Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Fw: conficker script in NMAP
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Wed, 1 Apr 2009 23:14:19 +0000

I apologize if this is a duplicate, I got an error the first time I
responded.

Brandon

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 1 Apr 2009 16:08:43 -0500
"Watson, Deborah L" <dwatson () pmrg com> wrote:

Sorry Brandon, my paste buffer wasn't playing nice. Here is the access
example:

Host 10.2.105.25 appears to be up ... good. 
Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s 
Interesting ports on 10.2.105.25: 
PORT    STATE SERVICE      REASON 
445/tcp open  microsoft-ds syn-ack 
 
Host script results: 
|  smb-check-vulns:   
|  MS08-067: NOT RUN 
|  Conficker: ERROR: NT_STATUS_ACCESS_DENIED 
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) 
Final times for host: srtt: 2000 rttvar: 7750  to: 100000

Thank you,
Deborah Watson | IT Infrastructure Manager | CISSP, GCIA, GCIH, MCSE


The NT_STATUS_ACCESS_DENIED error is being reported by Windows.  I
don't know enough about Windows to tell you the cases when you will get
that error versus when you won't but I'm pretty sure it means you can
anonymously bind to the \\BROWSER pipe.

This generally means that Conficker also wouldn't be able to exploit
the service.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknT3GoACgkQqaGPzAsl94KNSgCgicU0dqBgW/fs004C2gdKG5mJ
KFQAoKa0mkfX/hrF9pD8ouBcD9zHof8m
=9HL9
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
  • Fw: conficker script in NMAP Brandon Enright (Apr 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault