PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 13:11:28 +00:00
Code Issues Projects Releases Wiki Activity

Fix false positives due to missing start/boot time

Browse Source 
SMB field ServerStartTime ['start_time'] of zero should be interpreted
as "no time provided", not as the start of the epoch.
The field is zeroed out in SMB dialect 3.1.1.
This commit is contained in:
nnposter
2020-12-16 19:19:15 +00:00
parent 003849f795
commit d0cf36c0a7
2 changed files with 22 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@@ -32,6 +32,9 @@ o [NSE][GH#2174] Script hostmap-crtsh got improved in several ways. The most
identities that are syntactically incorrect to be hostnames are now ignored. identities that are syntactically incorrect to be hostnames are now ignored.
[Michel Le Bihan, nnposter] [Michel Le Bihan, nnposter]
o [NSE] Script smb2-vuln-uptime no longer reports false positives when
the target does not provide its boot time. [nnposter]
o [NSE][GH#2197] Client packets composed by the DHCP library will now contain o [NSE][GH#2197] Client packets composed by the DHCP library will now contain
option 51 (IP address lease time) only when requested. [nnposter] option 51 (IP address lease time) only when requested. [nnposter]

34
scripts/smb2-vuln-uptime.nse
View File

@@ -115,24 +115,28 @@ local function check_vulns(host, port)
status, smbstate = smb.start(host) status, smbstate = smb.start(host)
status = smb2.negotiate_v2(smbstate, overrides) status = smb2.negotiate_v2(smbstate, overrides)
if status then if not status then
datetime.record_skew(host, smbstate.time, os.time())
stdnse.debug2("SMB2: Date: %s (%s) Start date:%s (%s)",
smbstate['date'], smbstate['time'],
smbstate['start_date'], smbstate['start_time'])
for _, vuln in pairs(ms_vulns) do
if smbstate['start_time'] < vuln['disclosure_time'] then
stdnse.debug2("Vulnerability detected")
vuln.extra_info = string.format("The system hasn't been rebooted since %s", smbstate['start_date'])
table.insert(vulns_detected, vuln)
end
end
else
stdnse.debug2("Negotiation failed") stdnse.debug2("Negotiation failed")
return nil, "Protocol negotiation failed (SMB2)" return nil, "Protocol negotiation failed (SMB2)"
end end
datetime.record_skew(host, smbstate.time, os.time())
stdnse.debug2("SMB2: Date: %s (%s) Start date:%s (%s)",
smbstate['date'], smbstate['time'],
smbstate['start_date'], smbstate['start_time'])
if smbstate['start_time'] == 0 then
stdnse.debug2("Boot time not provided")
return nil, "Boot time not provided"
end
for _, vuln in pairs(ms_vulns) do
if smbstate['start_time'] < vuln['disclosure_time'] then
stdnse.debug2("Vulnerability detected")
vuln.extra_info = string.format("The system hasn't been rebooted since %s", smbstate['start_date'])
table.insert(vulns_detected, vuln)
end
end
return true, vulns_detected return true, vulns_detected
end end