PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-15 20:29:03 +00:00
Code Issues Projects Releases Wiki Activity

Fixed bug in smb.lua share_get_list function to use anonymous connections first. Closes #904

Browse Source
This commit is contained in:
waituck
2017-06-11 19:42:33 +00:00
parent 24f1d960fc
commit b4e1daef74
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -1,5 +1,8 @@
# Nmap Changelog ($Id$); -*-text-*- # Nmap Changelog ($Id$); -*-text-*-
o [NSE] smb library's share_get_list now properly uses anonymous connections
first before falling back authenticating as a known user.
o [NSE] New script smb-vuln-cve-2017-7494 detects a remote code execution o [NSE] New script smb-vuln-cve-2017-7494 detects a remote code execution
vulnerability affecting Samba versions 3.5.0 and greater with writable vulnerability affecting Samba versions 3.5.0 and greater with writable
shares. [Wong Wai Tuck] shares. [Wong Wai Tuck]

3
nselib/smb.lua
View File

@@ -2498,6 +2498,7 @@ end
-- data is given as a string, not a file. -- data is given as a string, not a file.
-- --
--@param host The host object --@param host The host object
--@param data The string containing the data to be written
--@param share The share to upload it to (eg, C$). --@param share The share to upload it to (eg, C$).
--@param remotefile The remote file on the machine. It is relative to the share's root. --@param remotefile The remote file on the machine. It is relative to the share's root.
--@param use_anonymous [optional] If set to 'true', test is done by the anonymous user rather than the current user. --@param use_anonymous [optional] If set to 'true', test is done by the anonymous user rather than the current user.
@@ -3189,7 +3190,7 @@ function share_get_list(host)
-- Ensure that the server returns the proper error message -- Ensure that the server returns the proper error message
-- first try anonymously, then using a user account (in case anonymous connections are not supported) -- first try anonymously, then using a user account (in case anonymous connections are not supported)
for _, anon in ipairs({true, false}) do for _, anon in ipairs({true, false}) do
status, result = share_host_returns_proper_error(host) status, result = share_host_returns_proper_error(host, anon)
if(status == true and result == false) then if(status == true and result == false) then
return false, "Server doesn't return proper value for non-existent shares; can't enumerate shares" return false, "Server doesn't return proper value for non-existent shares; can't enumerate shares"