Re: SMB NSE scripts throw errors when scanning FreeNAS (BSD) server

[Barry G <barrygould () gmail com>]

Works now, thanks!

> nmap -p139,445 192.168.1.9 --script smb-protocols.nse

Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-12 20:54 Pacific
Daylight Time
Nmap scan report for freenas.x.net (192.168.1.9)
Host is up (0.00076s latency).

PORT    STATE SERVICE
139/tcp open  netbios-ssn
445/tcp open  microsoft-ds
MAC Address: 00:0C:29:06:F8:E1 (VMware)

Host script results:
| smb-protocols:
|   dialects:
|     NT LM 0.12 (SMBv1) [dangerous, but default]
|     2.02
|_    2.10

Nmap done: 1 IP address (1 host up) scanned in 3.45 seconds


On Fri, Aug 4, 2017 at 3:20 PM, Paulino Calderon
<paulino () calderonpale com> wrote:
> Hey,
>
> Please try rev36927. I've added a check to avoid calling os.date() when the date isn't available. I didn't notice it 
> crashed on Windows, on Linux I was getting "|_  start_date: 1600-12-31 19:03:58". But now when boot time isn't 
> available, it will show the boot date as "N/A". I've tested the script against FreeNAS 11.0 and I can confirm boot 
> time isn't available.
>
> Cheers.
>
> Paulino Calderon Pale || @calderpwn on Twitter || http://www.calderonpale.com
>
>
>
> > On Aug 3, 2017, at 5:12 PM, Paulino Calderon <paulino () calderonpale com> wrote:
> >
> > Hey,
> > When I was writing the script, I did came across several samba instances that reported an incorrect date. However, 
> > it never failed to parse the date completely like in your case.
> >
> > Let me update the script so at least it fails gracefully in those cases.
> >
> > Thanks for the report!
> >
> > El 3 ago. 2017 4:43 PM, "Barry G" <barrygould () gmail com> escribió:
> > Hi,
> >
> > While looking for SMBv1 hosts, I got an error in the NSE scripts running
> > nmap -p139,445 192.168.11.0/24 --script smb-protocols.nse
> >
> > Host is Win 8.1 64-bit PC, Nmap 7.60 running as local admin.
> >
> > Target is a FreeNAS server, FreeNAS-9.10.2-U5, virtualized on VMWare
> > ESXi 5.5, on the same LAN.
> >
> > It does seem to work against localhost, but I don't have any other SMB
> > hosts online at the moment to test.
> >
> > Output below.
> >
> > Thanks!
> > Barry
> >
> >
> > > nmap -p139,445 192.168.11.9 --script smb-protocols.nse
> >
> > Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-03 14:20 Pacific Daylight Tim
> > e
> > Nmap scan report for freenas.x.net (192.168.11.9)
> > Host is up (0.00s latency).
> >
> > PORT    STATE SERVICE
> > 139/tcp open  netbios-ssn
> > 445/tcp open  microsoft-ds
> > MAC Address: 00:0C:29:06:F8:E1 (VMware)
> >
> > Host script results:
> > |_smb-protocols: ERROR: Script execution failed (use -d to debug)
> >
> > Nmap done: 1 IP address (1 host up) scanned in 2.67 seconds
> >
> >
> > > nmap -p139,445 192.168.11.9 --script smb-protocols.nse -d
> > wpcap.dll present, library version: Npcap version 0.93, based on libpcap version
> >  1.8.1
> >
> > Starting Nmap 7.60 ( https://nmap.org ) at 2017-08-03 14:20 Pacific Daylight Tim
> > e
> > --------------- Timing report ---------------
> >   hostgroups: min 1, max 100000
> >   rtt-timeouts: init 1000, min 100, max 10000
> >   max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
> >   parallelism: min 0, max 0
> >   max-retries: 10, host-timeout: 0
> >   min-rate: 0, max-rate: 0
> > ---------------------------------------------
> > NSE: Using Lua 5.3.
> > NSE: Arguments from CLI:
> > NSE: Loaded 1 scripts for scanning.
> > NSE: Script Pre-scanning.
> > NSE: Starting runlevel 1 (of 1) scan.
> > Initiating NSE at 14:20
> > Completed NSE at 14:20, 0.00s elapsed
> > Initiating ARP Ping Scan at 14:20
> > Scanning 192.168.11.9 [1 port]
> > Packet capture filter (device eth1): arp and arp[18:4] = 0x74D02B2B and arp[22:2
> > ] = 0x82AD
> > Completed ARP Ping Scan at 14:20, 0.12s elapsed (1 total hosts)
> > Overall sending rates: 8.13 packets / s, 341.46 bytes / s.
> > mass_rdns: Using DNS server 192.168.11.1
> > Initiating Parallel DNS resolution of 1 host. at 14:20
> > mass_rdns: 0.23s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
> > Completed Parallel DNS resolution of 1 host. at 14:20, 0.00s elapsed
> > DNS resolution of 1 IPs took 0.23s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF:
> > 0, TR: 1, CN: 0]
> > Initiating SYN Stealth Scan at 14:20
> > Scanning freenas.x.net (192.168.11.9) [2 ports]
> > Packet capture filter (device eth1): dst host 192.168.11.13 and (icmp or icmp6 o
> > r ((tcp or udp or sctp) and (src host 192.168.11.9)))
> > Discovered open port 445/tcp on 192.168.11.9
> > Discovered open port 139/tcp on 192.168.11.9
> > Completed SYN Stealth Scan at 14:20, 0.03s elapsed (2 total ports)
> > Overall sending rates: 100.00 packets / s, 4400.00 bytes / s.
> > NSE: Script scanning 192.168.11.9.
> > NSE: Starting runlevel 1 (of 1) scan.
> > Initiating NSE at 14:20
> > NSE: Starting smb-protocols against 192.168.11.9.
> > NSE: [smb-protocols 192.168.11.9] SMB: Added account '' to account list
> > NSE: [smb-protocols 192.168.11.9] SMB: Added account 'guest' to account list
> > NSE: smb-protocols against 192.168.11.9 threw an error!
> > C:\Program Files (x86)\Utilities\Nmap/nselib/smb2.lua:396: time result cannot be
> >  represented in this installation
> > stack traceback:
> >         [C]: in function 'os.date'
> >         C:\Program Files (x86)\Utilities\Nmap/nselib/smb2.lua:396: in function '
> > smb2.negotiate_v2'
> >         C:\Program Files (x86)\Utilities\Nmap/nselib/smb.lua:1167: in function '
> > smb.list_dialects'
> >         ...ram Files (x86)\Utilities\Nmap/scripts\smb-protocols.nse:58: in funct
> > ion <...ram Files (x86)\Utilities\Nmap/scripts\smb-protocols.nse:54>
> >         (...tail calls...)
> >
> > Completed NSE at 14:20, 0.07s elapsed
> > Nmap scan report for freenas.x.net (192.168.11.9)
> > Host is up, received arp-response (0.0013s latency).
> > Scanned at 2017-08-03 14:20:33 Pacific Daylight Time for 1s
> >
> > PORT    STATE SERVICE      REASON
> > 139/tcp open  netbios-ssn  syn-ack ttl 64
> > 445/tcp open  microsoft-ds syn-ack ttl 64
> > MAC Address: 00:0C:29:06:F8:E1 (VMware)
> > Final times for host: srtt: 1250 rttvar: 3312  to: 100000
> >
> > NSE: Script Post-scanning.
> > NSE: Starting runlevel 1 (of 1) scan.
> > Initiating NSE at 14:20
> > Completed NSE at 14:20, 0.00s elapsed
> > Read from C:\Program Files (x86)\Utilities\Nmap: nmap-mac-prefixes nmap-payloads
> >  nmap-services.
> > Nmap done: 1 IP address (1 host up) scanned in 3.11 seconds
> >            Raw packets sent: 3 (116B) | Rcvd: 3 (116B)
> >
> > >
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/