Input validation

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. Affected versions of OctoberCMS did not validate gateway server signatures. As a result non-authoritative gateway servers may be used to exfiltrate user private keys. Users are advised to upgrade their installations to...

Nmap NSE 6.01: smb-check-vulns

Checks for vulnerabilities: MS08-067, a Windows RPC vulnerability Conficker, an infection by the Conficker worm Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000 SMBv2 exploit CVE-2009-3103, Microsoft Security Advisory 975497 MS06-025, a Windows Ras RPC...

Nmap NSE 6.01: smb-enum-shares

Attempts to list shares using the 'srvsvc.NetShareEnumAll' MSRPC function and retrieve more information about them using 'srvsvc.NetShareGetInfo'. If access to those functions is denied, a list of common share names are checked. Finding open shares is useful to a penetration tester because there...

Nmap NSE 6.01: smb-psexec

Implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a backdoor on a...

Nmap NSE 6.01: smb-enum-sessions

Enumerates the users logged into a system either locally or through an SMB share. The local users can be logged on either physically on the machine, or through a terminal services session. Connections to a SMB share are, for example, people connected to fileshares or making RPC calls. Nmap's...

Nmap NSE 6.01: smbv2-enabled

Checks whether or not a server is running the SMBv2 protocol. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed to 'extended security'. Against most modern systems, extended security should work, but there may be cases where you want to force basic. There's a chance th...

Nmap NSE 6.01: smb-server-stats

Attempts to grab the server's statistics over SMB and MSRPC, which uses TCP ports 445 or 139. An administrator account is required to pull these statistics on most versions of Windows, and Vista and above require UAC to be turned down. Some of the numbers returned here don't feel right to me, but...

Nmap NSE 6.01: p2p-conficker

Checks if a host is infected with Conficker.C or higher, based on Conficker's peer to peer communication. When Conficker.C or higher infects a system, it opens four ports: two TCP and two UDP. The ports are random, but are seeded with the current week and the IP of the infected host. By determini...

Nmap NSE 6.01: smb-system-info

Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000...

Nmap NSE net: smbv2-enabled

Checks whether or not a server is running the SMBv2 protocol. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed to 'extended security'. Against most modern systems, extended security should work, but there may be cases where you want to force basic. There's a chance th...

Nmap NSE net: smb-enum-sessions

Enumerates the users logged into a system either locally or through an SMB share. The local users can be logged on either physically on the machine, or through a terminal services session. Connections to a SMB share are, for example, people connected to fileshares or making RPC calls. Nmap's...

Nmap NSE net: smb-enum-users

Attempts to enumerate the users on a remote Windows system, with as much information as possible, through two different techniques both over MSRPC, which uses port 445 or 139; see 'smb.lua'. The goal of this script is to discover all user accounts that exist on a remote system. This can be helpfu...

Nmap NSE net: smb-os-discovery

Attempts to determine the operating system, computer name, domain, and current time over the SMB protocol ports 445 or 139. This is done by starting a session with the anonymous account or with a proper user account, if one is given; it likely doesn't make a difference; in response to a session...

Nmap NSE net: smb-check-vulns

Checks for vulnerabilities: MS08-067, a Windows RPC vulnerability Conficker, an infection by the Conficker worm Unnamed regsvc DoS, a denial-of-service vulnerability I accidentally found in Windows 2000 SMBv2 exploit CVE-2009-3103, Microsoft Security Advisory 975497 MS06-025, a Windows Ras RPC...

Nmap NSE net: stuxnet-detect

Detects whether a host is infected with the Stuxnet worm http://en.wikipedia.org/wiki/Stuxnet. An executable version of the Stuxnet infection will be downloaded if a format for the filename is given on the command line. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed...

Nmap NSE net: smb-brute

Attempts to guess username/password combinations over SMB, storing discovered combinations for use in other scripts. SYNTAX: userdb: The filename of an alternate username database. brutelimit: Limits the number of usernames checked in the script. In some domains, it's possible to end up with...

Nmap NSE net: smb-security-mode

Returns information about the SMB security level determined by SMB. SYNTAX: smbbasic: Forces the authentication to use basic security, as opposed to 'extended security'. Against most modern systems, extended security should work, but there may be cases where you want to force basic. There's a...

Nmap NSE net: smb-enum-shares

Attempts to list shares using the 'srvsvc.NetShareEnumAll' MSRPC function and retrieve more information about them using 'srvsvc.NetShareGetInfo'. If access to those functions is denied, a list of common share names are checked. Finding open shares is useful to a penetration tester because there...

Nmap NSE net: smb-system-info

Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000...

Nmap NSE net: smb-psexec

This script implements remote process execution similar to the Sysinternals' psexec tool, allowing a user to run a series of programs on a remote machine and read the output. This is great for gathering information about servers, running the same tool on a range of system, or even installing a...