Nmap Development mailing list archives
Re: [NSE] smb-os-discovery - Augment version detection of SMB related services
From: Tom Sellers <nmap () fadedcode net>
Date: Sat, 2 Apr 2016 08:02:00 -0500
On 3/30/2016 4:37 PM, Paulino Calderon wrote:
Good idea Tom. I have been working on smb2.lua and noticed that the OS field is gone in all responses. No more free OS info for non authenticated users =/.
It looks like you can get OS, domain name, DNS,etc from an SMB2 server prior to auth. Send a session setup request using NTLMSSP ( NTLMSSP_Negotiate ) The sever will respond with a NTLMSSP_Challenge. This packet includes OS, DNS, Domain, time, etc. You can then drop the session. I see this in packets against servers where the current smb-os-discovery script fails with access denied. Tom _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: [NSE] smb-os-discovery - Augment version detection of SMB related services Tom Sellers (Apr 02)