PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-07 21:21:31 +00:00
Code Issues Projects Releases Wiki Activity
8,521 Commits 2 Branches 0 Tags
82df82b5fd2af1565bef8203d8e33e5ed115d112
Commit Graph

51 Commits

Author SHA1 Message Date
david
f26d82b3fc Update the status code name in smb-check-vulns. 
The checks for conficker and ms08_067 check for a specific status code
of 0x00000057, but do so by the name mapping to this value rather than
by value.

The name of this value was change from NT_STATUS_WERR_UNKNOWN_57 to
NT_STATUS_WERR_INVALID_PARAMETER in r24847, breaking these tests because
they were still searching for the "UNKNOWN_57" string.

This error was reported by Kit Peters.
http://seclists.org/nmap-dev/2012/q4/125
 2012-10-18 04:28:11 +00:00
david
3c87635ae8 Use nmap.new_socket in place of nmap:new_socket in smb-check-vulns.nse. 
Kit Peters reported the crash:
smb-check-vulns.nse:366: calling 'new_socket' on bad self (string expected, got table)

http://seclists.org/nmap-dev/2012/q4/124
 2012-10-18 03:47:22 +00:00
henri
f366c0d191 Don't always assume that 'safe=1' was set. Added a check for 'unsafe' in ms08-67 2012-09-08 09:36:25 +00:00
henri
3c3b936391 Indentation fix. 2012-08-01 07:03:53 +00:00
perdo
5ac6c7d64a Fixed errors found by nse_check_globals. 2012-06-06 22:23:02 +00:00
batrick
000f6dc4d9 Lua 5.2 upgrade [1] for NSE. 
[1] http://seclists.org/nmap-dev/2012/q2/34
 2012-05-27 08:53:32 +00:00
david
3c89e089fc Change calls in these forms: 
socket:connect(host.ip, port.number)
socket:connect(host.ip, port.number, port.protocol)

to this:

socket:connect(host, port)

connect can take host and port tables now, and the default protocol is
taken from the port table if possible.
 2010-08-16 18:59:30 +00:00
david
3df554de64 Spell-check NSEDoc. 2010-07-19 16:29:48 +00:00
david
1ff1a4f892 First-pass copyediting on the remaining scripts. 2010-07-12 17:19:26 +00:00
drazen
124b4ef13c Merge from /nmap-exp/drazen/nmap-msrpc. This adds checks for MS06-025 and MS07-029 to smb-check-vulns.nse. 2010-06-14 18:42:54 +00:00
drazen
88a1653d72 Revert r18104. This was a broken merge that still had conflict markers. 2010-06-14 17:32:22 +00:00
drazen
79c14d935c Merged smb-check-vulns from my branch to trunk. 2010-06-14 17:03:15 +00:00
drazen
a99aa3b53b Added a check for the MS07-029 vulnerability within "smb-check-vulns". 
Made some small changes to the function descriptions.
 2010-06-13 02:55:26 +00:00
drazen
48ead20324 Added a NOTUP notification if the target service is down (not started). 2010-06-12 22:13:30 +00:00
drazen
0f4d199b1e Fixed a simple bad gameplay in which I attempt to close 
an already closed SMB session.
 2010-06-12 21:45:16 +00:00
drazen
62c2d97f93 MS06-025: 
-- Finished, tested and merged into smb-check-vulns
	-- msrpc.lua contains the code required to interface with the RASRPC interface
 2010-06-12 19:32:50 +00:00
ron
3a3535e07c Fixed a couple formatting bugs in the smb-* libraries that come up when debugging/verbose is disabled 2010-02-20 15:03:11 +00:00
david
a3a7d79b5f Update some SecLists URLs. 2010-02-11 17:43:02 +00:00
david
45a75f35eb Update the link for the Python checker for MS08-067. 2010-02-11 03:13:54 +00:00
ron
046c637bb1 Fixed a typo and a circular dependency in smb-check-vulns.nse. 2010-01-04 17:00:40 +00:00
batrick
610bd0a55b Merge from Dependencies branch (nmap-exp/patrick/dependencies) 
with modifications from [2].

** Short description from [1] **

I have created a patch to NSE that replaces runlevels with a table of
dependencies that clearly outlines what other scripts the script
depends on. The table is of the form:

dependences = {"script1", script2", ...}

Runlevels become an internal representation of the order of scripts
that are generated by the dependencies. Dependencies only enforce
an execution order and not a requirement for execution.

[1] http://seclists.org/nmap-dev/2009/q4/295
[2] http://seclists.org/nmap-dev/2009/q4/446
 2009-12-30 02:34:05 +00:00
ron
08da8db7f0 Importing changes from my branch. There are two major updates: 
1) I wrote a function that formats output from scripts in a consistent way. Although we haven't really come to a concensus on how it should look yet, it's easy to change when we do. 
2) New script: smb-enum-groups.nse. Enumerate the local groups on a system and their membership.
 2009-11-20 16:05:06 +00:00
batrick
b356ce2580 Added smb-check-vulns.nse to the vuln category. 2009-10-06 12:04:35 +00:00
ron
32d9c9fe98 Added a check for a SMBv2 vulnerability (CVE-2009-3103) to smb-check-vulns. Due to its nature (it performs a DoS, then checks if the system is still online), the script isn't run by default and requires a special script-arg to work. 2009-09-14 15:23:06 +00:00
ron
8ba83f3460 Cleaned up the output for smb-check-vulns.nse. Messages are no longer displayed by default if a vulnerability (or infection) isn't found. With -v, messages indicating a vulnerability was fixed or malware wasn't found are displayed. With -d, error messages are displayed. 2009-06-09 17:56:41 +00:00
ron
1fbc9e62cf defaulted to basic login for smb-check-vulns (the test infected box I found doens't like extended logins, not sure whether it's because of Conficker or if it was random chance 2009-04-17 01:13:57 +00:00
ron
dd9f063b1f Updated Conficker.D-detection code 2009-04-17 01:09:29 +00:00
ron
14f2c0c6db Added experimental checks for Conficker.D/E 2009-04-17 00:34:13 +00:00
ron
80b53d8ffa Fixed a comment -- said 'windows 2003' where it should have been 'windows 2000' 2009-04-03 13:29:04 +00:00
david
7e2b32e6ed Fix an error with smb-check-vulns.nse Conficker error help. I was catching the 
error at the wrong level, so not all possible errors were being run through the
help table. Specifically, errors returned msrpc.start_smb and msrpc.bind, which
included at least NT_STATUS_OBJECT_NAME_NOT_FOUND, didn't get the explanatory
text. I made a mistake in testing the error reporting the first time around.
 2009-04-02 17:26:04 +00:00
david
09762c4d85 Add helpful text for the two most common errors seen in the Conficker 
check in smb-check-vulns.nse: NT_STATUS_OBJECT_NAME_NOT_FOUND and
NT_STATUS_ACCESS_DENIED. Ron and I found the best explanations for these
that we could. There is another error, NT_STATUS_NOT_SUPPORTED, which is
less common than these but has been observed. We still don't have a clue
as to the cause of that one.
 2009-04-02 02:27:47 +00:00
ron
dde55ed602 Added a change to eliminate possible false negatives 2009-04-01 12:23:21 +00:00
ron
f157387be1 Changed message when checks are disabled (it seemed to be confusing people) 2009-04-01 03:31:13 +00:00
ron
cf73d9eb03 Fixed a bug where every host showed up as 'infected'.. oops\! 2009-03-31 15:18:03 +00:00
ron
70275c69c3 Fixed a small output bug in smb-check-vulns where it would print 'PATCHED' if an error occurred (in addition to the error message) 2009-03-31 15:04:10 +00:00
ron
f4575514af Updated Conficker detection: change some constants, better error checking for MS08-067 patch (tell the user if the system has a jury-rigged patch instead of a cryptic error) 2009-03-31 14:14:24 +00:00
kris
f6f61ecf83 typos in docs/comments: if->is and alse->false 2009-03-30 20:25:45 +00:00
ron
9948b1d7f4 Print Connficker error messages always 2009-03-30 19:16:55 +00:00
ron
67a6886318 Changed spelling of 'Connficker' to 'Conficker' 2009-03-30 15:24:36 +00:00
ron
9060d2fadd Modified smb-check-vulns.nse to check for Connficker infections. Got permission from authors of simple connficker scanner (scs.zip) to post this 2009-03-30 14:46:58 +00:00
ron
45744eddc3 Merge in changes from my private branch, primarily smb-brute.nse and smb-pwdump.nse, among other smaller changes. 2009-03-05 02:03:29 +00:00
david
00b65b7768 Remove script args that are inherited from modules from sript documentation. 
Such args are now included automatically in the generated documentation.
 2009-02-05 23:45:12 +00:00
david
81886dc21d Remove id variables from a couple of scripts. 2009-01-26 05:56:49 +00:00
ron
773000b65a Merging changes from my experimental branch; the new versions of this scripts, which have significant changes to their core functionality, managed to hold their own against Brandon's network. More testing would be very helpful, though, especially with credentials (most of Brandon's scans were anonymous). 2008-12-24 00:53:01 +00:00
ron
ea42f39faa Merged in significant changes to Microsoft RPC calls 2008-12-07 16:16:11 +00:00
david
85deff9ede Use a more straightforward return style in script rules. Instead of 
if cond then
		return true
	else
		return false
	end

just do

	return cond
 2008-11-18 16:59:09 +00:00
david
dd586b90bd Remove smb-check-vulns.nse from the vuln category, leaving it in intrusive. 2008-11-11 00:48:48 +00:00
david
03c9145785 Take smb-check-vulns.nse out of discovery and put it in vuln. 2008-11-11 00:35:41 +00:00
david
9d97468d48 Update some documenation in smb-check-vulns.nse. 2008-11-10 23:18:20 +00:00
david
65348958eb Rearrange some symbolic constants in smb-check-vulns.nse so as not to confuse 
NSEDoc. Also fix a couple of typos.
 2008-11-10 21:44:35 +00:00