PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity
11,144 Commits 2 Branches 0 Tags
7f779ef8b64a33072ec6796871c247c65a8759f8
Commit Graph

98 Commits

Author SHA1 Message Date
ron
2035b82dfd Fixed a really tricky bug that I spent all evening chasing. Normally, during login, every account in the list (by default, guest and anonymous) are attempted. Unless something fails badly, anonymous will work. Unfortunately, if something DOES fail badly, after the first script runs this list is empty. That means if something bad is happening, and two or more scripts are running, every script after the first will have an empty list of accounts to use, and it would fail mysteriously. This patch checks the return value from the get_next_account() function properly to see if we've run out of accounts and report that to the user rather than an ugly stacktrace. 2010-09-24 00:47:43 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
ron
934cf2edf0 Significant changes, both bugfixes and best practice changes, to smb-psexec.nse. Primarily: 
o It no longer uses the global environment to store the modules table
o It now uses loadfile() to load the configuration files, which follows best practices better
o The module() line at the top of the configuration files is no longer required, but if it exists all that happens is a warning is printed
o Worked around what appears to be a bug in one person's Nmap install where absolute paths didn't resolve properly -- I couldn't replicate, but he confirmed it was fixed
 2010-08-07 19:36:47 +00:00
david
7d0c08a097 Brief copyediting of NSEDoc for modules. 2010-07-12 19:42:43 +00:00
ron
50b9af97b6 Added extra 'overrides' calls all over smb.lua. They're required for some modifications to smb-check-vulns.nse I'm planning. 2010-05-15 15:57:01 +00:00
drazen
f41a94622a --A small formating fix. 2010-05-11 18:31:47 +00:00
ron
cb60803ad1 Fixed a couple bugs in the smb-* scripts involving undeclared variables. These only cropped up if the guest/anonymous accounts were disabled, which I'd never seen before. 2010-04-18 13:43:27 +00:00
david
5fa554266b Fix NSEDoc. 2010-03-31 20:28:14 +00:00
david
87fbf1df1e Recognize NT_STATUS_INVALID_PARAMETER as a known error code when testing 
if a share is writable (along with NT_STATUS_ACCESS_DENIED). I got this
code from a printer share.
 2010-02-12 23:14:37 +00:00
ron
ba9532c2d4 Changed an error message throughout smb.lua that I never really liked. 2010-01-23 17:25:30 +00:00
ron
b00f6234d5 Fixed some bugs found by Brandon Enright in smb.lua. They were all caused by servers returning less bytes than they're supposed to. This revision basically makes the broken-server detection more robust. 2010-01-23 17:23:57 +00:00
ron
13f8f95a5f nmap_service.exe is now encoded locally by xor'ing each byte by 0xFF. It is decoded in line before it is uploaded. This is to prevent antivirus false positives from picking it up. 2010-01-23 16:56:49 +00:00
ron
c4237f60b0 Updated smb-psexec to finally work on Windows XP, after countless months of it eating away at me. The issue turned out to be an innocuous field in the SMB header, 'process id', which is generally used for connection multiplexing. Apparently, not setting it causes a bug in Windows to surface (I assume it's a bug, anyways) that returns a weird failure code. I found this thanks to Kristof Boeynaems doing some research for me, and then me trying random things to make my packets look more like metasploit's. 2010-01-06 03:10:27 +00:00
ron
efcb11b1b0 Reduced the number of connections/traffic used by smb-enum-shares.nse by half. I was checking a random share to see if the right error is returned for every share, when it only actually had to be done once. 2009-11-20 17:00:55 +00:00
ron
7d67b08e66 Merged in my changes from nmap-smb. The primary changes are: 
* Updated the way authentication works on smb -- it's significantly cleaner now
* smb-enum-shares.nse gives significantly better output now (it checks if shares are writable)
* Added a script that checks if smbv2 is enabled on a server
* Added smb-psexec, a script for executing commands on a remote Windows server. I also included some default scripts, a compiled .exe to run everything, and a ton of documentation (in the form of NSEDoc)
* Added 'override' parameters to some of the functions in smb.lua, which lets the programmer override any field in an outgoing SMB packet without modifying smb.lua. 
* Lots of random code cleanups in the smb-* scripts/libraries
 2009-11-08 21:31:06 +00:00
jah
dcfa102a1b Fix the indexing of Globals - found with the help of strict.lua and Patrick's 
check_globals script.

Commented-out two functions which are currently unused:
svcctl_Type_tostr() and svcctl_State_tostr()
and which call currently unavailable functions:
svcctl_Type_str() and svcctl_State_str()

(see http://seclists.org/nmap-dev/2009/q3/0194.html )
 2009-07-17 22:38:26 +00:00
batrick
90a712ae2b Patch to libraries that were inappropriately using globals. 
Often two (or more) scripts using the same library would
overwrite the globals each was using. This would result
in (at best) an error or (at worst) a deadlock.

