New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

smb-enum-users no results #238

Closed
Meatballs1 opened this Issue Nov 20, 2015 · 1 comment

Comments

Projects
None yet
3 participants
@Meatballs1

Meatballs1 commented Nov 20, 2015

Against win2k3 R2 box:

nmap -p445 --script=smb-enum-users -nvv 192.168.72.141

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-20 14:00 GMT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:00
Completed NSE at 14:00, 0.00s elapsed
Initiating ARP Ping Scan at 14:00
Scanning 192.168.72.141 [1 port]
Completed ARP Ping Scan at 14:00, 0.23s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 14:00
Scanning 192.168.72.141 [1 port]
Discovered open port 445/tcp on 192.168.72.141
Completed SYN Stealth Scan at 14:00, 0.27s elapsed (1 total ports)
NSE: Script scanning 192.168.72.141.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:00
Completed NSE at 14:00, 0.10s elapsed
Nmap scan report for 192.168.72.141
Host is up, received arp-response (0.00087s latency).
Scanned at 2015-11-20 14:00:11 GMT for 0s
PORT    STATE SERVICE      REASON
445/tcp open  microsoft-ds syn-ack ttl 128
MAC Address: 00:0C:29:B6:2E:1C (VMware)

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:00
Completed NSE at 14:00, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
           Raw packets sent: 3 (116B) | Rcvd: 3 (116B)

if we add -dd we can see it is gathering usernames:

NSE: [smb-enum-users M:1819b40 192.168.72.141] SMB: Closing socket
NSOCK INFO [1.1870s] nsi_delete(): nsi_delete (IOD #3)
NSE: [smb-enum-users M:1819b40 192.168.72.141] EnumUsers: Received 110 names from LSA
NSE: Finished smb-enum-users M:1819b40 against 192.168.72.141.
@cldrn

This comment has been minimized.

Show comment
Hide comment
@cldrn

cldrn Nov 20, 2015

Member

Would you mind sending me the entire packet trace to calderon@websec.mx (In case you can't post it here)?
I was tracking a bug affecting this script too (#107). This week I'm setting up different environments to test SMB stuff and take a look at how the fragmentation routine works in different versions.

Member

cldrn commented Nov 20, 2015

Would you mind sending me the entire packet trace to calderon@websec.mx (In case you can't post it here)?
I was tracking a bug affecting this script too (#107). This week I'm setting up different environments to test SMB stuff and take a look at how the fragmentation routine works in different versions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment