SBM OS Discovery Scanner

Details
Stay Up To Date
Asset Type

DOMAIN,IP

Need Membership

Yes

Asset Verify

Yes

API Support

Yes

Estimate Time (Second)

15

SBM OS Discovery Scanner Detail

Attempts to determine the operating system, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139).

This is done by starting a session with the anonymous account (or with a proper user account, if one is given; it likely doesn't make a difference); in response to a session starting, the server will send back all this information.

The following fields may be included in the output, depending on the circumstances (e.g. the workgroup name is mutually exclusive with domain and forest names) and the information available:

  • OS
  • Computer name
  • Domain name
  • Forest name
  • FQDN
  • NetBIOS computer name
  • NetBIOS domain name
  • Workgroup
  • System time

Some systems, like Samba, will blank out their name (and only send their domain). Other systems (like embedded printers) will simply leave out the information. Other systems will blank out various pieces (some will send back 0 for the current time, for example).

If this script is used in conjunction with version detection it can augment the standard nmap version detection information with data that this script has discovered.

Retrieving the name and operating system of a server is a vital step in targeting an attack against it, and this script makes that retrieval easy. Additionally, if a penetration tester is choosing between multiple targets, the time can help identify servers that are being poorly maintained (for more information/random thoughts on using the time, see http://www.skullsecurity.org/blog/?p=76.

Although the standard smb* script arguments can be used, they likely won't change the outcome in any meaningful way. However, smbnoguest will speed up the script on targets that do not allow guest access.

Some Advice for Common Problems

Access to the smb service should be restricted if possible

Community Discussions

Need a Full Assesment?

Get help from professional hackers. Learn about our penetration test service now!

Request Pentest Service