Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smb-psexec: ,|_ ERROR: Couldn't find a writable share!---->>>> NT_STATUS_ACCOUNT_RESTRICTION

From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 15 Dec 2015 17:55:55 -0600
This is likely due to Remote UAC:

https://support.microsoft.com/en-us/kb/951016



Tom

On 12/15/2015 7:30 AM, hernani wrote:

i made some modification windows , activating admin account and now get this -->>

NSE: Starting smb-psexec against 192.168.1.84.
NSE: [smb-psexec 192.168.1.84] Looking for the service file: nmap_service or nmap_service.exe
NSE: [smb-psexec 192.168.1.84] Attempting to find file: nmap_service
NSE: [smb-psexec 192.168.1.84] Attempting to find file: default
NSE: [smb-psexec 192.168.1.84] Attempting to load config file: 
/usr/local/bin/../share/nmap/nselib/data/psexec/default.lua
NSE: [smb-psexec 192.168.1.84] SMB: Attempting to log into the system to enumerate shares
NSE: [smb-psexec 192.168.1.84] SMB: Added account '' to account list
NSE: [smb-psexec 192.168.1.84] SMB: Added account 'guest' to account list
NSE: [smb-psexec 192.168.1.84] SMB: Added account 'Administrator' to account list
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] *SMB: Extended login to 192.168.1.84 as HERNANI-PC\Administrator failed 
(NT_STATUS_ACCOUNT_RESTRICTION)*
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] *SMB: Extended login to 192.168.1.84 as HERNANI-PC\guest failed 
(NT_STATUS_ACCOUNT_DISABLED)*
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] *SMB: Enumerating shares failed, guessing at common ones (NT_STATUS_ACCESS_DENIED)*
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: A
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share A can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Share doesn't exist: A
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: A$
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share A$ can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Share doesn't exist: A$
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: ADMIN
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Share doesn't exist: ADMIN
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: ADMIN$
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the current user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:


On 15-12-2015 13:12, hernani wrote:

hello,

i run this command ---> sudo nmap -p 135,139,445 -d --script=smb-psexec 
--script-args=smbuser="******",smbpass="********" 192.168.*.**

and give me error in subject were is debug i put a bold where is access denied.
can someone help me??


Starting Nmap 7.01 ( https://nmap.org ) at 2015-12-15 13:03 WET
--------------- Timing report ---------------
  hostgroups: min 1, max 100000
  rtt-timeouts: init 1000, min 100, max 10000
  max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
  parallelism: min 0, max 0
  max-retries: 10, host-timeout: 0
  min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.2.
NSE: Arguments from CLI: smbuser=hernani,smbpass=*******
NSE: Arguments parsed: smbuser=hernani,smbpass=*******
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 13:03
Completed NSE at 13:03, 0.00s elapsed
Initiating ARP Ping Scan at 13:03
Scanning 192.168.1.84 [1 port]
Packet capture filter (device wlan0): arp and arp[18:4] = 0x48D224D7 and arp[22:2] = 0x15E6
Completed ARP Ping Scan at 13:04, 0.21s elapsed (1 total hosts)
Overall sending rates: 4.77 packets / s, 200.43 bytes / s.
mass_rdns: Using DNS server 192.168.1.254
mass_rdns: Using DNS server 2001:8a0:715b:a001:224:17ff:fecf:9624
Initiating Parallel DNS resolution of 1 host. at 13:04
mass_rdns: 0.00s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 13:04, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 13:04
Scanning hernani-PC.lan (192.168.1.84) [3 ports]
Packet capture filter (device wlan0): dst host 192.168.1.66 and (icmp or icmp6 or ((tcp or udp or sctp) and (src 
host 192.168.1.84)))
Discovered open port 445/tcp on 192.168.1.84
Discovered open port 135/tcp on 192.168.1.84
Increased max_successful_tryno for 192.168.1.84 to 1 (packet drop)
Discovered open port 139/tcp on 192.168.1.84
Completed SYN Stealth Scan at 13:04, 1.21s elapsed (3 total ports)
Overall sending rates: 4.15 packets / s, 182.40 bytes / s.
NSE: Script scanning 192.168.1.84.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 13:04
NSE: Starting smb-psexec against 192.168.1.84.
NSE: [smb-psexec 192.168.1.84] Looking for the service file: nmap_service or nmap_service.exe
NSE: [smb-psexec 192.168.1.84] Attempting to find file: nmap_service
NSE: [smb-psexec 192.168.1.84] Attempting to find file: default
NSE: [smb-psexec 192.168.1.84] Attempting to load config file: 
/usr/local/bin/../share/nmap/nselib/data/psexec/default.lua
NSE: [smb-psexec 192.168.1.84] SMB: Attempting to log into the system to enumerate shares
NSE: [smb-psexec 192.168.1.84] SMB: Added account '' to account list
NSE: [smb-psexec 192.168.1.84] SMB: Added account 'guest' to account list
NSE: [smb-psexec 192.168.1.84] SMB: Added account '********' to account list
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Found 4 shares, will attempt to find more information
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: ADMIN$
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] *SMB: Failed to get share info for ADMIN$: NT_STATUS_WERR_ACCESS_DENIED 
(srvsvc.netsharegetinfo)*
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: C$
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be read by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be written by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be written by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84]*SMB: Failed to get share info for C$: NT_STATUS_WERR_ACCESS_DENIED 
(srvsvc.netsharegetinfo)*
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: IPC$
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be read by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be written by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be written by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] *SMB: Failed to get share info for IPC$: NT_STATUS_WERR_ACCESS_DENIED 
(srvsvc.netsharegetinfo)*
NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: Users
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be read by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be read by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be written by the current user
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be written by the anonymous user
NSE: [smb-psexec 192.168.1.84] LM Password:
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49
NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-psexec 192.168.1.84] SMB: Failed to get share info for Users: NT_STATUS_WERR_ACCESS_DENIED 
(srvsvc.netsharegetinfo)
NSE: Finished smb-psexec against 192.168.1.84.
Completed NSE at 13:04, 0.20s elapsed
Nmap scan report for hernani-PC.lan (192.168.1.84)
Host is up, received arp-response (0.00040s latency).
Scanned at 2015-12-15 13:03:59 WET for 2s
PORT    STATE SERVICE      REASON
135/tcp open  msrpc        syn-ack ttl 128
139/tcp open  netbios-ssn  syn-ack ttl 128
445/tcp open  microsoft-ds syn-ack ttl 128
MAC Address: 08:00:27:82:A3:43 (Oracle VirtualBox virtual NIC)

Host script results:
| smb-psexec:
|_ *ERROR: Couldn't find a writable share! (May not have an administrator account)*
Final times for host: srtt: 400 rttvar: 2220  to: 100000

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 13:04
Completed NSE at 13:04, 0.00s elapsed
Read from /usr/local/bin/../share/nmap: nmap-mac-prefixes nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 2.09 seconds
           Raw packets sent: 6 (248B) | Rcvd: 4 (160B)

hernani


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: