Re: [NSE] smb-os-discovery - Augment version detection of SMB related services

[Tom Sellers <nmap () fadedcode net>]

On 3/30/2016 4:37 PM, Paulino Calderon wrote:
> Good idea Tom. I have been working on smb2.lua and noticed that the OS field is gone in all responses. No more free 
> OS info for non authenticated users =/.

It looks like you can get OS, domain name, DNS,etc from an SMB2 server prior to auth.

Send a session setup request using NTLMSSP ( NTLMSSP_Negotiate )
The sever will respond with a NTLMSSP_Challenge.  This packet includes OS, DNS, Domain, time, etc.
You can then drop the session.

I see this in packets against servers where the current smb-os-discovery script fails with access
denied.

Tom


_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/