Nmap Development mailing list archives
Re: Stuxnet / ms10-073 check. Anybody finished it?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sun, 19 Jun 2011 11:37:48 -0500
Hi Mak and all, Sorry, just now I noted that I wrote the wrong reference number for the vulnerability, I'm taking about an check for ms10-061, that also already have an exploit in metasploit: http://www.metasploit.com/modules/exploit/windows/smb/ms10_061_spoolss I guess this will be an great, really great check together with smb-vulns that look for smb-8-067 that is also awesome. I don't know if this helps in write the code to nmap, but nessus has an script to detect it.... http://nessus.de/plugins/index.php?view=single&id=49219 OpenVAS also has a check for it, but I don't know if it's that great. http://openvas.komma-nix.de/nasl.php?oid=901150 What I really love about smb-vulns in nmap is that it's very trustable, not sure about Nessus and OpenVAS test for this vulnerability in special... Nessus and OpenVAS are nice, but I really prefer nmap - thanks to you all guys. On Sun, Jun 19, 2011 at 10:40 AM, Richard Miles <richard.k.miles () googlemail com> wrote:
Thanks Mark for your fast answer. This script is very interesting, but I'm talking about an script able to identify the vulnerability (ms10-073) exploited by Stuxnet. For example, smb-check identify if an host is infected by conficker and it's very nice, but the most interesting in my opinion is the possibility to detect if my machines are still vulnerable to ms08_067. Are you considering to extend this script for this check? I guess it would be awesome. Thanks. On Sun, Jun 19, 2011 at 10:14 AM, Mak Kolybabi <mak () kolybabi com> wrote:On 2011-06-19 10:11, Richard Miles wrote:Sometime ago I saw that Ron and Mark were discussing about add an check to Stuxnet / ms10-073, but I never heard anything about it or found the NSE script. What happened? It was not possible to create an NSE script for this?I believe stuxnet-detect[1] is what you're looking for. [1] http://nmap.org/svn/scripts/stuxnet-detect.nse -- Mak Kolybabi <mak () kolybabi com> () ASCII Ribbon Campaign | Against HTML e-mail /\ www.asciiribbon.org | Against proprietary extensions
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Stuxnet / ms10-073 check. Anybody finished it? Richard Miles (Jun 19)
- Re: Stuxnet / ms10-073 check. Anybody finished it? Mak Kolybabi (Jun 19)
- Re: Stuxnet / ms10-073 check. Anybody finished it? Richard Miles (Jun 19)
- Re: Stuxnet / ms10-073 check. Anybody finished it? Richard Miles (Jun 19)
- Re: Stuxnet / ms10-073 check. Anybody finished it? Fyodor (Jun 21)
- Re: Stuxnet / ms10-073 check. Anybody finished it? Richard Miles (Jun 19)
- Re: Stuxnet / ms10-073 check. Anybody finished it? Mak Kolybabi (Jun 19)