As you can see from my past few posts, I’ve been working on implementing an SMB client in C. Once I got that into a stable state, I decided to pursue the second part of my goal for a bit – porting that code over to an Nmap script. Never having used Lua before, this was a little intimidating. So, to get my feet wet, I modified an existing script – netbios-smb-os-discovery.nse – to have a little bit of extra functionality:

Last post, I promised I’d post about NTLMv2 once I got it implemented. And, here we are.

The LMv2 and NTLMv2 responses are a little bit trickier than the first versions, although most of my trouble was trying to figure out how to use HMAC-MD5 in OpenSSL. The good news is that LMv2 and NTLMv2 are almost identical to each other, with only one minor difference.

As I’m sure you’ve noticed with my first two posts, my NetBIOS/SMB project is taking up most of my time. I hit a bump this weekend, and almost got to the point where the only valid answer was throwing things; luckily, however, I figured it out. I did make a new enemy, though: signed data types! The devil’s datatype.

My current project, as you can see by my last post, is to learn how to work in Microsoft’s networking protocols (NetBIOS, SMB, CIFS, etc). This is obviously difficult due to the lack of standards and documentation, but there are two things that are seriously making my life difficult:

All right, maybe 0.02 doesn’t sound so impressive, but I’ve put a lot of work into it so eh?

Anyway, I just finished putting together nbtool 0.02. It is partly a test program for myself, and partly a handy tool for probing NetBIOS networks. Here is a link to the tool itself (I’ve tested this on Linux, OS X (ppc + intel), iPhones, and Windows (cygwin)): http://www.skullsecurity.org/wiki/index.php/Nbtool