Nmap Development mailing list archives
Re: Adding "dangerous" checks?
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Mon, 3 Nov 2008 18:54:12 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Mon, 3 Nov 2008 12:44:21 -0500 "Michael Pattrick" <mpattrick () rhinovirus org> wrote:
Since these categories pretty much state that they will cause damage to the target, I think it is ok to create a script that crashes a host as long as it is labeled properly. Cheers, Michael [0] http://nmap.org/book/nse-usage.html#nse-categories
Coming from an organization that was scrambling for a network check of MS08-067 last week, we were more happy to get one that had about equal chance of working or crashing the service. That's what "intrusive" is all about. As for technical hurdles, I'm not sure what funky things can be sent to RPC/netapi32.dll/NetprPathCanonicalize to check for the vulnerability but assuming there is some semi-reliable payload to do it, DEP/NX/ASLR/Localization/winver are likely all working against the check. Are we talking about a English Windows XP SP2/SP3 check only? Is there some creative way to help factor out all the variations so that the check works more broadly? Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkPSNoACgkQqaGPzAsl94KemQCeNypefOcprA0ZjHdysBHPER3O A6sAniSgqJd4Z7UZNpzHfhfhpJJn6hgH =n0JQ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Richard Sammet (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Michael Pattrick (Nov 03)
- Re: Adding "dangerous" checks? Brandon Enright (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Kris Katterjohn (Nov 03)
- Re: Adding "dangerous" checks? Fyodor (Nov 03)
- Re: Adding "dangerous" checks? Ron (Nov 03)
- Re: Adding "dangerous" checks? Richard Sammet (Nov 03)