diff --git a/nmap_cmd.xsl b/nmap_cmd.xsl index a84c2da..7dffd97 100644 --- a/nmap_cmd.xsl +++ b/nmap_cmd.xsl @@ -10,11 +10,7 @@ nmap -v -T4 -p -<<<<<<< HEAD - --script nse/ -oX " -======= - --script "nse/" -oX " ->>>>>>> 5378e16e2468588a441a1e37ceb38239f0851374 + --script nse/ --datadir nse/ --script-args-file nse_args.ini -oX " .tmp" diff --git a/nse/http-info.nse b/nse/http-info.nse index c878f95..15db36f 100644 --- a/nse/http-info.nse +++ b/nse/http-info.nse @@ -7,7 +7,7 @@ Get and return a page info --- -- @args http-get.path Path to get. Default /. -- --- @usage nmap -p80 --script http-info.nse --script-args http-info.path=/ +-- @usage nmap -p80 --script http-info.nse --script-args http-info.path=/ -- -- @output -- status: 200 diff --git a/nse/nse_args.ini b/nse/nse_args.ini new file mode 100644 index 0000000..f20f923 --- /dev/null +++ b/nse/nse_args.ini @@ -0,0 +1,2 @@ +smbuser= +smbpassword= diff --git a/nse/smb-shares-du.nse b/nse/smb-shares-du.nse index a889606..9fdeefc 100644 --- a/nse/smb-shares-du.nse +++ b/nse/smb-shares-du.nse @@ -1,139 +1,196 @@ - local stdnse = require "stdnse" - local smb = require "smb" - local msrpc = require "msrpc" - local msrpctypes = require "msrpctypes" +local stdnse = require "stdnse" +local smb = require "smb" +local msrpc = require "msrpc" +local bin = require "bin" - hostrule = function(host) - return smb.get_port(host) ~= nil +description = [[ +Return free and total size in octets of each SMB shares +]] + +--- +-- @args See the documentation for the smbauth library. +-- +-- @usage nmap -p445 --script smb-shares-du.nse +-- +-- @output +-- Host script results: +-- | smb-shares-du: +-- | data: +-- | FreeSize: 38495883264 +-- | TotalSize: 500961574912 +-- |_ IPC$: NT_STATUS_ACCESS_DENIED +--- + +categories = {"discovery", "intrusive"} +author = "Adrien Malingrey" +license = "Same as Nmap--See https://nmap.org/book/man-legal.html" + +hostrule = function(host) + return smb.get_port(host) ~= nil +end + +action = function(host) + local status, shares, extra + local response = stdnse.output_table() + + -- Try and do this the good way, make a MSRPC call to get the shares + stdnse.debug1("SMB: Attempting to log into the system to enumerate shares") + status, shares = msrpc.enum_shares(host) + if(status == false) then + return stdnse.format_output(false, string.format("Couldn't enumerate shares: %s", shares)) end - action = function(host) - local status, shares, extra - local response = stdnse.output_table() + -- Get more information on each share + for i = 1, #shares, 1 do + local share = shares[i] - -- Try and do this the good way, make a MSRPC call to get the shares - stdnse.debug1("SMB: Attempting to log into the system to enumerate shares") - status, shares = msrpc.enum_shares(host) - if(status == false) then - return stdnse.format_output(false, string.format("Couldn't enumerate shares: %s", shares)) - end - - -- Get more information on each share - for i = 1, #shares, 1 do - local share = shares[i] - stdnse.debug1("SMB: Getting information for share: %s", share) - - status, result = get_share_info(host, share) - response[share] = result - end - - return response + local status, result = get_share_info(host, share) + response[share] = result end + --table.sort(response) - ---Attempts to retrieve additional information about a share. Will fail unless we have - -- administrative access. - -- - --@param host The host object. - --@return Status (true or false). - --@return A table of information about the share (if status is true) or an an error string (if - -- status is false). - function get_share_info(host, name) - local response = {} + return response +end - -- Create the SMB session - local status, smbstate = msrpc.start_smb(host, msrpc.SRVSVC_PATH) - if(status == false) then - return false, smbstate - end +TRANS2_QUERY_FS_INFORMATION = 0x0003 +SMB_QUERY_FS_SIZE_INFO = 0x0103 +---Attempts to retrieve additional information about a share. Will fail unless we have +-- administrative access. +-- +--@param host The host object. +--@return Status (true or false). +--@return A table of information about the share (if status is true) or an an error string (if +-- status is false). +function get_share_info(host, share) + local status, smbstate, err + local hostaddress = (host.name ~= '' and host.name) or host.ip + local path = "\\\\" .. hostaddress .. "\\" .. share - -- Bind to SRVSVC service - local status, bind_result = msrpc.bind(smbstate, msrpc.SRVSVC_UUID, msrpc.SRVSVC_VERSION, nil) - if(status == false) then - smb.stop(smbstate) - return false, bind_result - end - - -- Call NetShareGetInfo - - local status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 2) - stdnse.debug2("NetShareGetInfo status:%s result:%s", status, netsharegetinfo_result) - if(status == false) then - if(string.find(netsharegetinfo_result, "NT_STATUS_WERR_ACCESS_DENIED")) then - stdnse.debug2("Calling NetShareGetInfo with information level 1") - status, netsharegetinfo_result = srvsvc_netsharegetinfo(smbstate, host.ip, name, 1) - if status then - smb.stop(smbstate) - return true, netsharegetinfo_result - end - end - smb.stop(smbstate) - return false, netsharegetinfo_result - end - - smb.stop(smbstate) - - return true, netsharegetinfo_result + status, smbstate = smb.start(host) + status, err = smb.negotiate_protocol(smbstate, {}) + status, err = smb.start_session(smbstate, {}) + status, err = smb.tree_connect(smbstate, path, {}) + + stdnse.debug1("SMB: Getting information for share: %s", path) + + local status, err = send_transaction2(smbstate, TRANS2_QUERY_FS_INFORMATION, bin.pack("netsharegetinfo on the remote system. This function retrieves extra information about a share - -- on the system. - -- - --@param smbstate The SMB state table - --@param server The IP or Hostname of the server (seems to be ignored but it's a good idea to have it) - --@return (status, result) If status is false, result is an error message. Otherwise, result is a table of values, the most - -- useful one being 'shares', which is a list of the system's shares. - function srvsvc_netsharegetinfo(smbstate, server, share, level) - stdnse.debug2("Calling NetShareGetInfo(%s, %s, %d)", server, share, level) + local pos, totalAllocationUnits, totalFreeAllocationUnits, sectorsPerAllocationUnit, bytesPerSector = bin.unpack(" /dev/null \ No newline at end of file +popd > /dev/null