Merged in my changes from nmap-smb. The primary changes are:

* Updated the way authentication works on smb -- it's significantly cleaner now * smb-enum-shares.nse gives significantly better output now (it checks if shares are writable) * Added a script that checks if smbv2 is enabled on a server * Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc) * Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua. * Lots of random code cleanups in the smb-* scripts/libraries
2025-12-24 00:19:01 +00:00 · 2009-11-08 21:31:06 +00:00
parent d650503778
commit 7d67b08e66
22 changed files with 3875 additions and 565 deletions
--- a/scripts/smbv2-enabled.nse
+++ b/scripts/smbv2-enabled.nse
@@ -0,0 +1,66 @@
+description = [[
+Check whether or not a server is running the SMBv2 protocol. 
+]]
+---
+--@usage
+-- nmap --script smbv2-enabled.nse -p445 <host>
+-- sudo nmap -sU -sS --script smbv2-enabled.nse -p U:137,T:139 <host>
+--
+--@output
+-- Host script results:
+-- |_ smb-v2-enabled: Server supports SMBv2 protocol
+--
+-- Host script results:
+-- |_ smb-v2-enabled: Server doesn't support SMBv2 protocol
+-----------------------------------------------------------------------
+
+author = "Ron Bowes"
+copyright = "Ron Bowes"
+license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
+categories = {"default", "safe"}
+
+require 'msrpc'
+require 'smb'
+require 'stdnse'
+
+hostrule = function(host)
+	return smb.get_port(host) ~= nil
+end
+
+local function go(host)
+	local status, smbstate, result
+	local dialects = { "NT LM 0.12", "SMB 2.002", "SMB 2.???" }
+	local overrides = {dialects=dialects}
+
+	status, smbstate = smb.start(host)
+	if(not(status)) then
+		return false, "Couldn't start SMB session: " .. smb
+	end
+
+	status, result = smb.negotiate_protocol(smbstate, overrides)
+	if(not(status)) then
+		if(string.find(result, "SMBv2")) then
+			return true, "Server supports SMBv2 protocol"
+		end
+		return false, "Couldn't negotiate protocol: " .. result
+	end
+
+	return true, "Server doesn't support SMBv2 protocol"
+end
+
+action = function(host)
+	local status, result = go(host)
+
+	if(not(status)) then
+		if(nmap.debugging() > 0) then
+			return "ERROR: " .. result
+		else
+			return nil
+		end
+	end
+
+	return result
+end
+
+
+