Nmap Development mailing list archives
Fw: conficker script in NMAP
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 1 Apr 2009 23:14:19 +0000
I apologize if this is a duplicate, I got an error the first time I responded. Brandon -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 1 Apr 2009 16:08:43 -0500 "Watson, Deborah L" <dwatson () pmrg com> wrote:
Sorry Brandon, my paste buffer wasn't playing nice. Here is the access example: Host 10.2.105.25 appears to be up ... good. Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s Interesting ports on 10.2.105.25: PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: ERROR: NT_STATUS_ACCESS_DENIED |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Final times for host: srtt: 2000 rttvar: 7750 to: 100000 Thank you, Deborah Watson | IT Infrastructure Manager | CISSP, GCIA, GCIH, MCSE
The NT_STATUS_ACCESS_DENIED error is being reported by Windows. I don't know enough about Windows to tell you the cases when you will get that error versus when you won't but I'm pretty sure it means you can anonymously bind to the \\BROWSER pipe. This generally means that Conficker also wouldn't be able to exploit the service. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iEYEARECAAYFAknT3GoACgkQqaGPzAsl94KNSgCgicU0dqBgW/fs004C2gdKG5mJ KFQAoKa0mkfX/hrF9pD8ouBcD9zHof8m =9HL9 -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Fw: conficker script in NMAP Brandon Enright (Apr 01)