Lucene search

K
nmapPaulino Calderon <calderon()websec.mx>NMAP:SMB2-TIME.NSE
HistoryJul 28, 2017 - 9:01 a.m.

smb2-time NSE Script

2017-07-2809:01:02
Paulino Calderon <calderon()websec.mx>
nmap.org
315

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Attempts to obtain the current system date and the start date of a SMB2 server.

Script Arguments

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap -p445 --script smb2-time &lt;target&gt;

Script Output

Host script results:
| smb2-time:
|   date: 2017-07-28 03:06:34
|_  start_date: 2017-07-20 09:29:49

Requires


local os = require "os"
local datetime = require "datetime"
local smb = require "smb"
local stdnse = require "stdnse"
local smb2 = require "smb2"

description = [[
Attempts to obtain the current system date and the start date of a SMB2 server.
]]

---
-- @usage nmap -p445 --script smb2-time <target>
--
-- @output
-- Host script results:
-- | smb2-time:
-- |   date: 2017-07-28 03:06:34
-- |_  start_date: 2017-07-20 09:29:49
--
-- @xmloutput
-- <elem key="date">2017-07-28 03:07:57</elem>
-- <elem key="start_date">2017-07-20 09:29:49</elem>
---

author = "Paulino Calderon <calderon()websec.mx>"
license = "Same as Nmap--See https://nmap.org/book/man-legal.html"
categories = {"discovery", "safe", "default"}

hostrule = function(host)
  return smb.get_port(host) ~= nil
end

action = function(host,port)
  local smbstate, status
  local output = stdnse.output_table()
  status, smbstate = smb.start(host)
  status = smb2.negotiate_v2(smbstate)

  if status then
    datetime.record_skew(host, smbstate.time, os.time())
    stdnse.debug2("SMB2: Date: %s (%s) Start date:%s (%s)",
                        smbstate['date'], smbstate['time'],
            smbstate['start_date'], smbstate['start_time'])
    output.date = smbstate['date']
    output.start_date = smbstate['start_date']
    return output
  else
    stdnse.debug2("Negotiation failed")
    return "Protocol negotiation failed (SMB2)"
  end
end

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.973 High

EPSS

Percentile

99.8%

Related for NMAP:SMB2-TIME.NSE