Fw: conficker script in NMAP

[Brandon Enright <bmenrigh () ucsd edu>]

I apologize if this is a duplicate, I got an error the first time I
responded.

Brandon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 1 Apr 2009 16:08:43 -0500
"Watson, Deborah L" <dwatson () pmrg com> wrote:

> Sorry Brandon, my paste buffer wasn't playing nice. Here is the access
> example:
>
> Host 10.2.105.25 appears to be up ... good. 
> Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s 
> Interesting ports on 10.2.105.25: 
> PORT    STATE SERVICE      REASON 
> 445/tcp open  microsoft-ds syn-ack 
>  
> Host script results: 
> |  smb-check-vulns:   
> |  MS08-067: NOT RUN 
> |  Conficker: ERROR: NT_STATUS_ACCESS_DENIED 
> |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) 
> Final times for host: srtt: 2000 rttvar: 7750  to: 100000
>
> Thank you,
> Deborah Watson | IT Infrastructure Manager | CISSP, GCIA, GCIH, MCSE


The NT_STATUS_ACCESS_DENIED error is being reported by Windows.  I
don't know enough about Windows to tell you the cases when you will get
that error versus when you won't but I'm pretty sure it means you can
anonymously bind to the \\BROWSER pipe.

This generally means that Conficker also wouldn't be able to exploit
the service.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknT3GoACgkQqaGPzAsl94KNSgCgicU0dqBgW/fs004C2gdKG5mJ
KFQAoKa0mkfX/hrF9pD8ouBcD9zHof8m
=9HL9
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org