mailing list archives
Re: Nmap 4.85BETA5: Now with Conficker detection!
From: Fyodor <fyodor () insecure org>
Date: Mon, 30 Mar 2009 19:30:08 -0700
On Tue, Mar 31, 2009 at 03:01:51PM +1300, Craig Humphrey wrote:
Awesome for getting this out so quick!
Just wanting to clarify the output from nmap when scanning for Conficker.
When it says: "MS08-067: NOT RUN"
Does that mean the scan/probe hasn't been run, or the patch hasn't been applied?
It means the script was not run. I think you need to remove the
"--script-args safe=1" to run that one. But when I just tried that
(and I also added -d) against one of my XP virtual machines, I got:
Host script results:
| MS08-067: LIKELY VULNERABLE (host stopped responding)
| Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)
So in other words, I think it crashed the service. When Ron says a
certain script does not qualify as "safe", he's not kidding around :).
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org