Nmap rusers NSE Script


This page contains detailed information about how to use the rusers NSE script. For list of all NSE scripts, visit the Nmap NSE Library.

Select:
Overview
Error Messages

Script Overview

Script source code: https://github.com/nmap/nmap/tree/master/scripts/rusers.nse
Script categories: discovery, safe
Target service / protocol: rusersd, tcp, udp
Target network port(s): any
List of CVEs: -

Script Description

The rusers.nse script connects to rusersd RPC service and retrieves a list of logged-in users.

Rusers NSE Script Arguments

The rusers.nse script does not have any arguments.

Rusers NSE Script Example Usage

Here's an example of how to use the rusers.nse script:

nmap --script=rusers <target>

Rusers NSE Script Example Output

Here's a sample output from the rusers.nse script:

| USER     ON        FROM  SINCE                IDLE
| LOGIN    console         2015-11-08T12:03:50  8h55m58s
| root     console   :0    2015-11-08T12:06:49  8h55m58s
| root     pts/2     :0.0  2015-11-08T12:07:06  2d02h51m48s
| .telnet  /dev/pts        2016-03-14T12:07:46  24855d03h14m07s
| .telnet  /dev/pts        2016-03-14T10:25:09  24855d03h14m07s
| .telnet  /dev/pts        2016-03-03T10:02:15  24855d03h14m07s
| root     pts/4           2016-03-07T09:21:14  1m48s
| root     pts/3     ns3   2016-02-16T09:45:24  35s
| root     pts/4     ns3   2016-02-16T09:26:01  1m48s
|_.telnet  /dev/pts        2016-03-03T10:01:32  24855d03h14m07s

Rusers NSE Script Example XML Output

Here's a sample XML output from the rusers.nse script produced by providing the -oX <file> Nmap option:

<table>
  <elem key="idle">1m49s</elem>
  <elem key="host">ns3</elem>
  <elem key="user">root</elem>
  <elem key="time">2016-02-16T09:26:01</elem>
  <elem key="tty">pts/4</elem>
</table>
<table>
  <elem key="idle">24855d03h14m07s</elem>
  <elem key="host"></elem>
  <elem key="user">.telnet</elem>
  <elem key="time">2016-03-03T10:01:32</elem>
  <elem key="tty">/dev/pts</elem>
</table>

Author

  • Daniel Miller

References

See Also

Visit Nmap NSE Library for more scripts.

The rusers.nse script may fail with the following error messages. Check for the possible causes by using the code snippets highlighted below found in the script source code. This can often times help in identifying the root cause of the problem.

GetAdditionalBytes failed

Here is a relevant code snippet related to the "GetAdditionalBytes failed" error message:

67:	-- @return the data retrieved so far
68:	local function get_zstring (comm, data, pos, additional)
69:	  local pos, len = rpc.Util.unmarshall_uint32(data, pos)
70:	  local status, data = comm:GetAdditionalBytes( data, pos, len + additional )
71:	  if not status then
72:	    return nil, "GetAdditionalBytes failed"
73:	  end
74:	  local pos, rval = rpc.Util.unmarshall_opaque(len, data, pos)
75:	  rval = string.match(rval, "^(.-)\0*$")
76:	  return pos, rval, data
77:	end

RPC connect error: %s

Here is a relevant code snippet related to the "RPC connect error: %s" error message:

119:	
120:	action = function(host, port)
121:	  local comm = rpc.Comm:new("rusersd", 2)
122:	  local status, err = comm:Connect(host, port)
123:	  if not status then
124:	    return fail("RPC connect error: %s", err)
125:	  end
126:	
127:	  local packet = comm:EncodePacket(nil, RUSERSPROC.ALLNAMES, {type = rpc.Portmap.AuthType.NULL}, nil)
128:	  status, err = comm:SendPacket(packet)
129:	  if not status then

RPC send error: %s

Here is a relevant code snippet related to the "RPC send error: %s" error message:

125:	  end
126:	
127:	  local packet = comm:EncodePacket(nil, RUSERSPROC.ALLNAMES, {type = rpc.Portmap.AuthType.NULL}, nil)
128:	  status, err = comm:SendPacket(packet)
129:	  if not status then
130:	    return fail("RPC send error: %s", err)
131:	  end
132:	
133:	  local status, data = comm:ReceivePacket()
134:	  if not status then
135:	    return fail("RPC receive error: %s", data)

RPC receive error: %s

Here is a relevant code snippet related to the "RPC receive error: %s" error message:

130:	    return fail("RPC send error: %s", err)
131:	  end
132:	
133:	  local status, data = comm:ReceivePacket()
134:	  if not status then
135:	    return fail("RPC receive error: %s", data)
136:	  end
137:	
138:	  local pos, header = comm:DecodeHeader(data, 1)
139:	  if not header then
140:	    return fail("RPC decode header error")

RPC decode header error

Here is a relevant code snippet related to the "RPC decode header error" error message:

135:	    return fail("RPC receive error: %s", data)
136:	  end
137:	
138:	  local pos, header = comm:DecodeHeader(data, 1)
139:	  if not header then
140:	    return fail("RPC decode header error")
141:	  end
142:	
143:	  if header.type ~= rpc.Portmap.MessageType.REPLY then
144:	    return fail("Packet was not a reply")
145:	  end

Packet was not a reply

Here is a relevant code snippet related to the "Packet was not a reply" error message:

139:	  if not header then
140:	    return fail("RPC decode header error")
141:	  end
142:	
143:	  if header.type ~= rpc.Portmap.MessageType.REPLY then
144:	    return fail("Packet was not a reply")
145:	  end
146:	
147:	  if header.state ~= rpc.Portmap.State.MSG_ACCEPTED then
148:	    return fail("RPC call failed: %s", rpc.Portmap.RejectMsg[header.denied_state] or header.state)
149:	  end

RPC call failed: %s

Here is a relevant code snippet related to the "RPC call failed: %s" error message:

143:	  if header.type ~= rpc.Portmap.MessageType.REPLY then
144:	    return fail("Packet was not a reply")
145:	  end
146:	
147:	  if header.state ~= rpc.Portmap.State.MSG_ACCEPTED then
148:	    return fail("RPC call failed: %s", rpc.Portmap.RejectMsg[header.denied_state] or header.state)
149:	  end
150:	
151:	  if header.accept_state ~= rpc.Portmap.AcceptState.SUCCESS then
152:	      return fail("RPC accepted state: %s", rpc.Portmap.AcceptMsg[header.accept_state] or header.accept_state)
153:	  end

RPC accepted state: %s

Here is a relevant code snippet related to the "RPC accepted state: %s" error message:

147:	  if header.state ~= rpc.Portmap.State.MSG_ACCEPTED then
148:	    return fail("RPC call failed: %s", rpc.Portmap.RejectMsg[header.denied_state] or header.state)
149:	  end
150:	
151:	  if header.accept_state ~= rpc.Portmap.AcceptState.SUCCESS then
152:	      return fail("RPC accepted state: %s", rpc.Portmap.AcceptMsg[header.accept_state] or header.accept_state)
153:	  end
154:	
155:	  status, data = comm:GetAdditionalBytes( data, pos, 4 )
156:	  if not status then
157:	    return fail("Failed to call GetAdditionalBytes")

Failed to call GetAdditionalBytes

Here is a relevant code snippet related to the "Failed to call GetAdditionalBytes" error message:

152:	      return fail("RPC accepted state: %s", rpc.Portmap.AcceptMsg[header.accept_state] or header.accept_state)
153:	  end
154:	
155:	  status, data = comm:GetAdditionalBytes( data, pos, 4 )
156:	  if not status then
157:	    return fail("Failed to call GetAdditionalBytes")
158:	  end
159:	
160:	  local pos, num_names = rpc.Util.unmarshall_uint32(data, pos)
161:	
162:	  local out = {}

Version

This page has been created based on Nmap version 7.92.

Go back to menu.