9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%
Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won’t get any, nor will anonymous. This goes for all operating systems, including Windows 2000.
Windows Vista disables remote registry access by default, so unless it was enabled, this script won’t work.
If you know of more information stored in the Windows registry that could be interesting, post a message to the nmap-dev mailing list and I (Ron Bowes) will add it to my todo list. Adding new checks to this is extremely easy.
WARNING: I have experienced crashes in regsvc.exe
while making registry calls against a fully patched Windows 2000 system; I’ve fixed the issue that caused it, but there’s no guarantee that it (or a similar vuln in the same code) won’t show up again. Since the process automatically restarts, it doesn’t negatively impact the system, besides showing a message box to the user.
See the documentation for the smb library.
See the documentation for the smbauth library.
nmap --script smb-system-info.nse -p445 <host>
sudo nmap -sU -sS --script smb-system-info.nse -p U:137,T:139 <host>
Host script results:
| smb-system-info:
| | OS Details
| | | Microsoft Windows 2000 Service Pack 4 (ServerNT 5.0 build 2195)
| | | Installed on 2008-10-10 05:47:19
| | | Registered to Ron (organization: Government of Manitoba)
| | | Path: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Graphviz2.20\Bin;
| | | Systemroot: C:\WINNT
| | |_ Page files: C:\pagefile.sys 192 384 (cleared at shutdown => 0)
| | Hardware
| | | CPU 0: Intel(R) Xeon(TM) CPU 2.80GHz [2800mhz GenuineIntel]
| | | |_ Identifier 0: x86 Family 15 Model 3 Stepping 8
| | |_ Video driver: VMware SVGA II
| | Browsers
| | | Internet Explorer 6.0000
|_ |_ |_ Firefox 3.0.12 (en-US)
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.973 High
EPSS
Percentile
99.8%