Nmap rusers NSE Script
This page contains detailed information about how to use the rusers NSE script. For list of all NSE scripts, visit the Nmap NSE Library.
Select: |
---|
Script Overview
Script source code: https://github.com/nmap/nmap/tree/master/scripts/rusers.nse
Script categories: discovery, safe
Target service / protocol: rusersd, tcp, udp
Target network port(s): any
List of CVEs: -
Script Description
The rusers.nse script connects to rusersd RPC service and retrieves a list of logged-in users.
Rusers NSE Script Arguments
The rusers.nse script does not have any arguments.
Rusers NSE Script Example Usage
Here's an example of how to use the rusers.nse script:
nmap --script=rusers <target>
Rusers NSE Script Example Output
Here's a sample output from the rusers.nse script:
| USER ON FROM SINCE IDLE
| LOGIN console 2015-11-08T12:03:50 8h55m58s
| root console :0 2015-11-08T12:06:49 8h55m58s
| root pts/2 :0.0 2015-11-08T12:07:06 2d02h51m48s
| .telnet /dev/pts 2016-03-14T12:07:46 24855d03h14m07s
| .telnet /dev/pts 2016-03-14T10:25:09 24855d03h14m07s
| .telnet /dev/pts 2016-03-03T10:02:15 24855d03h14m07s
| root pts/4 2016-03-07T09:21:14 1m48s
| root pts/3 ns3 2016-02-16T09:45:24 35s
| root pts/4 ns3 2016-02-16T09:26:01 1m48s
|_.telnet /dev/pts 2016-03-03T10:01:32 24855d03h14m07s
Rusers NSE Script Example XML Output
Here's a sample XML output from the rusers.nse script produced by providing the -oX <file>
Nmap option:
<table>
<elem key="idle">1m49s</elem>
<elem key="host">ns3</elem>
<elem key="user">root</elem>
<elem key="time">2016-02-16T09:26:01</elem>
<elem key="tty">pts/4</elem>
</table>
<table>
<elem key="idle">24855d03h14m07s</elem>
<elem key="host"></elem>
<elem key="user">.telnet</elem>
<elem key="time">2016-03-03T10:01:32</elem>
<elem key="tty">/dev/pts</elem>
</table>
Author
- Daniel Miller
References
- https://nmap.org/nsedoc/scripts/rusers.html
- https://github.com/nmap/nmap/tree/master/scripts/rusers.nse
See Also
Visit Nmap NSE Library for more scripts.
The rusers.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.
GetAdditionalBytes failed
Here is a relevant code snippet related to the "GetAdditionalBytes failed" error message:
67: -- @return the data retrieved so far
68: local function get_zstring (comm, data, pos, additional)
69: local pos, len = rpc.Util.unmarshall_uint32(data, pos)
70: local status, data = comm:GetAdditionalBytes( data, pos, len + additional )
71: if not status then
72: return nil, "GetAdditionalBytes failed"
73: end
74: local pos, rval = rpc.Util.unmarshall_opaque(len, data, pos)
75: rval = string.match(rval, "^(.-)\0*$")
76: return pos, rval, data
77: end
RPC connect error: %s
Here is a relevant code snippet related to the "RPC connect error: %s" error message:
119:
120: action = function(host, port)
121: local comm = rpc.Comm:new("rusersd", 2)
122: local status, err = comm:Connect(host, port)
123: if not status then
124: return fail("RPC connect error: %s", err)
125: end
126:
127: local packet = comm:EncodePacket(nil, RUSERSPROC.ALLNAMES, {type = rpc.Portmap.AuthType.NULL}, nil)
128: status, err = comm:SendPacket(packet)
129: if not status then
RPC send error: %s
Here is a relevant code snippet related to the "RPC send error: %s" error message:
125: end
126:
127: local packet = comm:EncodePacket(nil, RUSERSPROC.ALLNAMES, {type = rpc.Portmap.AuthType.NULL}, nil)
128: status, err = comm:SendPacket(packet)
129: if not status then
130: return fail("RPC send error: %s", err)
131: end
132:
133: local status, data = comm:ReceivePacket()
134: if not status then
135: return fail("RPC receive error: %s", data)
RPC receive error: %s
Here is a relevant code snippet related to the "RPC receive error: %s" error message:
130: return fail("RPC send error: %s", err)
131: end
132:
133: local status, data = comm:ReceivePacket()
134: if not status then
135: return fail("RPC receive error: %s", data)
136: end
137:
138: local pos, header = comm:DecodeHeader(data, 1)
139: if not header then
140: return fail("RPC decode header error")
RPC decode header error
Here is a relevant code snippet related to the "RPC decode header error" error message:
135: return fail("RPC receive error: %s", data)
136: end
137:
138: local pos, header = comm:DecodeHeader(data, 1)
139: if not header then
140: return fail("RPC decode header error")
141: end
142:
143: if header.type ~= rpc.Portmap.MessageType.REPLY then
144: return fail("Packet was not a reply")
145: end
Packet was not a reply
Here is a relevant code snippet related to the "Packet was not a reply" error message:
139: if not header then
140: return fail("RPC decode header error")
141: end
142:
143: if header.type ~= rpc.Portmap.MessageType.REPLY then
144: return fail("Packet was not a reply")
145: end
146:
147: if header.state ~= rpc.Portmap.State.MSG_ACCEPTED then
148: return fail("RPC call failed: %s", rpc.Portmap.RejectMsg[header.denied_state] or header.state)
149: end
RPC call failed: %s
Here is a relevant code snippet related to the "RPC call failed: %s" error message:
143: if header.type ~= rpc.Portmap.MessageType.REPLY then
144: return fail("Packet was not a reply")
145: end
146:
147: if header.state ~= rpc.Portmap.State.MSG_ACCEPTED then
148: return fail("RPC call failed: %s", rpc.Portmap.RejectMsg[header.denied_state] or header.state)
149: end
150:
151: if header.accept_state ~= rpc.Portmap.AcceptState.SUCCESS then
152: return fail("RPC accepted state: %s", rpc.Portmap.AcceptMsg[header.accept_state] or header.accept_state)
153: end
RPC accepted state: %s
Here is a relevant code snippet related to the "RPC accepted state: %s" error message:
147: if header.state ~= rpc.Portmap.State.MSG_ACCEPTED then
148: return fail("RPC call failed: %s", rpc.Portmap.RejectMsg[header.denied_state] or header.state)
149: end
150:
151: if header.accept_state ~= rpc.Portmap.AcceptState.SUCCESS then
152: return fail("RPC accepted state: %s", rpc.Portmap.AcceptMsg[header.accept_state] or header.accept_state)
153: end
154:
155: status, data = comm:GetAdditionalBytes( data, pos, 4 )
156: if not status then
157: return fail("Failed to call GetAdditionalBytes")
Failed to call GetAdditionalBytes
Here is a relevant code snippet related to the "Failed to call GetAdditionalBytes" error message:
152: return fail("RPC accepted state: %s", rpc.Portmap.AcceptMsg[header.accept_state] or header.accept_state)
153: end
154:
155: status, data = comm:GetAdditionalBytes( data, pos, 4 )
156: if not status then
157: return fail("Failed to call GetAdditionalBytes")
158: end
159:
160: local pos, num_names = rpc.Util.unmarshall_uint32(data, pos)
161:
162: local out = {}
Version
This page has been created based on Nmap version 7.92.
Go back to menu.