Connects to the IBM DB2 Administration Server (DAS) on TCP or UDP port 523 and exports the server profile. No authentication is required for this request.
The script will also set the port product and version if a version scan is requested.
nmap -sV <target>
PORT STATE SERVICE VERSION 523/tcp open ibm-db2 IBM DB2 Database Server 9.07.0 | db2-das-info: DB2 Administration Server Settings | ;DB2 Server Database Access Profile | ;Use BINARY file transfer | ;Comment lines start with a ";" | ;Other lines must be one of the following two types: | ;Type A: [section_name] | ;Type B: keyword=value | | [File_Description] | Application=DB2/LINUX 9.7.0 | Platform=18 | File_Content=DB2 Server Definitions | File_Type=CommonServer | File_Format_Version=1.0 | DB2System=MYBIGDATABASESERVER | ServerType=DB2LINUX | | [adminst>dasusr1] | NodeType=1 | DB2Comm=TCPIP | Authentication=SERVER | HostName=MYBIGDATABASESERVER | PortNumber=523 | IpAddress=127.0.1.1 | | [inst>db2inst1] | NodeType=1 | DB2Comm=TCPIP | Authentication=SERVER | HostName=MYBIGDATABASESERVER | ServiceName=db2c_db2inst1 | PortNumber=50000 | IpAddress=127.0.1.1 | QuietMode=No | TMDatabase=1ST_CONN | | [db>db2inst1:TOOLSDB] | DBAlias=TOOLSDB | DBName=TOOLSDB | Drive=/home/db2inst1 | Dir_entry_type=INDIRECT |_Authentication=NOTSPEC
License: Same as Nmap--See https://nmap.org/book/man-legal.html
- portrule (host, port)
Little documentation on the protocol used to communicate with the IBM DB2 Admin Server service exists. The packets and methods here were developed based on data captured in the wild. Interviews with knowledgeable individuals indicates that the following information can be used to recreate the traffic.
Requirements: IBM DB2 Administrative Server (DAS) version >= 7.x instance, typically on port 523 tcp or udp IBM DB2 Control Center (Java application, workings on Linux, Windows, etc)
Steps to reproduce: Ensure network connectivity from test host to DB2 DAS instance on 523 In the Control Center, right click on All Systems and click Add Enter the DB2 server IP or hostname in the System Name field and click OK Start packet capture Under All Systems right click on your DB2 server, choose export profile, enter file location, click OK Stop packet capture
Details on how to reproduce these steps with the CLI are welcome.