add new functionality for discovering servers using the MSSQL Browser service
add new functionality to decode version data received from the browser service
[Patrik]
NSE: test threw an error!
[string "local connect, socket_lock = ...;..."]:4: bad argument #2 to 'connect' (string expected, got boolean)
stack traceback:
[C]: in function 'connect'
[string "local connect, socket_lock = ...;..."]:4: in function 'connect'
./nselib/dns.lua:53: in function 'sendPackets'
./nselib/dns.lua:252: in function <./nselib/dns.lua:215>
(tail call): ?
(tail call): ?
(tail call): ?
(tail call): ?
././test.nse:41: in function <././test.nse:15>
(tail call): ?
[Patrik]
socket support to NSE, with updates in scripts and libraries.
o [NSE] Added the ability to send and receive on unconnected sockets.
This can be used, for example, to receive UDP broadcasts without
using pcap. A number of scripts have been changed so that they can
work as prerule scripts to discover services by UDP broadcasting,
optionally add the discovered targets to the scanning queue:
- ms-sql-info
- upnp-info
- dns-service-discovery
The nmap.new_socket function can now optionally take a default
protocol and address family, which will be used if the socket is not
connected. There is a new nmap.sendto function to be used with
unconnected UDP sockets. [David, Patrik]
http://seclists.org/nmap-dev/2010/q4/83
changed the way the library reports "Must change password at next logon"
fixed bug in ms-sql-hasdbaccess that would occur if no rows were returned
[Patrik]
and language lists can be set using new keys in the "options" table
argument. These all default to the same value used before. Also, the
required "cookie" argument is now replaced by an optional "cookie"
key in the "options" table, defaulting to random bytes as the RFC
says the value should be. [Kris]
Only ssh2's fetch_host_key() uses this function, but I'm working on
a script and noticed the design flaw regarding the cookie arg (scripts
shouldn't be required to always pass this when it's specified that its
value should be random). The rest was added because the default is
just a subset of algorithms offered across implementations.
1) Set the 'vc' ('virtual circuit') id to a non-zero value (if it's 0, the smb server will disconnect all hosts who are already connected)
2) Handle the authentication error NT_STATUS_REQUEST_NOT_ACCEPTED, which indicates that there are too many connected hosts (11 is the default on most versions of Windows, or 10 for the anonymous account). If we see the error, we wait and try again.
3) Handle the file creation error, NT_STATUS_PIPE_NOT_AVAILABLE, which appears to be caused by a race condition of some sort. It happens when a large number of connections are attempted simultaneously, and is fixed by a short backoff (50ms worked fine, but I'm using 100ms)
The end result is a significant speedup in our SMB checks without losing data.
