Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Stuxnet / ms10-073 check. Anybody finished it?
From: Richard Miles <richard.k.miles () googlemail com>
Date: Sun, 19 Jun 2011 11:37:48 -0500

Hi Mak and all,

Sorry, just now I noted that I wrote the wrong reference number for
the vulnerability, I'm taking about an check for ms10-061, that also
already have an exploit in metasploit:

http://www.metasploit.com/modules/exploit/windows/smb/ms10_061_spoolss

I guess this will be an great, really great check together with
smb-vulns that look for smb-8-067 that is also awesome.

I don't know if this helps in write the code to nmap, but nessus has
an script to detect it....

http://nessus.de/plugins/index.php?view=single&id=49219

OpenVAS also has a check for it, but I don't know if it's that great.

http://openvas.komma-nix.de/nasl.php?oid=901150

What I really love about smb-vulns in nmap is that it's very
trustable, not sure about Nessus and OpenVAS test for this
vulnerability in special...

Nessus and OpenVAS are nice, but I really prefer nmap - thanks to you all guys.

On Sun, Jun 19, 2011 at 10:40 AM, Richard Miles
<richard.k.miles () googlemail com> wrote:
Thanks Mark for your fast answer.

This script is very interesting, but I'm talking about an script able
to identify the vulnerability  (ms10-073) exploited by Stuxnet. For
example, smb-check identify if an host is infected by conficker and
it's very nice, but the most interesting in my opinion is the
possibility to detect if my machines are still vulnerable to ms08_067.
Are you considering to extend this script for this check?

I guess it would be awesome.

Thanks.

On Sun, Jun 19, 2011 at 10:14 AM, Mak Kolybabi <mak () kolybabi com> wrote:
On 2011-06-19 10:11, Richard Miles wrote:
Sometime ago I saw that Ron and Mark were discussing about add an check to
Stuxnet / ms10-073, but I never heard anything about it or found the NSE
script. What happened? It was not possible to create an NSE script for this?

I believe stuxnet-detect[1] is what you're looking for.

[1] http://nmap.org/svn/scripts/stuxnet-detect.nse

--
Mak Kolybabi
<mak () kolybabi com>

() ASCII Ribbon Campaign | Against HTML e-mail
/\  www.asciiribbon.org  | Against proprietary extensions



_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault