My collection of nmap NSE scripts
Home Page: http://calderonpale.com
Repository for NSE (Nmap Scripting Engine) development. You will find my scripts (including non-official ones), libraries, resources and other related material from my workshops.
-Finishing SMB2 NSE library -Currently working on password mangling functionality
Paulino Calderon calderon()websec.mx http://calderonpale.com
Hi,
thanks for a great script. Can you assist in resolving this:
mrp@user:/usr/share/nmap/scripts$ nmap -p445 --script=smb-vuln-ms17-010.nse 192.168.1.9 -d
NSE: Using Lua 5.2.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:24
Completed NSE at 14:24, 0.00s elapsed
Initiating Ping Scan at 14:24
Scanning 192.168.1.9 [2 ports]
Completed Ping Scan at 14:24, 0.00s elapsed (1 total hosts)
Overall sending rates: 14705.88 packets / s.
mass_rdns: Using DNS server 127.0.1.1
Initiating Parallel DNS resolution of 1 host. at 14:24
mass_rdns: 0.10s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 14:24, 0.02s elapsed
DNS resolution of 1 IPs took 0.10s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 14:24
Scanning 192.168.1.9 [1 port]
Discovered open port 445/tcp on 192.168.1.9
Completed Connect Scan at 14:24, 0.00s elapsed (1 total ports)
Overall sending rates: 4716.98 packets / s.
NSE: Script scanning 192.168.1.9.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:24
NSE: Starting smb-vuln-ms17-010 against 192.168.1.9.
NSE: [smb-vuln-ms17-010 192.168.1.9] SMB: Added account '' to account list
NSE: [smb-vuln-ms17-010 192.168.1.9] SMB: Added account 'guest' to account list
NSE: [smb-vuln-ms17-010 192.168.1.9] LM Password:
NSE: [smb-vuln-ms17-010 192.168.1.9] SMB: Invalid NTLM challenge message: unexpected signature.
NSE: [smb-vuln-ms17-010 192.168.1.9] SMB: WARNING: the server appears to be Unix; your mileage may vary.
NSE: [smb-vuln-ms17-010 192.168.1.9] SMB: Extended login to 192.168.1.9 as USER\guest failed, but was given guest access (username may be wrong, or system may only allow guest)
NSE: [smb-vuln-ms17-010 192.168.1.9] Connected to share 'IPC$'
NSE: smb-vuln-ms17-010 against 192.168.1.9 threw an error!
/usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:101: attempt to call field 'pack' (a nil value)
stack traceback:
/usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:101: in function 'check_ms17010'
/usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:177: in function </usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:155>
(...tail calls...)
Completed NSE at 14:24, 0.02s elapsed
Nmap scan report for 192.168.1.9
Host is up, received conn-refused (0.00011s latency).
Scanned at 2017-09-05 14:24:20 IST for 0s
PORT STATE SERVICE REASON
445/tcp open microsoft-ds syn-ack
Final times for host: srtt: 105 rttvar: 3758 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 14:24
Completed NSE at 14:24, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 0.35 seconds
mrp@user:/usr/share/nmap/scripts$ nmap -version
Nmap version 7.01 ( https://nmap.org )
Platform: x86_64-pc-linux-gnu
Compiled with: liblua-5.2.4 openssl-1.0.2g libpcre-8.38 libpcap-1.7.4 nmap-libdnet-1.12 ipv6
Compiled without:
Available nsock engines: epoll poll select
This error is being displayed in the script output, does this mean that I am safe?
This is a great script; so much so that sometimes the number of matches is overwhelming.
I suppose this is more of a feature request than a problem and I hope this is the right place for this.
I am looking for a way to:
Getting an error when I run it on vulnerable windows machine, I'm sure it is live cause I'm able to ping it.
Can you tell what I am missing here?
Am trying to brute force a test lab (http://smikta.info) with nmap following command
~$ nmap --script http-form-brute -p 80 smikta.info
Starting Nmap 7.92 ( https://nmap.org ) at 2023-01-05 18:48 WAT Nmap scan report for http://smikta.info (192.124.249.69) Host is up (0.28s latency). rDNS record for 192.124.249.69: http://cloudproxy10069.sucuri.net
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 1.89 seconds
Expected
@output
-- PORT STATE SERVICE REASON
-- 80/tcp open http syn-ack
-- | http-form-brute:
-- | Accounts
-- | Patrik Karlsson:secret - Valid credentials
-- | Statistics
-- |_ Perfomed 60023 guesses in 467 seconds, average tps: 138
please what am I doing wrong
Hi,
Got this when testing.
NSE: SMB: Invalid NTLM challenge message: unexpected signature.
NSE: smb-vuln-ms17-010 against xxx.xxx.xxx.xxx threw an error!
/usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:82: variable 'debug1' is not declared
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nselib/strict.lua:80: in function '__index'
/usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:82: in function 'check_ms17010'
/usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:163: in function </usr/bin/../share/nmap/scripts/smb-vuln-ms17-010.nse:141>
(...tail calls...)
Thought it may be helpful.
Here is the output with -dd option.
Note this is redacted for security.
Starting Nmap 7.25BETA1 ( https://nmap.org ) at 2017-05-25 09:19 PDT
Fetchfile found /usr/bin/../share/nmap/nmap-services
Fetchfile found /usr/bin/../share/nmap/nmap.xsl
The max # of sockets we are using is: 0
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.2.
Fetchfile found /usr/bin/../share/nmap/nse_main.lua
Fetchfile found /usr/bin/../share/nmap/nselib/lpeg-utility.lua
Fetchfile found /usr/bin/../share/nmap/nselib/stdnse.lua
Fetchfile found /usr/bin/../share/nmap/nselib/strict.lua
Fetchfile found /usr/bin/../share/nmap/scripts/script.db
NSE: Arguments from CLI: smbusername=###########################,smbdomain=###########################,smbpassword=###########################
NSE: Arguments parsed: smbusername=###########################,smbdomain=###########################,smbpassword=###########################
NSE: {
["smbpassword"] = "###########################",
["smbdomain"] = "###########################",
["smbusername"] = "###########################",
}
NSE: Script smb-vuln-ms17-010.nse was selected by file path.
Fetchfile found /usr/bin/../share/nmap/nselib/smb.lua
Fetchfile found /usr/bin/../share/nmap/nselib/asn1.lua
Fetchfile found /usr/bin/../share/nmap/nselib/match.lua
Fetchfile found /usr/bin/../share/nmap/nselib/netbios.lua
Fetchfile found /usr/bin/../share/nmap/nselib/dns.lua
Fetchfile found /usr/bin/../share/nmap/nselib/ipOps.lua
Fetchfile found /usr/bin/../share/nmap/nselib/unittest.lua
Fetchfile found /usr/bin/../share/nmap/nselib/nsedebug.lua
Fetchfile found /usr/bin/../share/nmap/nselib/listop.lua
Fetchfile found /usr/bin/../share/nmap/nselib/base32.lua
Fetchfile found /usr/bin/../share/nmap/nselib/smbauth.lua
Fetchfile found /usr/bin/../share/nmap/nselib/unicode.lua
Fetchfile found /usr/bin/../share/nmap/nselib/vulns.lua
NSE: Loaded 1 scripts for scanning.
NSE: Loaded './WannaCry/smb-vuln-ms17-010.nse'.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 09:19
Completed NSE at 09:19, 0.00s elapsed
Fetchfile found /usr/bin/../share/nmap/nmap-payloads
Initiating Ping Scan at 09:19
Scanning [IP ADDRESS] [2 ports]
CONN (0.2263s) TCP localhost > [IP ADDRESS]:80 => Operation now in progress
CONN (0.2264s) TCP localhost > [IP ADDRESS]:443 => Operation now in progress
**TIMING STATS** (0.2264s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/
Groupstats (1/1 incomplete): 2/*/*/*/*/* 10.00/75/* 1000000/-1/-1
Current sending rates: 14925.37 packets / s.
Overall sending rates: 14925.37 packets / s.
CONN (0.2269s) TCP localhost > [IP ADDRESS]:80 => Connection refused
ultrascan_host_probe_update called for machine [IP ADDRESS] state UNKNOWN -> HOST_UP (trynum 0 time: 655)
Changing ping technique for [IP ADDRESS] to connect to port 80
Moving [IP ADDRESS] to completed hosts list with 0 outstanding probes.
Changing global ping host to [IP ADDRESS].
Completed Ping Scan at 09:19, 0.00s elapsed (1 total hosts)
Overall sending rates: 2706.36 packets / s.
mass_rdns: Using DNS server [IP ADDRESS]
mass_rdns: Using DNS server [IP ADDRESS]
NSOCK INFO [0.2270s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.2270s] nsock_connect_udp(): UDP connection requested to [IP ADDRESS]:53 (IOD #1) EID 8
NSOCK INFO [0.2270s] nsock_read(): Read request from IOD #1 [[IP ADDRESS]:53] (timeout: -1ms) EID 18
NSOCK INFO [0.2270s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [0.2270s] nsock_connect_udp(): UDP connection requested to [IP ADDRESS]:53 (IOD #2) EID 24
NSOCK INFO [0.2270s] nsock_read(): Read request from IOD #2 [[IP ADDRESS]:53] (timeout: -1ms) EID 34
Initiating Parallel DNS resolution of 1 host. at 09:19
NSOCK INFO [0.2270s] nsock_write(): Write request for 43 bytes to IOD #1 EID 43 [[IP ADDRESS]:53]
NSOCK INFO [0.2270s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [[IP ADDRESS]:53]
NSOCK INFO [0.2270s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 43 [[IP ADDRESS]:53]
NSOCK INFO [0.2270s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 24 [[IP ADDRESS]:53]
NSOCK INFO [0.2280s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 18 [[IP ADDRESS]:53] (120 bytes)
NSOCK INFO [0.2280s] nsock_read(): Read request from IOD #1 [[IP ADDRESS]:53] (timeout: -1ms) EID 50
NSOCK INFO [0.2280s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSOCK INFO [0.2280s] nevent_delete(): nevent_delete on event #50 (type READ)
NSOCK INFO [0.2280s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
NSOCK INFO [0.2280s] nevent_delete(): nevent_delete on event #34 (type READ)
mass_rdns: 0.00s 0/1 [#: 2, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 09:19, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 2, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 09:19
Scanning [IP ADDRESS] [1 port]
CONN (0.2287s) TCP localhost > [IP ADDRESS]:445 => Operation now in progress
**TIMING STATS** (0.2287s): IP, probes active/freshportsleft/retry_stack/outstanding/retranwait/onbench, cwnd/ssthresh/delay, timeout/srtt/rttvar/
Groupstats (1/1 incomplete): 1/*/*/*/*/* 10.00/75/* 1000000/-1/-1
Current sending rates: 12345.68 packets / s.
Overall sending rates: 12345.68 packets / s.
CONN (0.2293s) TCP localhost > [IP ADDRESS]:445 => Connected
Discovered open port 445/tcp on [IP ADDRESS]
Moving [IP ADDRESS] to completed hosts list with 0 outstanding probes.
Changing global ping host to [IP ADDRESS].
Completed Connect Scan at 09:19, 0.00s elapsed (1 total ports)
Overall sending rates: 1470.59 packets / s.
NSE: Script scanning [IP ADDRESS].
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 09:19
NSE: Starting smb-vuln-ms17-010 M:21068a0 against [IP ADDRESS].
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] Encoding name '*'
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] => ' CKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] Performing nbstat on host '[IP ADDRESS]'
NSOCK INFO [0.2280s] nsock_iod_new2(): nsock_iod_new (IOD #1)
NSOCK INFO [0.2290s] nsock_connect_udp(): UDP connection requested to [IP ADDRESS]:137 (IOD #1) EID 8
NSOCK INFO [0.2290s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 8 [[IP ADDRESS]:137]
NSE: UDP [IP ADDRESS]:33553 > [IP ADDRESS]:137 | CONNECT
NSE: UDP [IP ADDRESS]:33553 > [IP ADDRESS]:137 | 00000000: 13 37 00 00 00 01 00 00 00 00 00 00 20 43 4b 41 7 CKA
00000010: 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 41 AAAAAAAAAAAAAAAA
00000020: 41 41 41 41 41 41 41 41 41 41 41 41 41 00 00 21 AAAAAAAAAAAAA !
00000030: 00 01
NSOCK INFO [0.2290s] nsock_write(): Write request for 50 bytes to IOD #1 EID 19 [[IP ADDRESS]:137]
NSOCK INFO [0.2290s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 19 [[IP ADDRESS]:137]
NSE: UDP [IP ADDRESS]:33553 > [IP ADDRESS]:137 | SEND
NSOCK INFO [0.2290s] nsock_readbytes(): Read request for 1 bytes from IOD #1 [[IP ADDRESS]:137] EID 26
NSOCK INFO [1.2290s] nsock_trace_handler_callback(): Callback: READ TIMEOUT for EID 26 [[IP ADDRESS]:137]
NSE: UDP [IP ADDRESS]:33553 > [IP ADDRESS]:137 | CLOSE
NSOCK INFO [1.2290s] nsock_iod_delete(): nsock_iod_delete (IOD #1)
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Starting SMB session for ([IP ADDRESS])
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Added account '' to account list
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Added account 'guest' to account list
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Added account '###########################' to account list
NSOCK INFO [1.2290s] nsock_iod_new2(): nsock_iod_new (IOD #2)
NSOCK INFO [1.2300s] nsock_connect_tcp(): TCP connection requested to [IP ADDRESS]:445 (IOD #2) EID 32
NSOCK INFO [1.2300s] nsock_trace_handler_callback(): Callback: CONNECT SUCCESS for EID 32 [[IP ADDRESS]:445]
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | CONNECT
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB_COM_NEGOTIATE
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Not signing message (missing mac_key)
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB packet (len: 53, attempts remaining: 4)
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | 00000000: 00 00 00 31 ff 53 4d 42 72 00 00 00 00 18 45 68 1 SMBr Eh
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 70 ,p
00000020: 00 00 01 00 00 0e 00 02 4e 54 20 4c 4d 20 30 2e NT LM 0.
00000030: 31 32 00 02 00 12
NSOCK INFO [1.2310s] nsock_write(): Write request for 53 bytes to IOD #2 EID 43 [[IP ADDRESS]:445]
NSOCK INFO [1.2310s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 43 [[IP ADDRESS]:445]
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | SEND
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Receiving SMB packet
NSOCK INFO [1.2310s] nsock_read(): Read request from IOD #2 [[IP ADDRESS]:445] (timeout: 10000ms) EID 50
NSOCK INFO [1.2320s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 50 [[IP ADDRESS]:445] (209 bytes)
NSE: TCP [IP ADDRESS]:37406 < [IP ADDRESS]:445 | 00000000: 00 00 00 cd ff 53 4d 42 72 00 00 00 00 98 45 68 SMBr Eh
00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2c 70 ,p
00000020: 00 00 01 00 11 00 00 03 32 00 01 00 04 11 00 00 2
00000030: 00 00 01 00 00 00 00 00 fc e3 01 80 7b 1e bb 58 { X
00000040: 73 d5 d2 01 a4 01 00 88 00 8f 9e 71 a8 be 34 1e s q 4
00000050: 46 b5 af 31 74 1e 36 5b e9 60 76 06 06 2b 06 01 F 1t 6[ `v +
00000060: 05 05 02 a0 6c 30 6a a0 3c 30 3a 06 0a 2b 06 01 l0j <0: +
00000070: 04 01 82 37 02 02 1e 06 09 2a 86 48 82 f7 12 01 7 * H
00000080: 02 02 06 09 2a 86 48 86 f7 12 01 02 02 06 0a 2a * H *
00000090: 86 48 86 f7 12 01 02 02 03 06 0a 2b 06 01 04 01 H +
000000a0: 82 37 02 02 0a a3 2a 30 28 a0 26 1b 24 6e 6f 74 7 *0( & $not
000000b0: 5f 64 65 66 69 6e 65 64 5f 69 6e 5f 52 46 43 34 _defined_in_RFC4
000000c0: 31 37 38 40 70 6c 65 61 73 65 5f 69 67 6e 6f 72 178@please_ignor
000000d0: 65 e
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Not signing message (missing mac_key)
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Received 209 bytes
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB_COM_SESSION_SETUP_ANDX
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB packet (len: 149, attempts remaining: 4)
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | 00000000: 00 00 00 91 ff 53 4d 42 73 00 00 00 00 18 45 68 SMBs Eh
00000010: 00 00 48 c4 d6 7b 8c 52 c8 8c 00 00 00 00 2c 70 H { R ,p
00000020: 00 00 01 00 0c ff 00 91 00 ff ff 01 00 01 00 00
00000030: 00 00 00 42 00 00 00 00 00 50 00 00 80 56 00 60 B P V `
00000040: 40 06 06 2b 06 01 05 05 02 a0 36 30 34 a0 0e 30 @ + 604 0
00000050: 0c 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 22 04 + 7 "
00000060: 20 4e 54 4c 4d 53 53 50 00 01 00 00 00 15 82 08 NTLMSSP
00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
00000080: 00 4e 6d 61 70 00 4e 61 74 69 76 65 20 4c 61 6e Nmap Native Lan
00000090: 6d 61 6e 00 00 man
NSOCK INFO [1.2320s] nsock_write(): Write request for 149 bytes to IOD #2 EID 59 [[IP ADDRESS]:445]
NSOCK INFO [1.2320s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 59 [[IP ADDRESS]:445]
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | SEND
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Receiving SMB packet
NSOCK INFO [1.2320s] nsock_read(): Read request from IOD #2 [[IP ADDRESS]:445] (timeout: 10000ms) EID 66
NSOCK INFO [1.2330s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 66 [[IP ADDRESS]:445] (373 bytes)
NSE: TCP [IP ADDRESS]:37406 < [IP ADDRESS]:445 | 00000000: 00 00 01 71 ff 53 4d 42 73 16 00 00 c0 98 45 68 q SMBs Eh
00000010: 00 00 48 c4 d6 7b 8c 52 c8 8c 00 00 00 00 2c 70 H { R ,p
00000020: 00 08 01 00 04 ff 00 71 01 00 00 04 01 46 01 a1 q F
00000030: 82 01 00 30 81 fd a0 03 0a 01 01 a1 0c 06 0a 2b 0 +
00000040: 06 01 04 01 82 37 02 02 0a a2 81 e7 04 81 e4 4e 7 N
00000050: 54 4c 4d 53 53 50 00 02 00 00 00 0a 00 0a 00 38 TLMSSP 8
00000060: 00 00 00 15 82 89 02 7c e3 97 c6 54 c1 52 fe 00 | T R
00000070: 00 00 00 00 00 00 00 a2 00 a2 00 42 00 00 00 06 B
[REDACTED]
00000120: 00 6d 00 07 00 08 00 7b 1e bb 58 73 d5 d2 01 00 m { Xs
00000130: 00 00 00 57 69 6e 64 6f 77 73 20 37 20 45 6e 74 Windows 7 Ent
00000140: 65 72 70 72 69 73 65 20 37 36 30 31 20 53 65 72 erprise 7601 Ser
00000150: 76 69 63 65 20 50 61 63 6b 20 31 00 57 69 6e 64 vice Pack 1 Wind
00000160: 6f 77 73 20 37 20 45 6e 74 65 72 70 72 69 73 65 ows 7 Enterprise
00000170: 20 36 2e 31 00 6.1
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Not signing message (server doesn't support it -- default)
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Received 373 bytes
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] LM Password: ###########################
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Lanman hash: ###########################
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: NTLM hash: ###########################
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Creating NTLMv1 response
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Lanman response: ###########################
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: NTLM response: ###########################
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB_COM_SESSION_SETUP_ANDX
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB packet (len: 263, attempts remaining: 4)
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | 00000000: 00 00 01 03 ff 53 4d 42 73 00 00 00 00 18 45 68 SMBs Eh
00000010: 00 00 29 66 06 29 27 d0 25 46 00 00 00 00 2c 70 )f )' %F ,p
00000020: 00 08 01 00 0c ff 00 03 01 ff ff 01 00 01 00 00
00000030: 00 00 00 b4 00 00 00 00 00 50 00 00 80 c8 00 a1 P
00000040: 81 b1 30 81 ae a2 81 ab 04 81 a8 4e 54 4c 4d 53 0 NTLMS
00000050: 53 50 00 03 00 00 00 18 00 18 00 68 00 00 00 08 SP h
00000060: 00 08 00 80 00 00 00 0a 00 0a 00 40 00 00 00 16 @
00000070: 00 16 00 4a 00 00 00 08 00 08 00 60 00 00 00 10 J `
[REDACTED]
000000b0: 00 70 00 6c 39 85 17 7c bf 42 93 8b d9 1a da 46 p l9 | B F
000000c0: cd 4c 82 da c5 c0 9c 88 a1 36 f8 6c 39 85 17 7c L 6 l9 |
000000d0: bf 42 93 8b d9 1a da 46 cd 4c 82 da c5 c0 9c 88 B F L
000000e0: a1 36 f8 00 00 00 00 00 00 00 00 00 00 00 00 00 6
000000f0: 00 00 00 4e 6d 61 70 00 4e 61 74 69 76 65 20 4c Nmap Native L
00000100: 61 6e 6d 61 6e 00 00 anman
NSOCK INFO [1.2340s] nsock_write(): Write request for 263 bytes to IOD #2 EID 75 [[IP ADDRESS]:445]
NSOCK INFO [1.2340s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 75 [[IP ADDRESS]:445]
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | SEND
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Receiving SMB packet
NSOCK INFO [1.2350s] nsock_read(): Read request from IOD #2 [[IP ADDRESS]:445] (timeout: 10000ms) EID 82
NSOCK INFO [1.2390s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 82 [[IP ADDRESS]:445] (122 bytes)
NSE: TCP [IP ADDRESS]:37406 < [IP ADDRESS]:445 | 00000000: 00 00 00 76 ff 53 4d 42 73 00 00 00 00 98 45 68 v SMBs Eh
00000010: 00 00 29 66 06 29 27 d0 25 46 00 00 00 00 2c 70 )f )' %F ,p
00000020: 00 08 01 00 04 ff 00 76 00 00 00 09 00 4b 00 a1 v K
00000030: 07 30 05 a0 03 0a 01 00 57 69 6e 64 6f 77 73 20 0 Windows
00000040: 37 20 45 6e 74 65 72 70 72 69 73 65 20 37 36 30 7 Enterprise 760
00000050: 31 20 53 65 72 76 69 63 65 20 50 61 63 6b 20 31 1 Service Pack 1
00000060: 00 57 69 6e 64 6f 77 73 20 37 20 45 6e 74 65 72 Windows 7 Enter
00000070: 70 72 69 73 65 20 36 2e 31 00 prise 6.1
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Not signing message (server doesn't support it -- default)
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Received 122 bytes
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Extended login to [IP ADDRESS] as ###########################\########################### succeeded
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB_COM_TREE_CONNECT_ANDX
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Sending SMB packet (len: 73, attempts remaining: 4)
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | 00000000: 00 00 00 45 ff 53 4d 42 75 00 00 00 00 18 45 68 E SMBu Eh
00000010: 00 00 64 b8 bd f4 4e fe 88 d5 00 00 00 00 2c 70 d N ,p
00000020: 00 08 01 00 04 ff 00 00 00 00 00 00 00 1a 00 5c \
00000030: 5c 31 39 32 2e 31 36 38 2e 34 2e 31 32 5c 49 50 \[IP ADDRESS]\IP
00000040: 43 24 00 3f 3f 3f 3f 3f 00 C$ ?????
NSOCK INFO [1.2390s] nsock_write(): Write request for 73 bytes to IOD #2 EID 91 [[IP ADDRESS]:445]
NSOCK INFO [1.2390s] nsock_trace_handler_callback(): Callback: WRITE SUCCESS for EID 91 [[IP ADDRESS]:445]
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | SEND
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Receiving SMB packet
NSOCK INFO [1.2390s] nsock_read(): Read request from IOD #2 [[IP ADDRESS]:445] (timeout: 10000ms) EID 98
NSOCK INFO [1.2400s] nsock_trace_handler_callback(): Callback: READ SUCCESS for EID 98 [[IP ADDRESS]:445] (50 bytes): .....SMBu.....Eh..d...N.......,p.............IPC..
NSE: TCP [IP ADDRESS]:37406 < [IP ADDRESS]:445 | 00000000: 00 00 00 2e ff 53 4d 42 75 00 00 00 00 98 45 68 . SMBu Eh
00000010: 00 00 64 b8 bd f4 4e fe 88 d5 00 00 00 08 2c 70 d N ,p
00000020: 00 08 01 00 03 ff 00 2e 00 01 00 05 00 49 50 43 . IPC
00000030: 00 00
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Not signing message (server doesn't support it -- default)
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] SMB: Received 50 bytes
NSE: [smb-vuln-ms17-010 M:21068a0 [IP ADDRESS]] Connected to share 'IPC$'
NSE: smb-vuln-ms17-010 M:21068a0 against [IP ADDRESS] threw an error!
./WannaCry/smb-vuln-ms17-010.nse:91: attempt to call field 'pack' (a nil value)
stack traceback:
./WannaCry/smb-vuln-ms17-010.nse:91: in function 'check_ms17010'
./WannaCry/smb-vuln-ms17-010.nse:164: in function <./WannaCry/smb-vuln-ms17-010.nse:142>
(...tail calls...)
NSE: TCP [IP ADDRESS]:37406 > [IP ADDRESS]:445 | CLOSE
NSOCK INFO [1.2400s] nsock_iod_delete(): nsock_iod_delete (IOD #2)
Completed NSE at 09:19, 1.01s elapsed
Nmap scan report for [IP ADDRESS]
Host is up, received conn-refused (0.00061s latency).
Scanned at 2017-05-25 09:19:19 PDT for 1s
PORT STATE SERVICE REASON
445/tcp open microsoft-ds syn-ack
Final times for host: srtt: 606 rttvar: 3754 to: 100000
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 09:19
Completed NSE at 09:19, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 1.24 seconds
I followed your instructions in the notes page, and whenever I run
nmap --script smb-vuln-ms17-010 -p445 <target>
I just get a normal output as if there were no script option included:
Starting Nmap 7.50 ( https://nmap.org ) at 2017-06-27 12:46 PDT
Nmap scan report for 10.6.11.59
Host is up (0.00061s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds
Nmap done: 1 IP address (1 host up) scanned in 14.30 seconds
No mention of the script. I've run this locally on my Windows PC (W7 SP1) and from an Ubuntu machine. Both run Nmap 7.50, I tried copying the script (from nmap.org, which seems to be newer than the one here...) into the scripts folder and running script-updatedb. It's always the same output. What am I doing wrong?
I get this Error when I try to run the Nmap NSE script nrpe-enum
PORT STATE SERVICE
5666/tcp open nrpe
|_nrpe-enum: ERROR: Script execution failed (use -d to debug)
When in debugging mode, I get this:
F:\Nmap/nselib/bit.lua:30: attempt to perform bitwise operation on a nil value (local 'b')
stack traceback:
F:\Nmap/nselib/bit.lua:30: in function 'bit.band'
F:\Nmap/scripts\nrpe-enum.nse:114: in upvalue 'crc32'
F:\Nmap/scripts\nrpe-enum.nse:153: in upvalue 'nrpe_write'
F:\Nmap/scripts\nrpe-enum.nse:180: in upvalue 'nrpe_check'
F:\Nmap/scripts\nrpe-enum.nse:222: in function <F:\Nmap/scripts\nrpe-enum.nse:202>
(...tail calls...)
How can I fix this?
Am trying to brute force a test lab smikta.info with the command
~$ nmap -d --script http-form-brute --script-args http-form-brute.path=?method=login,brute.firstonly=true,http-form-brute.method=POST,http-form-brute.uservar=user_name,http-form-brute.passvar=user_pass,http-form-brute.onsuccess=Successfully smikta.info
and it keeps giving below quotes
NSE: failed to initialize the script engine:
/usr/bin/../share/nmap/nse_main.lua:1298:arguments did not parse!
stack traceback:
[C]: in function 'error'
/usr/bin/../share/nmap/nse_main.lua:1298: in main chunk
[C]: in ?
QUITTING!
And I was told to excape the special characters
How can I excape the special characters ? and = in the http-form-brute.path argument
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.