Hmm, what I've done so far is to copy the old 1.0.10 plugin to 1.2.6 and run that. It changes the symptom but it is still broken. The old plugin doesn't use smb_nt.inc at all so that appears to be ruled out as a part of this. The 1.0.10 plugin when run on 1.2.6 produces a list of one share but it has no name! If I try running the same test from 1.0.10 I get the list of shares correctly still. To me that appears to implicate something in the nessus engine itself I think?
Now, where did I put tcpdump ;-) -----Original Message----- From: Michael Scheidell [mailto:[EMAIL PROTECTED]] Sent: Tue 12/3/2002 8:57 PM To: Hemsley, Trevor Cc: [EMAIL PROTECTED] Subject: Re: smb_enum_shares broken between 1.0.10 and 1.2.6 > Hi > > I'm in the middle of migrating from nessus 1.0.10 to 1.2.6 and I notice that >smb_enum_shares.nasl (plugin id 10395) seems to have broken between the two releases. >More specifically, it appears to not work when scanning OS/2 machines - OK I know >they're fairly rare nowadays but... On 1.0.10 I get > > Here is the list of SMB shares of this host: > IPC$ - Remote IPC > ADMIN$ - Remote Admin > CDROM - > > On 1.2.6 I get > > Here is the list of the SMB shares of this host: > Warning: Only 215 out of 12336 shares enumerated yep, I am the one who may have made those changes, or maybe its the general new smb stuff that is in smb_nt.inc. (if problem in smb_nt.inc, look to Renaud) I don't know what to tell you, except that you might need some massive packet traces just to figure out what is happening. Based on what you show there, it looks like OS2 sends back a malformed (not CIFS?) packet. wondering if we can put back in the 'if(o2s) do something strange? > Before I start to debug this I thought I'd ask on the list to see if the author(s) of this plugin might know why this happens. 12336 seems to be a decimal representation of 0x3030 or two ascii zeros! > > Trevor > - > [EMAIL PROTECTED]: general discussions about Nessus. > * To unsubscribe, send a mail to [EMAIL PROTECTED] with > "unsubscribe nessus" in the body. > -- Michael Scheidell, CEO SECNAP Network Security, LLC Sales: 866-SECNAPNET / (1-866-732-6276) Main: 561-368-9561 / www.secnap.net Looking for a career in Internet security? http://www.secnap.net/employment/ - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
