1#@!#!123s

: / proc / thread-self / root / usr / share / nmap / nselib / data / psexec /

Filename : network.lua

back

---More verbose network scripts

-- Any variable in the 'config' table in smb-psexec.nse can be overriden in the
-- 'overrides' table. Most of them are not really recommended, such as the host,
-- key, etc.
overrides = {}
--overrides.timeout = 40

modules = {}
local mod

-- Grab the ip and mac address(es) from ipconfig. The output requires quite a bit of cleanup
-- to end up being usable and pretty.
mod = {}
mod.upload           = false
mod.name             = "IP Address and MAC Address from 'ipconfig.exe'"
mod.program          = "ipconfig.exe"
mod.args             = "/all"
mod.maxtime          = 1
mod.find             = {"IP Address", "Physical Address", "Ethernet adapter"}
mod.replace          = {{"%. ", ""}, {"-", ":"}, {"Physical Address", "MAC Address"}}
table.insert(modules, mod)

-- Dump the arp cache of the system.
mod = {}
mod.name             = "ARP Cache from arp.exe"
mod.program          = 'arp.exe'
mod.upload           = false
mod.args             = '-a'
mod.remove           = "Interface"
mod.noblank          = true
table.insert(modules, mod)

-- Get the listening/connected ports
mod = {}
mod.upload           = false
mod.name             = "List of listening and established connections (netstat -an)"
mod.program          = "netstat"
mod.args             = "-anb"
mod.maxtime          = 1
mod.remove           = {"Active"}
mod.noblank          = true
mod.env              = "SystemRoot=c:\\WINDOWS"
table.insert(modules, mod)

-- Get the routing table.
--
-- Like 'ver', this has to be run through cmd.exe. This also requires the 'PATH' variable to be
-- set properly, so it isn't going to work against systems with odd paths.
mod = {}
mod.upload           = false
mod.name             = "Full routing table from 'netstat -nr'"
mod.program          = "cmd.exe"
mod.args             = "/c \"netstat -nr\""
mod.env              = "PATH=C:\\WINDOWS\\system32;C:\\WINDOWS;C:\\WINNT;C:\\WINNT\\system32"
mod.maxtime          = 1
mod.noblank          = true
table.insert(modules, mod)

-- Try and ping back to our host. This helps check if there's a firewall in the way for connecting backwards.
-- Interestingly, in my tests against Windows 2003, ping gives weird output (but still, more or less, worked)
-- when the SystemRoot environmental variable wasn't set.
mod = {}
mod.upload           = false
mod.name             = "Can the host ping our address?"
mod.program          = "ping"
mod.args             = "-n 1 $lhost"
mod.maxtime          = 5
mod.remove           = {"statistics", "Packet", "Approximate", "Minimum"}
mod.noblank          = true
mod.env              = "SystemRoot=c:\\WINDOWS"
table.insert(modules, mod)

-- Try a traceroute back to our host. I limited it to the first 5 hops in the interest of saving time.
-- Like ping, if the SystemRoot variable isn't set, the output is a bit strange (but still works)
mod = {}
mod.upload           = false
mod.name             = "Traceroute back to the scanner"
mod.program          = "tracert"
mod.args             = "-d -h 5 $lhost"
mod.maxtime          = 20
mod.remove           = {"Tracing route", "Trace complete"}
mod.noblank          = true
mod.env              = "SystemRoot=c:\\WINDOWS"
table.insert(modules, mod)

-- Ping an arbitrary address given by the user
mod = {}
mod.upload           = false
mod.name             = "Can the host ping $address?"
mod.program          = "ping"
mod.args             = "-n 1 $address"
mod.req_args         = {'address'}
mod.maxtime          = 5
mod.remove           = {"statistics", "Packet", "Approximate", "Minimum"}
mod.noblank          = true
mod.env              = "SystemRoot=c:\\WINDOWS"
table.insert(modules, mod)

-- Try a traceroute to an address given by the user
mod = {}
mod.upload           = false
mod.name             = "Traceroute to $address (5 hops or less)"
mod.program          = "tracert"
mod.args             = "-d -h 5 $address"
mod.req_args         = {'address'}
mod.maxtime          = 20
mod.remove           = {"Tracing route", "Trace complete"}
mod.noblank          = true
mod.env              = "SystemRoot=c:\\WINDOWS"
table.insert(modules, mod)

Name	Size	Last Modified	Owner	Permissions
README	0.74 KB	October 14 2023 10:25:17	root	0644
backdoor.lua	0.899 KB	October 14 2023 10:25:17	root	0644
default.lua	5.299 KB	October 14 2023 10:25:17	root	0644
drives.lua	1.303 KB	October 14 2023 10:25:17	root	0644
examples.lua	2.303 KB	October 14 2023 10:25:17	root	0644
experimental.lua	0.695 KB	October 14 2023 10:25:17	root	0644
network.lua	4.015 KB	October 14 2023 10:25:17	root	0644
nmap_service.c	10.505 KB	October 14 2023 10:25:17	root	0644
nmap_service.vcproj	3.906 KB	October 14 2023 10:25:17	root	0644
pwdump.lua	1.798 KB	October 14 2023 10:25:17	root	0644

2017 © D7net \| D704T team