The patch changes the global accesses to local.
 2009-07-07 00:20:52 +00:00
ron
ab59b09c03 Miscellaneous code cleanups in my smb-* libraries/scripts (removed unused includes, old debug code, etc.) 2009-06-10 23:13:15 +00:00
ron
a251c563c3 fixed a <code> tag in smb.lua's NSEDoc 2009-04-19 17:44:45 +00:00
ron
cd9098c48b Revert part of my previous commit -- forgot to remove some test code 2009-04-02 14:10:56 +00:00
ron
08fadd08fc Fixed a bug where the scan would hit a nil-pointer exception when scanning broken implementations (reported by Steve Horejsi -- http://www.skullsecurity.org/blog/?p=209&cpage=2#comment-219). This was due to using incorrect variable names. 2009-04-02 14:09:52 +00:00
ron
74ffd7b4c7 Raise timeout for SMB scans to 20 seconds -- I got several error reports due to timeouts 2009-03-31 20:30:45 +00:00
ron
9060d2fadd Modified smb-check-vulns.nse to check for Connficker infections. Got permission from authors of simple connficker scanner (scs.zip) to post this 2009-03-30 14:46:58 +00:00
ron
80591c9cc6 Cleaned up output of smb-server-stats.nse 2009-03-12 14:56:23 +00:00
ron
45744eddc3 Merge in changes from my private branch, primarily smb-brute.nse and smb-pwdump.nse, among other smaller changes. 2009-03-05 02:03:29 +00:00
david
b504fb78fa Fix some NSEDoc errors. 2009-01-13 00:18:46 +00:00
ron
67f9577de9 No longer erroring if a server leaves out the 'domain' section of packets (some configurations of Samba seem to do this) 2008-12-24 20:36:30 +00:00
ron
773000b65a Merging changes from my experimental branch; the new versions of this scripts, which have significant changes to their core functionality, managed to hold their own against Brandon's network. More testing would be very helpful, though, especially with credentials (most of Brandon's scans were anonymous). 2008-12-24 00:53:01 +00:00
ron
32f6181224 Updated some error messages for more clarity, and added a number after them to help track back issues that may arise. 2008-12-08 15:06:17 +00:00
ron
80dec40366 Added some more DOS constants that Brandon ran across 2008-12-08 03:48:23 +00:00
ron
ea42f39faa Merged in significant changes to Microsoft RPC calls 2008-12-07 16:16:11 +00:00
ron
158423041a Fixed some minor bugs in smb.lua (functions returned the wrong value in some cases) 2008-11-19 00:27:35 +00:00
ron
b53edf3d62 Merging in change to how SMB mutexes are handled (should improve speed significantly for parallel scans) 2008-11-16 16:53:08 +00:00
ron
82ce5f2a92 Merge from /nmap-exp/ron/ms08-067-test 2008-11-10 16:23:12 +00:00
david
5f166e19ec Don't use empty parentheses when referring to functions by name in NSE 
documentation.
 2008-11-07 22:49:49 +00:00
david
e0a3c5c64f Abbreviate the summaries of the smb and msrpc modules. 2008-11-04 00:20:22 +00:00
david
5fffad15eb Canonicalize script args in smb.lua. Canonicalize @copyright lines in 
netbios.lua, smb.lua, and msrpc.lua.
 2008-11-03 23:47:22 +00:00
david
5e6e7151e9 Fix a few small NSEDoc errors. 2008-11-03 20:26:16 +00:00
david
cc7a58cd7a Merge from /nmap-exp/ron/nmap-smb. This adds the new scripts 
smb-serverstats.nse, smb-enumsessions.nse, and smb-enumshares.nse.
 2008-11-03 20:00:24 +00:00
david
2cceb5184c Separate the first paragraph from the rest of the description with a blank 
line, not "\n\n", in the SMB and MSRPC scripts and modules. There are newer
versions of these files pending review, so this is just a quick measure to let
me use first paragraphs as summaries rather than first sentences.
 2008-11-03 16:17:07 +00:00
david
7c59faa380 Fix a syntax error in smb.lua. (My fault, it happened while I was testing 
documentation markup.)
 2008-10-24 22:02:22 +00:00
david
3ee17ecb5c Fix NSEDoc error messages, except for some "documenting undefined parameter" 
that happen when one function is defined to be another by assignment.
 2008-10-24 17:05:40 +00:00
david
7e15f259a4 Standardize the @copyright fields of NSE modules; change "See nmaps COPYING for 
license" to "Same as Nmap--See http://nmap.org/book/man-legal.html" like
scripts commonly use. I added the field to some modules I know to be under the
Nmap license: bin, datafiles, dns, nmap, unpwdb. I left alone bin, bit, pcre,
and url, which come from outside sources.
 2008-10-24 00:44:22 +00:00
david
eb5a40dc81 Use <code> markup in nselib/smb.lua. 2008-10-21 22:19:52 +00:00
david
f58f559b81 Reformat and merge documentation for stdnse, shortport, strbuf, snmp, ssh1, 
ssh2, smb, pop3, and msrpc.
 2008-10-16 00:38:53 +00:00
david
ae7455279e Add a new msrpc.lua module, plus new scripts smb-enumdomains.nse, 
smb-enumshares.nse, and smb-enumusers.nse. Also enhance the netbios.lua and
smb.lua modules. Remove the smb-enum.nse script. All these changes are from Ron
Bowes.
 2008-10-04 21:58:39 +00:00
david
f054d25d1f Adjust the categories of the new SMB scripts. Also fix a couple of 
documentation typos.

smb-os-discovery.nse
-categories = {"version","default"}
+categories = {"default", "discovery", "safe"}
 
smb-enum.nse
-categories = {"version","intrusive"}
+categories = {"discovery", "intrusive"}
 
smb-security-mode.nse
-categories = {"version"}
+categories = {"discovery", "safe"}
 2008-09-15 18:10:00 +00:00
david
9eff25bbc4 Add Ron Bowes's netbios and smb NSE modules and new scripts that use them. They 
were introduced in http://seclists.org/nmap-dev/2008/q3/0827.html.
 2008-09-15 17:58:38 +00:00