PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-26 17:39:03 +00:00
Code Issues Projects Releases Wiki Activity
Files
f6fb4d971c6ac71bd7b6b591adbac24310bc0d7a
nmap/scripts/smb-os-discovery.nse
david 8bd71aaf43 Normalize NSEDoc documentation of scripts. 
I made every script follow a standard form: it starts with the id, followed by
the description. The description is contained in [[ ]] delimiters. The
description is in the global description variable, not in a LuaDoc comment.
Other LuaDoc information such as @args and @usage follows the description in a
comment.

The first paragraph of each description is a a short summary of what the script
does. More detailed information, if any, is given in following paragraphs.

I also improved some wording and formatting in a few cases.
2008-10-14 20:52:50 +00:00

87 lines
2.2 KiB
Lua
Raw Blame History

id = "OS from SMB"
description = [[
Attempts to determine the operating system over the SMB protocol (ports 445 and
139).
\n\n
See nselib/smb.lua for more information on this protocol.
]]
---
--@usage
-- nmap --script smb-os-discovery.nse -p445 127.0.0.1\n
-- sudo nmap -sU -sS --script smb-os-discovery.nse -p U:137,T:139 127.0.0.1
--
--@output
-- | OS from SMB: Windows 2000\n
-- | LAN Manager: Windows 2000 LAN Manager\n
-- | Name: WORKGROUP\TEST1\n
-- |_ System time: 2008-09-09 20:55:55 UTC-5\n
--
-----------------------------------------------------------------------
author = "Ron Bowes"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
require 'smb'
require 'stdnse'
--- Check whether or not this script should be run.
hostrule = function(host)
local port = smb.get_port(host)
if(port == nil) then
return false
else
return true
end
end
--- Converts numbered Windows versions (5.0, 5.1) to the names (Windows 2000, Windows XP).
--@param os The name of the OS
--@return The actual name of the OS (or the same as the 'os' parameter)
function get_windows_version(os)
if(os == "Windows 5.0") then
return "Windows 2000"
elseif(os == "Windows 5.1")then
return "Windows XP"
end
return os
end
action = function(host)
-- Start up SMB
status, socket = smb.start(host)
if(status == false) then
return "Error: " .. socket
end
-- Negotiate protocol
status, negotiate_result = smb.negotiate_protocol(socket)
if(status == false) then
stdnse.print_debug(2, "Negotiate session failed")
smb.stop(socket)
return "Error: " .. negotiate_result
end
-- Start a session
status, session_result = smb.start_session(socket, "", negotiate_result['session_key'], negotiate_result['capabilities'])
if(status == false) then
smb.stop(socket)
return "Error: " .. session_result
end
-- Kill SMB
smb.stop(socket, session_result['uid'])
return string.format("%s\nLAN Manager: %s\nName: %s\\%s\nSystem time: %s %s\n", get_windows_version(session_result['os']), session_result['lanmanager'], negotiate_result['domain'], negotiate_result['server'], negotiate_result['date'], negotiate_result['timezone_str'])
end
Reference in New Issue View Git Blame Copy Permalink