Script db2-das-info

Script types: portrule
Categories: safe, discovery, version
Download: https://svn.nmap.org/nmap/scripts/db2-das-info.nse

Script Summary

Connects to the IBM DB2 Administration Server (DAS) on TCP or UDP port 523 and exports the server profile. No authentication is required for this request.

The script will also set the port product and version if a version scan is requested.

Example Usage

nmap -sV <target>

Script Output

PORT    STATE SERVICE VERSION
523/tcp open  ibm-db2 IBM DB2 Database Server 9.07.0
| db2-das-info: DB2 Administration Server Settings
| ;DB2 Server Database Access Profile
| ;Use BINARY file transfer
| ;Comment lines start with a ";"
| ;Other lines must be one of the following two types:
| ;Type A: [section_name]
| ;Type B: keyword=value
|
| [File_Description]
| Application=DB2/LINUX 9.7.0
| Platform=18
| File_Content=DB2 Server Definitions
| File_Type=CommonServer
| File_Format_Version=1.0
| DB2System=MYBIGDATABASESERVER
| ServerType=DB2LINUX
|
| [adminst>dasusr1]
| NodeType=1
| DB2Comm=TCPIP
| Authentication=SERVER
| HostName=MYBIGDATABASESERVER
| PortNumber=523
| IpAddress=127.0.1.1
|
| [inst>db2inst1]
| NodeType=1
| DB2Comm=TCPIP
| Authentication=SERVER
| HostName=MYBIGDATABASESERVER
| ServiceName=db2c_db2inst1
| PortNumber=50000
| IpAddress=127.0.1.1
| QuietMode=No
| TMDatabase=1ST_CONN
|
| [db>db2inst1:TOOLSDB]
| DBAlias=TOOLSDB
| DBName=TOOLSDB
| Drive=/home/db2inst1
| Dir_entry_type=INDIRECT
|_Authentication=NOTSPEC

Requires

• nmap
• shortport
• stdnse
• string

---

Authors:

• Patrik Karlsson
• Tom Sellers

License: Same as Nmap--See https://nmap.org/book/man-legal.html

portrule

portrule (host, port)

Research Notes:

Little documentation on the protocol used to communicate with the IBM DB2 Admin Server service exists. The packets and methods here were developed based on data captured in the wild. Interviews with knowledgeable individuals indicates that the following information can be used to recreate the traffic.

Requirements: IBM DB2 Administrative Server (DAS) version >= 7.x instance, typically on port 523 tcp or udp IBM DB2 Control Center (Java application, workings on Linux, Windows, etc)

Steps to reproduce: Ensure network connectivity from test host to DB2 DAS instance on 523 In the Control Center, right click on All Systems and click Add Enter the DB2 server IP or hostname in the System Name field and click OK Start packet capture Under All Systems right click on your DB2 server, choose export profile, enter file location, click OK Stop packet capture

Details on how to reproduce these steps with the CLI are welcome.

Parameters

host

 

port