Nmap Development mailing list archives
Re: article about Conficker says nmap can be used to discover it
From: venkat sanaka <venkatsanaka () gmail com>
Date: Tue, 31 Mar 2009 01:22:14 +0530
These are the test results when i run it in my windows system ./nmap -p 445 -d --script smb-check-vulns --script-args safe=1 10.3.12.1-254 Host 10.3.12.209 appears to be up ... good. Scanned at 2009-03-31 01:10:03 India Standard Time for 1s Interesting ports on 10.3.12.209: PORT STATE SERVICE REASON 445/tcp filtered microsoft-ds no-response MAC Address: 00:19:B9:7F:42:D8 (Dell) Final times for host: srtt: 0 rttvar: 5000 to: 100000 Host 10.3.12.223 appears to be up ... good. Scanned at 2009-03-31 01:10:03 India Standard Time for 9s Interesting ports on 10.3.12.223: PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack MAC Address: 00:16:D3:10:FA:8D (Wistron) Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: ERROR: Unexpected error: SMB: Failed to receive bytes: ERROR |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Final times for host: srtt: 0 rttvar: 3750 to: 100000 On Tue, Mar 31, 2009 at 12:45 AM, Corey Chandler <lists () sequestered net>wrote:
Fyodor wrote:http://www.skullsecurity.org/blog/?p=209 If anyone is able to test this, please do report your results! As we've been pretty rushed since we just found out about the technique yesterday.Ran it across our desktop network here. bash-3.2# nmap --script=smb-check-vulns --script-args=safe=1 -p445 -d 10.10.1.0/24 |grep Conficker | Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: Likely CLEAN | Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND | Conficker: Likely CLEAN I assume the NT_STATUS_OBJECT_NAME_NOT_FOUND implies it's not an actual Windows box? We do have some Ubuntu / Mac users here... -- Corey Chandler / KB1JWQ Living Legend / Systems Exorcist Today's Excuse: Me no internet, only janitor, me just wax floors _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- article about Conficker says nmap can be used to discover it DePriest, Jason R. (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Brandon Enright (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Michael Pattrick (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Fyodor (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Corey Chandler (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Ron (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Jay Fink (Mar 30)
- Re: article about Conficker says nmap can be used to discover it venkat sanaka (Mar 30)
- Re: article about Conficker says nmap can be used to discover it Corey Chandler (Mar 30)