Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] smb-os-discovery - Augment version detection of SMB related services

From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 30 Mar 2016 16:37:41 -0500

Good idea Tom. I have been working on smb2.lua and noticed that the OS field is gone in all responses. No more free OS 
info for non authenticated users =/. The new version of this script (supporting smb2) isn’t going to give any info 
unless credentials are provided (Of course if only SMB2 is enabled, otherwise we fall back to SMB1 and get it there). 

David, the library don’t check the ports as the numbers are part of SMB like you mentioned. The way it works is that 
Nmap will prefer raw TCP connections to 445 if open over Netbios connections(139/tcp 137/udp). I’ve read in some 
articles from Microsoft that 445/udp connections are possible but when I tried updating the library to work on 445/udp, 
it failed. Honestly I didn’t put a lot of time into this because the specs don’t mention this (Or I missed it when i 
went through it).

Cheers.




On Mar 30, 2016, at 2:42 PM, David Fifield <david () bamsoftware com> wrote:

On Wed, Mar 30, 2016 at 10:33:59AM -0700, nmap () fadedcode net wrote:

I've created Github PR 348 ( [1]https://github.com/nmap/nmap/pull/348 ) that
enables smb-os-discovery to augment the version detection of certain SMB
related services.

Here is the text of the PR.  You may want to visit the PR at Github if the
formatting below is unreadable.

The attached changes allow smb-os-discovery.nse to augment nmap's standard
version detection with data that it has discovered. It will only update the
version information for the port that was used by smb-os-discovery.nse.

The change requires that smb.lua be modified to return the port in the response
table that smb.get_os returns. This should be non-disruptive for other scripts.


Wow, looks good, and didn't take much code.

I suppose there isn't a way for smb.lua to report whether a port is
using TCP or UDP? The heuristic of checking for port 445 or 139 seems
fine, though.
https://github.com/nmap/nmap/pull/348/commits/cb3c48e45c46ef7b25e65ad723b7c45e4b28f94f#diff-d27b09af6ff16d6d25e34705e3d51fceR193
(Or maybe it's not a heuristic and the specific port numbers are part of
SMB.)
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: