PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-17 13:09:02 +00:00
Code Issues Projects Releases Wiki Activity

fix to get smb-enum-shares working on Windows 2008 and Windows 7

Browse Source
This commit is contained in:
patrik
2012-06-13 20:35:50 +00:00
parent 36363d904b
commit e6a42c9291
1 changed files with 24 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
nselib/smb.lua
View File

@@ -2971,12 +2971,17 @@ end
-- bad, because it means we cannot tell whether or not a share exists). -- bad, because it means we cannot tell whether or not a share exists).
-- --
--@param host The host object --@param host The host object
--@param use_anonymous [optional] If set to 'true', test is done by the anonymous user rather than the current user.
--@return (status, result) If status is false, result is an error message. Otherwise, result is a boolean value: --@return (status, result) If status is false, result is an error message. Otherwise, result is a boolean value:
-- true if the file was successfully written, false if it was not. -- true if the file was successfully written, false if it was not.
function share_host_returns_proper_error(host) function share_host_returns_proper_error(host, use_anonymous)
local status, smbstate, err local status, smbstate, err
local share = "nmap-share-test" local share = "nmap-share-test"
local overrides = get_overrides_anonymous() local overrides
if ( use_anonymous ) then
overrides = get_overrides_anonymous()
end
-- Begin the SMB session -- Begin the SMB session
status, smbstate = start(host) status, smbstate = start(host)
@@ -3047,10 +3052,9 @@ function share_get_details(host, share)
-- Check if the anonymous reader can read the share -- Check if the anonymous reader can read the share
stdnse.print_debug(1, "SMB: Checking if share %s can be read by the anonymous user", share) stdnse.print_debug(1, "SMB: Checking if share %s can be read by the anonymous user", share)
status, result = share_anonymous_can_read(host, share) status, result = share_anonymous_can_read(host, share)
if(status == false) then if(status == true) then
return false, result
end
details['anonymous_can_read'] = result details['anonymous_can_read'] = result
end
-- Check if the current user can write to the share -- Check if the current user can write to the share
stdnse.print_debug(1, "SMB: Checking if share %s can be written by the current user", share) stdnse.print_debug(1, "SMB: Checking if share %s can be written by the current user", share)
@@ -3067,15 +3071,11 @@ function share_get_details(host, share)
-- Check if the anonymous user can write to the share -- Check if the anonymous user can write to the share
stdnse.print_debug(1, "SMB: Checking if share %s can be written by the anonymous user", share) stdnse.print_debug(1, "SMB: Checking if share %s can be written by the anonymous user", share)
status, result = share_anonymous_can_write(host, share) status, result = share_anonymous_can_write(host, share)
if(status == false) then if(status == false and result == "NT_STATUS_OBJECT_NAME_NOT_FOUND") then
if(result == "NT_STATUS_OBJECT_NAME_NOT_FOUND") then
details['anonymous_can_write'] = "NT_STATUS_OBJECT_NAME_NOT_FOUND" details['anonymous_can_write'] = "NT_STATUS_OBJECT_NAME_NOT_FOUND"
else elseif( status == true ) then
return false, result
end
end
details['anonymous_can_write'] = result details['anonymous_can_write'] = result
end
-- Try and get full details about the share -- Try and get full details about the share
status, result = msrpc.get_share_info(host, share) status, result = msrpc.get_share_info(host, share)
@@ -3144,13 +3144,18 @@ function share_get_list(host)
table.sort(shares) table.sort(shares)
-- Ensure that the server returns the proper error message -- Ensure that the server returns the proper error message
-- first try anonymously, then using a user account (in case anonymous connections are not supported)
for _, anon in ipairs({true, false}) do
status, result = share_host_returns_proper_error(host) status, result = share_host_returns_proper_error(host)
if(status == false) then
return false, result
end
if(status == true and result == false) then if(status == true and result == false) then
return false, "Server doesn't return proper value for non-existent shares; can't enumerate shares" return false, "Server doesn't return proper value for non-existent shares; can't enumerate shares"
end end
end
if(status == false) then
return false, result
end
-- Get more information on each share -- Get more information on each share
for i = 1, #shares, 1 do for i = 1, #shares, 1 do