9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Attempts to grab the server’s statistics over SMB and MSRPC, which uses TCP ports 445 or 139.
An administrator account is required to pull these statistics on most versions of Windows, and Vista and above require UAC to be turned down.
Some of the numbers returned here don’t feel right to me, but they’re definitely the numbers that Windows returns. Take the values here with a grain of salt.
These statistics are found using a single call to a SRVSVC function, NetServerGetStatistics
. This packet is parsed incorrectly by Wireshark, up to version 1.0.3 (and possibly higher).
See the documentation for the smb library.
See the documentation for the smbauth library.
nmap --script smb-server-stats.nse -p445 <host>
sudo nmap -sU -sS --script smb-server-stats.nse -p U:137,T:139 <host>
Host script results:
| smb-server-stats:
| | Server statistics collected since 2009-09-22 09:56:00 (48d5h53m36s):
| | | 6513655 bytes (1.56 b/s) sent, 40075383 bytes (9.61 b/s) received
|_ |_ |_ 19323 failed logins, 179 permission errors, 0 system errors, 0 print jobs, 2921 files opened
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%