39, 0.00s elapsed Nmap scan report for 192.168.0.2 Host is up, received arp-response (0.00022s latency). Scanned at 2012-06-05 18:39:54 PDT for 1s PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack MAC Address: 52:54:00:12:34:56 (QEMU Virtual NIC) Host script results: | smb-psexec: Can't find the service file: nmap_service.exe (or nmap_service). | Due to false positives in antivirus software, this module is no | longer included by default. Please download it from | http://nmap.org/psexec/nmap_service.exe |_and place it in nselib/data/psexec/ under the Nmap DATADIR. | smb-security-mode: |_ ERROR: SMB: Failed to receive bytes after 5 attempts: EOF |_smb-enum-processes: ERROR: SMB: Failed to receive bytes after 5 attempts: EOF | smb-os-discovery: |_ ERROR: SMB: Failed to receive bytes after 5 attempts: EOF | smb-system-info: |_ ERROR: SMB: Failed to receive bytes after 5 attempts: EOF | smb-mbenum: |_ ERROR: Failed to connect to browser service | smb-enum-domains: |_ ERROR: No accounts left to try | smb-enum-shares: |_ ERROR: Couldn't enumerate shares: NT_STATUS_NOT_SUPPORTED | smb-enum-users: | ERROR: Couldn't enumerate users | ERROR: SAMR returned SMB: Failed to receive bytes after 5 attempts: EOF |_ ERROR: LSA returned No accounts left to try | smb-enum-groups: |_ ERROR: Couldn't enumerate groups: No accounts left to try | smb-check-vulns: | MS08-067: ERROR (No accounts left to try) | Conficker: UNKNOWN; got error No accounts left to try | regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run) | SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run) | MS06-025: CHECK DISABLED (remove 'safe=1' argument to run) |_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run) Final times for host: srtt: 217 rttvar: 3777 to: 100000 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 2) scan. NSE: Starting runlevel 2 (of 2) scan. Read from /usr/local/bin/../share/nmap: nmap-mac-prefixes nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds Raw packets sent: 2 (72B) | Rcvd: 2 (72B) _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- smb scripts against Windows 7? David Fifield (Jun 05)
- Re: smb scripts against Windows 7? Patrik Karlsson (Jun 06)
- Re: smb scripts against Windows 7? Patrik Karlsson (Jun 06)
- Re: smb scripts against Windows 7? Fyodor (Jun 07)
- Re: smb scripts against Windows 7? Patrik Karlsson (Jun 09)
- Re: smb scripts against Windows 7? Patrik Karlsson (Jun 06)
- Re: smb scripts against Windows 7? Patrik Karlsson (Jun 06)