Categories: discovery, intrusive
Pulls back information about the remote system from the registry. Getting all of the information requires an administrative account, although a user account will still get a lot of it. Guest probably won't get any, nor will anonymous. This goes for all operating systems, including Windows 2000.
Windows Vista disables remote registry access by default, so unless it was enabled, this script won't work.
If you know of more information stored in the Windows registry that could be interesting, post a message to the nmap-dev mailing list and I (Ron Bowes) will add it to my todo list. Adding new checks to this is extremely easy.
WARNING: I have experienced crashes in
regsvc.exe while making registry calls
against a fully patched Windows 2000 system; I've fixed the issue that caused it,
but there's no guarantee that it (or a similar vuln in the same code) won't show
up again. Since the process automatically restarts, it doesn't negatively impact
the system, besides showing a message box to the user.
- randomseed, smbbasic, smbport, smbsign
See the documentation for the smb library.
- smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername
See the documentation for the smbauth library.
nmap --script smb-system-info.nse -p445 <host> sudo nmap -sU -sS --script smb-system-info.nse -p U:137,T:139 <host>
Host script results: | smb-system-info: | | OS Details | | | Microsoft Windows 2000 Service Pack 4 (ServerNT 5.0 build 2195) | | | Installed on 2008-10-10 05:47:19 | | | Registered to Ron (organization: Government of Manitoba) | | | Path: %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Graphviz2.20\Bin; | | | Systemroot: C:\WINNT | | |_ Page files: C:\pagefile.sys 192 384 (cleared at shutdown => 0) | | Hardware | | | CPU 0: Intel(R) Xeon(TM) CPU 2.80GHz [2800mhz GenuineIntel] | | | |_ Identifier 0: x86 Family 15 Model 3 Stepping 8 | | |_ Video driver: VMware SVGA II | | Browsers | | | Internet Explorer 6.0000 |_ |_ |_ Firefox 3.0.12 (en-US)
License: Same as Nmap--See https://nmap.org/book/man-legal.html