Re: [NSE] MS08-067 check

[Ron <ron () skullsecurity net>]

jah wrote:
> On 05/11/2008 22:07, Ron wrote:
> Hi Ron,
>
> I tried your script against an unpatched box and it crashed first time
> and reported the box as not vulnerable.  After rebooting it reported the
> box as vulnerable and didn't crash it.  I tried numerous times (I lost
> count but it was upwards of 70) to get it to crash again without
> success.  So then I rebooted the box again and lo and behold it crashed
> first time again (and was reported as not vulnerable).  There seems to
> be something about the state of the machine that only changes between
> reboots...
>
> Anyway, it correctly reports non-vulnerable boxes, correctly reports
> vulnerable ones if svchost doesn't crash, but incorrectly reports as
> non-vulnerable if svchost does crash.  I've got a script-trace of the
> latter if you want it.
>
> Nice work.
>
> jah

The only thing I have left to fix on this is the issue where crashed
boxes return "not vulnerable" -- I'm trying to resolve that now, but,
naturally, I am unable to crash any of my test systems. It seems like
immediately after a reboot, the crash doesn't happen (although I could
be wrong). I'm going to leave the test boxes up overnight and hope I can
crash them in the morning (I don't count right now as morning, even if
it IS 4:45am.. :) ).


Anyway, I'd like to get the output of a -d3 and/or a pcap of the crash
so I can see what's going wrong. If somebody can crash a system with
this script, can you send me the result?

I can't avoid crashing stuff, but I'd at least like to output the proper
result if I do.

Also, the script-trace might be helpful, if you still have it.

Ron

-- 
Ron Bowes
http://www.skullsecurity.org/

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org