12 matches found
smb-vuln-webexec NSE Script
A critical remote code execution vulnerability exists in WebExService WebExec. See also: smb-webexec-exploit.nse Script Arguments smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername See the documentation for the smbauth library. randomseed, smbbasic, smbport, smbsign See the...
Nmap NSE 6.01: smb-enum-processes
Pulls a list of processes from the remote server over SMB. This will determine all running processes, their process IDs, and their parent processes. It is done by querying the remote registry service, which is disabled by default on Vista; on all other Windows versions, it requires Administrator...
Nmap NSE 6.01: smb-brute
Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. Every attempt will be made to get a valid list of users and to verify each username before actually using them. When a username is discovered, besides being printed, it is also sav...
Nmap NSE 6.01: smb-enum-groups
Obtains a list of groups from the remote Windows system, as well as a list of the group's users. This works similarly to 'enum.exe' with the '/G' switch. The following MSRPC functions in SAMR are used to find a list of groups and the RIDs of their users. Keep in mind that MSRPC refers to groups a...
Nmap NSE 6.01: smb-security-mode
Returns information about the SMB security level determined by SMB. Here is how to interpret the output: User-level authentication: Each user has a separate username/password that is used to log into the system. This is the default setup of pretty much everything these days. Share-level...
Nmap NSE 6.01: smb-enum-domains
Attempts to enumerate domains on a system, along with their policies. This generally requires credentials, except against Windows 2000. In addition to the actual domain, the 'Builtin' domain is generally displayed. Windows returns this in the list of domains, but its policies don't appear to be...
Nmap NSE 6.01: smb-server-stats
Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP ports 445 or 139. An administrator account is required to pull these statistics on most versions of Windows, and Vista and above require UAC to be turned down. Some of the numbers returned here don't feel right to me, but...
Nmap NSE net: smb-enum-sessions
Enumerates the users logged into a system either locally or through an SMB share. The local users can be logged on either physically on the machine, or through a terminal services session. Connections to a SMB share are, for example, people connected to fileshares or making RPC calls. Nmap's...
Nmap NSE net: smb-enum-shares
Attempts to list shares using the 'srvsvc.NetShareEnumAll' MSRPC function and retrieve more information about them using 'srvsvc.NetShareGetInfo'. If access to those functions is denied, a list of common share names are checked. Finding open shares is useful to a penetration tester because there...
Nmap NSE net: smb-enum-domains
Attempts to enumerate domains on a system, along with their policies. This generally requires credentials, except against Windows 2000. In addition to the actual domain, the 'Builtin' domain is generally displayed. Windows returns this in the list of domains, but its policies don't appear to be...
Nmap NSE net: smb-server-stats
Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP ports 445 or 139. An administrator account is required to pull these statistics on most versions of Windows, and Vista and above require UAC to be turned down. Some of the numbers returned here don't feel right to me, but...
sslv2 NSE Script
Determines whether the server supports obsolete and less secure SSLv2, and discovers which ciphers it supports. Script Arguments mssql.domain, mssql.instance-all, mssql.instance-name, mssql.instance-port, mssql.password, mssql.protocol, mssql.scanned-ports-only, mssql.timeout, mssql.username See...