/nmap

New issue

smb-enum-users no results #238

Closed
Meatballs1 opened this Issue Nov 20, 2015 · 1 comment

Comments

Assignees
No one assigned
Labels
bug NSE
Projects
None yet
Milestone
No milestone
3 participants
@Meatballs1 @cldrn @dmiller-nmap
@Meatballs1

Meatballs1 commented Nov 20, 2015

Against win2k3 R2 box:

nmap -p445 --script=smb-enum-users -nvv 192.168.72.141

Starting Nmap 6.49BETA4 ( https://nmap.org ) at 2015-11-20 14:00 GMT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:00
Completed NSE at 14:00, 0.00s elapsed
Initiating ARP Ping Scan at 14:00
Scanning 192.168.72.141 [1 port]
Completed ARP Ping Scan at 14:00, 0.23s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 14:00
Scanning 192.168.72.141 [1 port]
Discovered open port 445/tcp on 192.168.72.141
Completed SYN Stealth Scan at 14:00, 0.27s elapsed (1 total ports)
NSE: Script scanning 192.168.72.141.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:00
Completed NSE at 14:00, 0.10s elapsed
Nmap scan report for 192.168.72.141
Host is up, received arp-response (0.00087s latency).
Scanned at 2015-11-20 14:00:11 GMT for 0s
PORT    STATE SERVICE      REASON
445/tcp open  microsoft-ds syn-ack ttl 128
MAC Address: 00:0C:29:B6:2E:1C (VMware)

NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:00
Completed NSE at 14:00, 0.00s elapsed
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.32 seconds
           Raw packets sent: 3 (116B) | Rcvd: 3 (116B)

if we add -dd we can see it is gathering usernames:

NSE: [smb-enum-users M:1819b40 192.168.72.141] SMB: Closing socket
NSOCK INFO [1.1870s] nsi_delete(): nsi_delete (IOD #3)
NSE: [smb-enum-users M:1819b40 192.168.72.141] EnumUsers: Received 110 names from LSA
NSE: Finished smb-enum-users M:1819b40 against 192.168.72.141.
@cldrn

cldrn commented Nov 20, 2015

Would you mind sending me the entire packet trace to calderon@websec.mx (In case you can't post it here)?
I was tracking a bug affecting this script too (#107). This week I'm setting up different environments to test SMB stuff and take a look at how the fragmentation routine works in different versions.

@dmiller-nmap dmiller-nmap added bug NSE labels Nov 20, 2015

Varunram referenced this issue Feb 25, 2017

Closed

Issues with smb-enum-shares and smb-enum-users #704

nmap-bot closed this in b0228a2 May 27, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment