Andrey Zhukov from USSCNMAP:NBNS-INTERFACES.NSEnbns-interfaces NSE Script
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
Retrieves IP addresses of the target’s network interfaces via NetBIOS NS. Additional network interfaces may reveal more information about the target, including finding paths to hidden non-routed networks via multihomed systems.
Example Usage
nmap -sU -p 137 --script nbns-interfaces <host>
Script Output
PORT STATE SERVICE
137/udp open netbios-ns
| nbns-interfaces:
| hostname: NOTEBOOK-NB3
| interfaces:
| 10.5.4.89
| 192.168.56.1
|_ 172.24.80.1
MAC Address: 9C:7B:EF:AA:BB:CC (Hewlett Packard)
Requires
local shortport = require "shortport"
local netbios = require "netbios"
local nmap = require "nmap"
local stdnse = require "stdnse"
local string = require "string"
local table = require "table"
description = [[
Retrieves IP addresses of the target's network interfaces via NetBIOS NS.
Additional network interfaces may reveal more information about the target,
including finding paths to hidden non-routed networks via multihomed systems.
]]
---
-- @usage
-- nmap -sU -p 137 --script nbns-interfaces <host>
--
-- @output
-- PORT STATE SERVICE
-- 137/udp open netbios-ns
-- | nbns-interfaces:
-- | hostname: NOTEBOOK-NB3
-- | interfaces:
-- | 10.5.4.89
-- | 192.168.56.1
-- |_ 172.24.80.1
-- MAC Address: 9C:7B:EF:AA:BB:CC (Hewlett Packard)
--
-- @xmloutput
-- <elem key="hostname">NOTEBOOK-NB3</elem>
-- <table key="interfaces">
-- <elem>10.5.4.89</elem>
-- <elem>192.168.56.1</elem>
-- <elem>172.24.80.1</elem>
-- </table>
---
author = {"Andrey Zhukov from USSC"}
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"default", "discovery", "safe"}
portrule = nmap.address_family() == 'inet' -- NBNS is IPv4 only
and shortport.portnumber(137, "udp")
or function () return false end
get_ip = function (buf)
return table.concat({buf:byte(1, 4)}, ".")
end
action = function (host)
local output = stdnse.output_table()
local status, server_name = netbios.get_server_name(host)
if not (status and server_name) then
return stdnse.format_output(false, "Failed to get NetBIOS server name of the target")
end
local status, result = netbios.nbquery(host, server_name)
if not status then
return stdnse.format_output(false, "Failed to get remote network interfaces")
end
output.hostname = server_name
output.interfaces = {}
for _, v in ipairs(result) do
for i=1, #v.data, 6 do
output.interfaces[#output.interfaces + 1] = get_ip(v.data:sub(i+2, i+2+3))
end
end
return output
end
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C