Hello, I would like to report an error message that appears every time I run the smb-os-discovery script.
Here's the output (-d debug mode)
$ nmap --script smb-os-discovery.nse -d -p445 10.10.10.3
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-03 20:44 EST
--------------- Timing report ---------------
hostgroups: min 1, max 100000
rtt-timeouts: init 1000, min 100, max 10000
max-scan-delay: TCP 1000, UDP 1000, SCTP 1000
parallelism: min 0, max 0
max-retries: 10, host-timeout: 0
min-rate: 0, max-rate: 0
---------------------------------------------
NSE: Using Lua 5.3.
NSE: Arguments from CLI:
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 20:44
Completed NSE at 20:44, 0.00s elapsed
Initiating Ping Scan at 20:44
Scanning 10.10.10.3 [4 ports]
Packet capture filter (device tun0): dst host 10.10.14.12 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 10.10.10.3)))
We got a ping packet back from 10.10.10.3: id = 42168 seq = 0 checksum = 23367
Completed Ping Scan at 20:44, 0.10s elapsed (1 total hosts)
Overall sending rates: 38.09 packets / s, 1447.52 bytes / s.
mass_rdns: Using DNS server 192.168.86.1
Initiating Parallel DNS resolution of 1 host. at 20:44
mass_rdns: 0.00s 0/1 [#: 1, OK: 0, NX: 0, DR: 0, SF: 0, TR: 1]
Completed Parallel DNS resolution of 1 host. at 20:44, 0.00s elapsed
DNS resolution of 1 IPs took 0.00s. Mode: Async [#: 1, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan at 20:44
Scanning 10.10.10.3 [1 port]
Packet capture filter (device tun0): dst host 10.10.14.12 and (icmp or icmp6 or ((tcp or udp or sctp) and (src host 10.10.10.3)))
Discovered open port 445/tcp on 10.10.10.3
Completed SYN Stealth Scan at 20:44, 0.09s elapsed (1 total ports)
Overall sending rates: 10.88 packets / s, 478.93 bytes / s.
NSE: Script scanning 10.10.10.3.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 20:44
NSE: Starting smb-os-discovery against 10.10.10.3.
NSE: [smb-os-discovery 10.10.10.3] SMB: Added account '' to account list
NSE: [smb-os-discovery 10.10.10.3] SMB: Added account 'guest' to account list
NSE: [smb-os-discovery 10.10.10.3] SMB: Login as \guest failed (NT_STATUS_LOGON_FAILURE)
NSE: [smb-os-discovery 10.10.10.3] SMB: WARNING: the server appears to be Unix; your mileage may vary.
NSE: [smb-os-discovery 10.10.10.3] SMB: Login as WORKGROUP\<blank> failed, but was given guest access (username may be wrong, or system may only allow guest)
NSE: smb-os-discovery against 10.10.10.3 threw an error!
/usr/bin/../share/nmap/nselib/smb.lua:1030: bad argument #2 to 'unpack' (data string too short)
stack traceback:
[C]: in function 'string.unpack'
/usr/bin/../share/nmap/nselib/smb.lua:1030: in function 'smb.negotiate_v1'
/usr/bin/../share/nmap/nselib/smb.lua:1074: in function 'smb.negotiate_protocol'
/usr/bin/../share/nmap/nselib/smb.lua:372: in function 'smb.start_ex'
/usr/bin/../share/nmap/nselib/smb.lua:3363: in function 'smb.get_os'
/usr/bin/../share/nmap/scripts/smb-os-discovery.nse:152: in function </usr/bin/../share/nmap/scripts/smb-os-discovery.nse:149>
(...tail calls...)
Completed NSE at 20:44, 2.51s elapsed
Nmap scan report for 10.10.10.3
Host is up, received echo-reply ttl 63 (0.064s latency).
Scanned at 2019-11-03 20:44:15 EST for 3s
PORT STATE SERVICE REASON
445/tcp open microsoft-ds syn-ack ttl 63
Final times for host: srtt: 63748 rttvar: 48536 to: 257892
NSE: Script Post-scanning.
NSE: Starting runlevel 1 (of 1) scan.
Initiating NSE at 20:44
Completed NSE at 20:44, 0.00s elapsed
Read from /usr/bin/../share/nmap: nmap-payloads nmap-services.
Nmap done: 1 IP address (1 host up) scanned in 3.13 seconds
Raw packets sent: 5 (196B) | Rcvd: 2 (72B)
I notice this when I was working on one of the HackTheBox challenges. I used my older version of Kali Linux, and I was able to get the version of one of the SMB machines. However, when I tried to scan the same machine using the latest Kali Linux, the script says smb-os-discovery: ERROR: Script execution failed (use -d to debug)
Is this a known issue? Thanks.
A fix for this known issue has been committed as r37733 (c491143) back on September 7. Please report back if it does not work for you.
Thanks yea same issue today on hackthebox retired machine called "lame". All the guides say I should see the exact Samba version, but it's throwing errors with OS detection on SMB. I updated/upgraded nmap and kali.
@gallaghercareer I just ran into the same issue for the same reason (HTB, Lame) but was able to solve it by manually replacing my /usr/share/nmap/nselib/smb.lua file with the updated one here https://github.com/nmap/nmap/blob/c491143358f3417ed7f6712ae8a9d3e48699463a/nselib/smb.lua
Good luck
@chadministratorwastaken Thanks! This solved my issue as well. And I was also working on the same box! lol !
@gallaghercareer I just ran into the same issue for the same reason (HTB, Lame) but was able to solve it by manually replacing my /usr/share/nmap/nselib/smb.lua file with the updated one here https://github.com/nmap/nmap/blob/c491143358f3417ed7f6712ae8a9d3e48699463a/nselib/smb.lua
Good luck
Thanks so much!
Most helpful comment
@gallaghercareer I just ran into the same issue for the same reason (HTB, Lame) but was able to solve it by manually replacing my /usr/share/nmap/nselib/smb.lua file with the updated one here https://github.com/nmap/nmap/blob/c491143358f3417ed7f6712ae8a9d3e48699463a/nselib/smb.lua
Good luck