Script smb-system-info

Script types: hostrule
Categories: discovery, intrusive
Download: https://svn.nmap.org/nmap/scripts/smb-system-info.nse

Script Summary

Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000.

Windows Vista disables remote registry access by default, so unless it was enabled, this script won't work.

If you know of more information stored in the Windows registry that could be interesting, post a message to the nmap-dev mailing list and I (Ron Bowes) will add it to my todo list. Adding new checks to this is extremely easy.

WARNING: I have experienced crashes in regsvc.exe while making registry calls against a fully patched Windows 2000 system; I've fixed the issue that caused it, but there's no guarantee that it (or a similar vuln in the same code) won't show up again. Since the process automatically restarts, it doesn't negatively impact the system, besides showing a message box to the user.

Script Arguments

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

Example Usage

nmap --script smb-system-info.nse -p445 <host>
sudo nmap -sU -sS --script smb-system-info.nse -p U:137,T:139 <host>

Script Output 

Host script results:
|  smb-system-info:
|  |  OS Details
|  |  |  Microsoft Windows 2000 Service Pack 4 (ServerNT 5.0 build 2195)
|  |  |  Installed on 2008-10-10 05:47:19
|  |  |  Registered to Ron (organization: Government of Manitoba)
|  |  |  Path: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Graphviz2.20\Bin;
|  |  |  Systemroot: C:\WINNT
|  |  |_ Page files: C:\pagefile.sys 192 384 (cleared at shutdown => 0)
|  |  Hardware
|  |  |  CPU 0: Intel(R) Xeon(TM) CPU 2.80GHz [2800mhz GenuineIntel]
|  |  |  |_ Identifier 0: x86 Family 15 Model 3 Stepping 8
|  |  |_ Video driver: VMware SVGA II
|  |  Browsers
|  |  |  Internet Explorer 6.0000
|_ |_ |_ Firefox 3.0.12 (en-US)

Requires

Author:

  • Ron Bowes

License: Same as Nmap--See https://nmap.org/book/man-legal.html