|
Nmap Development
mailing list archives
Re: [NSE] pwdump script
From: Ron <ron () skullsecurity net>
Date: Wed, 11 Feb 2009 18:05:46 -0600
David Fifield wrote:
$ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190
Host script results:
|_ smb-pwdump: ERROR: Couldn't upload the files: Couldn't upload nselib/data/lsr
emora.dll: NT_STATUS_ACCESS_DENIED
I think this is due to the guest/classic login option in XP
Professional. I see a lot of log messages with -d2 like
SCRIPT ENGINE DEBUG: SMB: Extended login as \jrandom failed, but was given guest access (username may be wrong, or
system may only allow guest)
SCRIPT ENGINE DEBUG: Couldn't delete lsremora.dll: NT_STATUS_ACCESS_DENIED
Yep, you're correct.
I changed the setting from guest to classic and ran again.
$ ./nmap --datadir=. -PN -d2 -p139,445 --script=smb-pwdump --script-args=smbuser=jrandom,smbpass=jrandom 192.168.0.190
Host script results:
|_ smb-pwdump: ERROR: Couldn't create the service on the remote machine: NT_STATUS_UNKNOWN (0x000006e4)
(svcctl.openscmanagerw)
I'll send you the log file for that.
David Fifield
I haven't been able to figure out how to access the service control
service on Windows XP. I've spent a lot of time on that issue, and
unfortunately I haven't been able to resolve it. I even posted to the
Metasploit mailing list, since they do it, but it didn't help.
Currently, it'll work against Windows 2000 or 2003.
Thanks, though!
Ron
--
Ron Bowes
http://www.skullsecurity.org/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
|
Intro
