Nmap Development mailing list archives
Re: [NSE] MS08-067 check
From: Ron <ron () skullsecurity net>
Date: Sun, 09 Nov 2008 04:47:29 -0600
jah wrote:
On 05/11/2008 22:07, Ron wrote: Hi Ron, I tried your script against an unpatched box and it crashed first time and reported the box as not vulnerable. After rebooting it reported the box as vulnerable and didn't crash it. I tried numerous times (I lost count but it was upwards of 70) to get it to crash again without success. So then I rebooted the box again and lo and behold it crashed first time again (and was reported as not vulnerable). There seems to be something about the state of the machine that only changes between reboots... Anyway, it correctly reports non-vulnerable boxes, correctly reports vulnerable ones if svchost doesn't crash, but incorrectly reports as non-vulnerable if svchost does crash. I've got a script-trace of the latter if you want it. Nice work. jah
The only thing I have left to fix on this is the issue where crashed boxes return "not vulnerable" -- I'm trying to resolve that now, but, naturally, I am unable to crash any of my test systems. It seems like immediately after a reboot, the crash doesn't happen (although I could be wrong). I'm going to leave the test boxes up overnight and hope I can crash them in the morning (I don't count right now as morning, even if it IS 4:45am.. :) ). Anyway, I'd like to get the output of a -d3 and/or a pcap of the crash so I can see what's going wrong. If somebody can crash a system with this script, can you send me the result? I can't avoid crashing stuff, but I'd at least like to output the proper result if I do. Also, the script-trace might be helpful, if you still have it. Ron -- Ron Bowes http://www.skullsecurity.org/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] MS08-067 check Ron (Nov 05)
- Re: [NSE] MS08-067 check jah (Nov 05)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 05)
- Re: [NSE] MS08-067 check Ron (Nov 09)
- Re: [NSE] MS08-067 check Ron (Nov 09)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check Ron (Nov 12)
- Re: [NSE] MS08-067 check Ron (Nov 12)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check jah (Nov 05)
- Re: [NSE] MS08-067 check Ron (Nov 07)