Security Basics
nmap smb-brute questions Sep 17 2013 01:31AM
ToddAndMargo (ToddAndMargo zoho com) (1 replies)
Hi All,

In the following "#" is my command prompt for "root".

I have been testing a script called "smb-brute":
http://nmap.org/nsedoc/scripts/smb-brute.html

I have some confusion. On the web page, there are two
examples:

nmap --script smb-brute.nse -p445 <host>
sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>

When I look at my /etc/services, I get the following smb
services:

netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
microsoft-ds 445/tcp
microsoft-ds 445/udp

Question 1): Why is the example only checking UDP:137,
and TCP:139? Ports 137,138,139,445 are all using both
UDP and TCP according to /etc/services. Is the example
not meant to be a good example?

When I scan my KVM Windows Frankenstein (w8) virtual machine,
I get back:

# nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116
...
PORT STATE SERVICE
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp open netbios-ssn
445/tcp open microsoft-ds

But when I scan the ports directly without the script, I
get back:

# nmap --reason -Pn -p 137,138,139,445 192.168.255.116
...
PORT STATE SERVICE REASON
137/tcp filtered netbios-ns no-response
138/tcp filtered netbios-dgm no-response
139/tcp filtered netbios-ssn no-response
445/tcp filtered microsoft-ds no-response

Question 2): why is one "closed and open" and the other
one "filtered"? How is it that the script can find open
ports and the direct command can not?

Question 3): on the first above scan, had it found any or
broke any hashes, would it have told me?

On the following command, I also get back:
# nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116
...
Host script results:
| smb-brute:
| administrator:<blank> => Valid credentials, account disabled
|_ guest:<blank> => Valid credentials, account disabled

Question 4): does the "Valid credentials, account disabled" mean
the script could not break in?

Many thanks,
-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]
Re: nmap smb-brute questions Sep 17 2013 09:17AM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: nmap smb-brute questions Sep 23 2013 10:40PM
ToddAndMargo (ToddAndMargo zoho com)


 

Privacy Statement
Copyright 2010, SecurityFocus