Home page logo
/

nmap-dev logo Nmap Development mailing list archives

RE: Nmap 4.85BETA5: Now with Conficker detection!
From: Craig Humphrey <Craig.Humphrey () chapmantripp com>
Date: Tue, 31 Mar 2009 15:42:24 +1300

Hi Fyodor,

Thanks for that.

In the end I ran with --script-args=unsafe=1 which came back with:
Host script results:
|  smb-check-vulns:
|  MS08-067: FIXED
|_ Conficker: Likely CLEAN

Which makes things clearer.

BTW you're email came through quicker than my post to nmap-dev list, which I was going to put this reply to.

Given that it is a little unsafe, I don't think I'll be running this against the whole firm during normal hours :)

Thanks again!
Later'ish
Craig


-----Original Message-----
From: Fyodor [mailto:fyodor () insecure org]
Sent: Tuesday, March 31, 2009 3:30 PM
To: Craig Humphrey
Cc: nmap-dev () insecure org
Subject: Re: Nmap 4.85BETA5: Now with Conficker detection!

On Tue, Mar 31, 2009 at 03:01:51PM +1300, Craig Humphrey wrote:
Hi Guys,

Awesome for getting this out so quick!

Just wanting to clarify the output from nmap when scanning for Conficker.
When it says: "MS08-067: NOT RUN"
Does that mean the scan/probe hasn't been run, or the patch hasn't been applied?

It means the script was not run.  I think you need to remove the
"--script-args safe=1" to run that one.  But when I just tried that
(and I also added -d) against one of my XP virtual machines, I got:

Host script results:
|  smb-check-vulns:
|  MS08-067: LIKELY VULNERABLE (host stopped responding)
|  Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

So in other words, I think it crashed the service.  When Ron says a
certain script does not qualify as "safe", he's not kidding around :).

Cheers,
-F
This email is intended solely for the use of the addressee and may contain information that is confidential or subject 
to legal professional privilege. If you receive this email in error please immediately notify the sender and delete the 
email.

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]