Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: NSE script for OS identification / clarification using Netbios/SMB
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Thu, 29 Nov 2007 01:47:01 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 28 Nov 2007 14:12:57 -0800
Fyodor <fyodor () insecure org> wrote:

On Wed, Nov 28, 2007 at 02:30:19PM -0500, Matthew Watchinski wrote:

The attached script written by Judy Novak, utilizes Netbios requests and
SMB AndX responses to help determine the OS and clarify the OS running
on a host that has Netbios and SMB running.  This can be helpful if OS
identification returns multiple possible fingerprints for a given
windows system.

Thanks Matt, this looks great.  It worked against a Linux box running
Samba which I tested it against:

Host flog (127.0.0.1) appears to be up ... good.
Interesting ports on flog (127.0.0.1):
PORT    STATE         SERVICE
139/tcp open          netbios-ssn
137/udp open|filtered netbios-ns

Host script results:
|_ Discover OS Version over NetBIOS and SMB: Unix

I have checked it into SVN for the next release.  We are now up to 40
NSE scripts shipping with Nmap.

Cheers,
-F


Cool.  This script is a prime candidate for replacing my nbstat.nse
script.  It would be nice to get all of the NetBIOS and SMB functions all
in one place (a library?) so that scripts like this or mine are as simple
and calling functions to generate the packet, send, and parse it.

Both Nessus and Metasploit have libraries like this that make writing
arbitrary Windows scripts much easier.

Thoughts?

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFHThoVqaGPzAsl94IRAvybAJ4qSGpypvUrOjYyIEctyYucS+REfgCeMY0Z
+niVTb6/UcKNrDtvquL1JTc=
=1KsJ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]