Security Basics
nmap smb-brute questions Sep 17 2013 01:31AM
ToddAndMargo (ToddAndMargo zoho com) (1 replies)
Hi All,

In the following "#" is my command prompt for "root".

I have been testing a script called "smb-brute":

I have some confusion. On the web page, there are two

nmap --script smb-brute.nse -p445 <host>
sudo nmap -sU -sS --script smb-brute.nse -p U:137,T:139 <host>

When I look at my /etc/services, I get the following smb

netbios-ns 137/tcp # NETBIOS Name Service
netbios-ns 137/udp
netbios-dgm 138/tcp # NETBIOS Datagram Service
netbios-dgm 138/udp
netbios-ssn 139/tcp # NETBIOS session service
netbios-ssn 139/udp
microsoft-ds 445/tcp
microsoft-ds 445/udp

Question 1): Why is the example only checking UDP:137,
and TCP:139? Ports 137,138,139,445 are all using both
UDP and TCP according to /etc/services. Is the example
not meant to be a good example?

When I scan my KVM Windows Frankenstein (w8) virtual machine,
I get back:

# nmap --script smb-brute.nse -p 137,138,139,445
137/tcp closed netbios-ns
138/tcp closed netbios-dgm
139/tcp open netbios-ssn
445/tcp open microsoft-ds

But when I scan the ports directly without the script, I
get back:

# nmap --reason -Pn -p 137,138,139,445
137/tcp filtered netbios-ns no-response
138/tcp filtered netbios-dgm no-response
139/tcp filtered netbios-ssn no-response
445/tcp filtered microsoft-ds no-response

Question 2): why is one "closed and open" and the other
one "filtered"? How is it that the script can find open
ports and the direct command can not?

Question 3): on the first above scan, had it found any or
broke any hashes, would it have told me?

On the following command, I also get back:
# nmap --script smb-brute.nse -p 137,138,139,445
Host script results:
| smb-brute:
| administrator:<blank> => Valid credentials, account disabled
|_ guest:<blank> => Valid credentials, account disabled

Question 4): does the "Valid credentials, account disabled" mean
the script could not break in?

Many thanks,

Computers are like air conditioners.
They malfunction when you open windows


Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.;4175;25;1371;0;5;946;e13b6be442

[ reply ]
Re: nmap smb-brute questions Sep 17 2013 09:17AM
Ansgar Wiechers (bugtraq planetcobalt net) (1 replies)
Re: nmap smb-brute questions Sep 23 2013 10:40PM
ToddAndMargo (ToddAndMargo zoho com)


Privacy Statement
Copyright 2010, SecurityFocus