Monday, June 28, 2010

SMB script in Nmap Scripting Engine (NSE)

Nmap Scripting Engine (NSE) is one of the powerful features of Nmap. In default installation, Nmap contain quite big numbers of NSE script that useful for almost all the scanning and reconainsence purpose. It can be easily use with the switch --script when execute the Nmap. Example:

$nmap -sT -v --script=smb-enum-shares.nse -p445

For Week5 in GSOC project, I play with this nse with a fresh Windows XP images. The original setting in WinXP as below :

Local Policies : Security Options
Account : Guest account status = Disabled

Network access : Sharing and securiy model for local accounts = Guest only - local users authenticate as Guest

User Rights Assignment
Deny access to this computer from network = SUPPORT_388945a0, Guest

Result :
I have use 2 nse which is smb-enum-users and smb-enum-shares for the scannig purpose.
1. With default WinXP setting, the smb-enum-users scanning will not obtain any result, but the smb-enum-shares return nicely.

2. With the modification in User Right Assignment, i remove the "Guest" in parameter "Deny access to this computer from network", both nse scanning result still the same as Test 1.

3, After I activate the Guest account in the XP images, it made the difference! smb-enum-user return the user account and smb-enum-shares return the shares same as Test 1 and Test 2.

4. Once I add the Guest to Administrators group, more details has shown, including description, commens, etc.


No comments:

Post a Comment