Security Basics
nmap smb-brute questions Sep 17 2013 01:31AM
ToddAndMargo (ToddAndMargo zoho com) (1 replies)
Re: nmap smb-brute questions Sep 17 2013 09:17AM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: nmap smb-brute questions Sep 23 2013 10:40PM
ToddAndMargo (ToddAndMargo zoho com)
On 09/17/2013 02:17 AM, Ansgar Wiechers wrote:
> On 2013-09-16 ToddAndMargo wrote:
>> When I look at my /etc/services, I get the following smb
>> services:
>>
>> netbios-ns 137/tcp # NETBIOS Name Service
>> netbios-ns 137/udp
>> netbios-dgm 138/tcp # NETBIOS Datagram Service
>> netbios-dgm 138/udp
>> netbios-ssn 139/tcp # NETBIOS session service
>> netbios-ssn 139/udp
>> microsoft-ds 445/tcp
>> microsoft-ds 445/udp
>>
>> Question 1): Why is the example only checking UDP:137,
>> and TCP:139? Ports 137,138,139,445 are all using both
>> UDP and TCP according to /etc/services. Is the example
>> not meant to be a good example?
>
> AFAIK was IANA practice to assign UDP and TCP port number for a service,
> regardless of which of the two protocols it actually used. NetBIOS does
> not use 137/tcp and 139/udp, so it'd be pointless to scan those ports.
>
> [...]
>> On the following command, I also get back:
>> # nmap --script smb-brute.nse -p 137,138,139,445 192.168.255.116
>> ...
>> Host script results:
>> | smb-brute:
>> | administrator:<blank> => Valid credentials, account disabled
>> |_ guest:<blank> => Valid credentials, account disabled
>>
>> Question 4): does the "Valid credentials, account disabled" mean
>> the script could not break in?
>
> Yes.
>
> Regards
> Ansgar Wiechers
>

Hi Ansgar,

Thank you!

-T

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Computers are like air conditioners.
They malfunction when you open windows
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442
f727d1
------------------------------------------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus