Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smb scripts against Windows 7?

From: Patrik Karlsson <patrik () cqure net>
Date: Wed, 6 Jun 2012 23:44:59 +0200
On Wed, Jun 6, 2012 at 12:00 PM, Patrik Karlsson <patrik () cqure net> wrote:




On Wed, Jun 6, 2012 at 3:46 AM, David Fifield <david () bamsoftware com>wrote:


I've tried running the smb scripts against Windows 7 SP1, with
disappointing results. I have a share set up, and I'm providing a user
name and password. I can mount the share from Linux as a cifs mount.

Interestingly I see a bunch of users in the debug output, but not in the
script output. Is this a problem with a new authentication method?

Yes it is and it also applies to Windows 2008. I've started looking in to

it.

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77




This patch seems to fix authentication for Windows 7 and 2008 for me.
Wireshark still reports that somethings broken with the authentication
packet, but for the moment it works.
With this working a number of other bugs in scripts have started to appear.
Like eg. the smb-enum-shares finds all shares, but then does a bunch of
anonymous requests, which are no longer supported per default and fails.

There also seems to be some problem with reassembly of some smb packets
being fragmented that I saw on one of my test boxes.
I would like to commit this patch so that we can start working on
addressing the other problems.
Before I do that though, I would appreciate some testing, as this touches
on some central code used by all smb scripts.

The following tests are useful:
- SMB scripts that used to work against a system, should still work
(Windows 2000, 2003, XP ...)
- smb-enum-groups, smb-enum-domains and smb-enum-sessions should now also
work against Windows 2008 and Windows 7

Thanks,
Patrik
-- 
Patrik Karlsson
http://www.cqure.net
http://twitter.com/nevdull77

Attachment: smb-auth-win2008.diff
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: