Nmap Development mailing list archives
Re: smb-psexec: ,|_ ERROR: Couldn't find a writable share!---->>>> NT_STATUS_ACCOUNT_RESTRICTION
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 15 Dec 2015 17:55:55 -0600
This is likely due to Remote UAC: https://support.microsoft.com/en-us/kb/951016 Tom On 12/15/2015 7:30 AM, hernani wrote:
i made some modification windows , activating admin account and now get this -->> NSE: Starting smb-psexec against 192.168.1.84. NSE: [smb-psexec 192.168.1.84] Looking for the service file: nmap_service or nmap_service.exe NSE: [smb-psexec 192.168.1.84] Attempting to find file: nmap_service NSE: [smb-psexec 192.168.1.84] Attempting to find file: default NSE: [smb-psexec 192.168.1.84] Attempting to load config file: /usr/local/bin/../share/nmap/nselib/data/psexec/default.lua NSE: [smb-psexec 192.168.1.84] SMB: Attempting to log into the system to enumerate shares NSE: [smb-psexec 192.168.1.84] SMB: Added account '' to account list NSE: [smb-psexec 192.168.1.84] SMB: Added account 'guest' to account list NSE: [smb-psexec 192.168.1.84] SMB: Added account 'Administrator' to account list NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] *SMB: Extended login to 192.168.1.84 as HERNANI-PC\Administrator failed (NT_STATUS_ACCOUNT_RESTRICTION)* NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] *SMB: Extended login to 192.168.1.84 as HERNANI-PC\guest failed (NT_STATUS_ACCOUNT_DISABLED)* NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] *SMB: Enumerating shares failed, guessing at common ones (NT_STATUS_ACCESS_DENIED)* NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: A NSE: [smb-psexec 192.168.1.84] SMB: Checking if share A can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Share doesn't exist: A NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: A$ NSE: [smb-psexec 192.168.1.84] SMB: Checking if share A$ can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Share doesn't exist: A$ NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: ADMIN NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Share doesn't exist: ADMIN NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: ADMIN$ NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the current user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: On 15-12-2015 13:12, hernani wrote:hello, i run this command ---> sudo nmap -p 135,139,445 -d --script=smb-psexec --script-args=smbuser="******",smbpass="********" 192.168.*.** and give me error in subject were is debug i put a bold where is access denied. can someone help me?? Starting Nmap 7.01 ( https://nmap.org ) at 2015-12-15 13:03 WET --------------- Timing report --------------- hostgroups: min 1, max 100000 rtt-timeouts: init 1000, min 100, max 10000 max-scan-delay: TCP 1000, UDP 1000, SCTP 1000 parallelism: min 0, max 0 max-retries: 10, host-timeout: 0 min-rate: 0, max-rate: 0 --------------------------------------------- NSE: Using Lua 5.2. NSE: Arguments from CLI: smbuser=hernani,smbpass=******* NSE: Arguments parsed: smbuser=hernani,smbpass=******* NSE: Loaded 1 scripts for scanning. NSE: Script Pre-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 13:03 Completed NSE at 13:03, 0.00s elapsed Initiating ARP Ping Scan at 13:03 Scanning 192.168.1.84 [1 port] Packet capture filter (device wlan0): arp and arp[18:4] = 0x48D224D7 and arp[22:2] = 0x15E6 Completed ARP Ping Scan at 13:04, 0.21s elapsed (1 total hosts) Overall sending rates: 4.77 packets / s, 200.43 bytes / s. mass_rdns: Using DNS server 192.168.1.254 mass_rdns: Using DNS server 2001:8a0:715b:a001:224:17ff:fecf:9624 Initiating Parallel DNS resolution of 1 host. at 13:04 mass_rdns: 0.00s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1] Completed Parallel DNS resolution of 1 host. at 13:04, 0.00s elapsed DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0] Initiating SYN Stealth Scan at 13:04 Scanning hernani-PC.lan (192.168.1.84) [3 ports] Packet capture filter (device wlan0): dst host 192.168.1.66 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 192.168.1.84))) Discovered open port 445/tcp on 192.168.1.84 Discovered open port 135/tcp on 192.168.1.84 Increased max_successful_tryno for 192.168.1.84 to 1 (packet drop) Discovered open port 139/tcp on 192.168.1.84 Completed SYN Stealth Scan at 13:04, 1.21s elapsed (3 total ports) Overall sending rates: 4.15 packets / s, 182.40 bytes / s. NSE: Script scanning 192.168.1.84. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 13:04 NSE: Starting smb-psexec against 192.168.1.84. NSE: [smb-psexec 192.168.1.84] Looking for the service file: nmap_service or nmap_service.exe NSE: [smb-psexec 192.168.1.84] Attempting to find file: nmap_service NSE: [smb-psexec 192.168.1.84] Attempting to find file: default NSE: [smb-psexec 192.168.1.84] Attempting to load config file: /usr/local/bin/../share/nmap/nselib/data/psexec/default.lua NSE: [smb-psexec 192.168.1.84] SMB: Attempting to log into the system to enumerate shares NSE: [smb-psexec 192.168.1.84] SMB: Added account '' to account list NSE: [smb-psexec 192.168.1.84] SMB: Added account 'guest' to account list NSE: [smb-psexec 192.168.1.84] SMB: Added account '********' to account list NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Found 4 shares, will attempt to find more information NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Trying a random share to see if server responds properly: nmap-share-test NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: ADMIN$ NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be read by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share ADMIN$ can be written by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] *SMB: Failed to get share info for ADMIN$: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsharegetinfo)* NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: C$ NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be read by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be written by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share C$ can be written by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84]*SMB: Failed to get share info for C$: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsharegetinfo)* NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: IPC$ NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be read by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be written by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share IPC$ can be written by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] *SMB: Failed to get share info for IPC$: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsharegetinfo)* NSE: [smb-psexec 192.168.1.84] SMB: Getting information for share: Users NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be read by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be read by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be written by the current user NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Checking if share Users can be written by the anonymous user NSE: [smb-psexec 192.168.1.84] LM Password: NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] LM Password: 4845524e414e49 NSE: [smb-psexec 192.168.1.84] SMB: Invalid NTLM challenge message: unexpected signature. NSE: [smb-psexec 192.168.1.84] SMB: Failed to get share info for Users: NT_STATUS_WERR_ACCESS_DENIED (srvsvc.netsharegetinfo) NSE: Finished smb-psexec against 192.168.1.84. Completed NSE at 13:04, 0.20s elapsed Nmap scan report for hernani-PC.lan (192.168.1.84) Host is up, received arp-response (0.00040s latency). Scanned at 2015-12-15 13:03:59 WET for 2s PORT STATE SERVICE REASON 135/tcp open msrpc syn-ack ttl 128 139/tcp open netbios-ssn syn-ack ttl 128 445/tcp open microsoft-ds syn-ack ttl 128 MAC Address: 08:00:27:82:A3:43 (Oracle VirtualBox virtual NIC) Host script results: | smb-psexec: |_ *ERROR: Couldn't find a writable share! (May not have an administrator account)* Final times for host: srtt: 400 rttvar: 2220 to: 100000 NSE: Script Post-scanning. NSE: Starting runlevel 1 (of 1) scan. Initiating NSE at 13:04 Completed NSE at 13:04, 0.00s elapsed Read from /usr/local/bin/../share/nmap: nmap-mac-prefixes nmap-payloads nmap-services. Nmap done: 1 IP address (1 host up) scanned in 2.09 seconds Raw packets sent: 6 (248B) | Rcvd: 4 (160B) hernani _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- smb-psexec: ,|_ ERROR: Couldn't find a writable share! May not have an administrator account hernani (Dec 15)
- Re: smb-psexec: ,|_ ERROR: Couldn't find a writable share!---->>>> NT_STATUS_ACCOUNT_RESTRICTION hernani (Dec 15)
- Re: smb-psexec: ,|_ ERROR: Couldn't find a writable share!---->>>> NT_STATUS_ACCOUNT_RESTRICTION Tom Sellers (Dec 15)
- Re: smb-psexec: ,|_ ERROR: Couldn't find a writable share!---->>>> NT_STATUS_ACCOUNT_RESTRICTION hernani (Dec 15)