Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: article about Conficker says nmap can be used to discover it
From: venkat sanaka <venkatsanaka () gmail com>
Date: Tue, 31 Mar 2009 01:22:14 +0530

These are the test results when i run it in my windows system

./nmap -p 445 -d --script smb-check-vulns --script-args safe=1 10.3.12.1-254

Host 10.3.12.209 appears to be up ... good.

Scanned at 2009-03-31 01:10:03 India Standard Time for 1s

Interesting ports on 10.3.12.209:

PORT    STATE    SERVICE      REASON

445/tcp filtered microsoft-ds no-response

MAC Address: 00:19:B9:7F:42:D8 (Dell)

Final times for host: srtt: 0 rttvar: 5000  to: 100000


Host 10.3.12.223 appears to be up ... good.

Scanned at 2009-03-31 01:10:03 India Standard Time for 9s

Interesting ports on 10.3.12.223:

PORT    STATE SERVICE      REASON

445/tcp open  microsoft-ds syn-ack

MAC Address: 00:16:D3:10:FA:8D (Wistron)

Host script results:

|  smb-check-vulns:

|  MS08-067: NOT RUN

|  Conficker: ERROR: Unexpected error: SMB: Failed to receive bytes: ERROR

|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

Final times for host: srtt: 0 rttvar: 3750  to: 100000


On Tue, Mar 31, 2009 at 12:45 AM, Corey Chandler <lists () sequestered net>wrote:

Fyodor wrote:


http://www.skullsecurity.org/blog/?p=209

If anyone is able to test this, please do report your results!  As
we've been pretty rushed since we just found out about the technique
yesterday.


Ran it across our desktop network here.

bash-3.2# nmap --script=smb-check-vulns --script-args=safe=1 -p445 -d
10.10.1.0/24 |grep Conficker

|  Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: Likely CLEAN
|  Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
|  Conficker: Likely CLEAN

I assume the NT_STATUS_OBJECT_NAME_NOT_FOUND implies it's not an actual
Windows box?  We do have some Ubuntu / Mac users here...

--
Corey Chandler / KB1JWQ
Living Legend / Systems Exorcist
Today's Excuse: Me no internet, only janitor, me just wax floors



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault