Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: article about Conficker says nmap can be used to discover it

From: Corey Chandler <lists () sequestered net>
Date: Mon, 30 Mar 2009 12:15:30 -0700
Fyodor wrote:


http://www.skullsecurity.org/blog/?p=209

If anyone is able to test this, please do report your results!  As
we've been pretty rushed since we just found out about the technique
yesterday.

Ran it across our desktop network here.
bash-3.2# nmap --script=smb-check-vulns --script-args=safe=1 -p445 -d 10.10.1.0/24 |grep Conficker 

|  Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
|  Conficker: Likely CLEAN
I assume the NT_STATUS_OBJECT_NAME_NOT_FOUND implies it's not an actual Windows box? We do have some Ubuntu / Mac users here... 

--
Corey Chandler / KB1JWQ
Living Legend / Systems Exorcist
Today's Excuse: Me no internet, only janitor, me just wax floors


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: