Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Help w\Conficker command
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 31 Mar 2009 22:10:30 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 31 Mar 2009 12:58:36 -0400
"Tepper Claudia A" <Claudia.Tepper () ci irs gov> wrote:

Brandon ~  First let me thank you for this new version and it's
capabilities!!

Actually the work was done by Ron and a couple other researchers.

 
Here is the command I'm running for Conficker:   
    nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns
--script-args=unsafe=1 singleipaddress
 
I did have to rename the c:\program files\nmap\script directory to
scripts
 
Here is the error: 
 
Host script results:
|  smb-check-vulns:
|  MS08-067: FIXED
|_ Conficker: ERROR: NT_STATUS_NOT_SUPPORTED

 
This is being run on WindowsXP, Service Pack 2.    Please help - we
have a whole network to scan.
 
Thank you!
Claudia  


I'm not sure what that NT error is or means but I think others on the
list will be able to chime in with why Windows would be reporting that
issue.

I should point out that the Conficker check is nearly the same as what
actual exploitation requires.  It is unlikely that a machine running an
NT error like the one above would be exploitable (and of course, in
this case the machine is patched).

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknSlN0ACgkQqaGPzAsl94I8QQCcCGub9zE+smoHf046Ta6lKQOz
ktMAnAjwO49xzccDC/gPUHFF2j32tXTR
=uTUD
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]