Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: R: [SCRIPT] NetBIOS name and MAC query script

R: [SCRIPT] NetBIOS name and MAC query script

From: Speziale Daniele <daniele.speziale_at_telecomitalia.it>
Date: Wed, 28 Mar 2007 09:31:48 +0200

Thank you.
At all.

Daniele

-----Messaggio originale-----
Da: nmap-dev-bounces_at_insecure.org [mailto:nmap-dev-bounces_at_insecure.org] Per conto di Brandon Enright
Inviato: mercoledì 28 marzo 2007 4.33
A: DePriest, Jason R.
Cc: nmap-dev_at_insecure.org; bmenrigh_at_ucsd.edu
Oggetto: Re: [SCRIPT] NetBIOS name and MAC query script

Thank you, this was enough information to update the script (attached) to report the logged in username when NetBIOS actually reports the info [1].

I don't know if this will work against Windows 9x/Me or not but it seems to work against 2k and XP boxes. Please let me know how it works.

Brandon

[1] NetBIOS doesn't seem to explicitly report computername vs domainname vs username etc. Oftentimes it doesn't even report the username. This script is using a best-guess heuristic to determine the computername and username. I think I've got it all correct but more testing/review is in order.

On Tue, 27 Mar 2007 16:07:14 -0600
"DePriest, Jason R." <jrdepriest_at_gmail.com> wrote:

> On 3/27/07, Brandon Enright wrote:
> > DePriest, Jason R. wrote:
> > > I can give you detailed results from an nbtscan and a packet
> > > capture of the traffic.
> > >
> > > Would that be sufficient to help out?
> > >
> > > -Jason
> > >
> >
> > If you have a case where nbtscan was able to determine the remote
> > user that was logged in that ouput and packet capture would be most useful.
> > I suppose I could look at the nbtscan source code but I'd hate to
> > run into odd legal/licensing problems in doing so.
> >
> > Brandon
> >
> >
>
> It looked like nbtstat provided more verbosity for the end-user, so I
> used it instead.
>
> Nbtstat actually shows you the raw data received minus the tcp and
> ethernet layer stuff.
>
> I am including the full packet capture data from a tshark dump as well.
>
> See the attachment for the pcap and txt files with the data.
>
> -Jason
--------------------------------------------------------------------

CONFIDENTIALITY NOTICE

This message and its attachments are addressed solely to the persons above and may contain confidential information. If you have received the message in error, be informed that any use of the content hereof is prohibited. Please return it immediately to the sender and delete the message. Should you have any questions, please contact us by replying to webmaster_at_telecomitalia.it.

        Thank you

                                        www.telecomitalia.it

--------------------------------------------------------------------
                        

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Mar 28 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]