Nmap Development mailing list archives
Re: [NSE] MS08-067 check
From: jah <jah () zadkiel plus com>
Date: Thu, 06 Nov 2008 00:57:54 +0000
On 05/11/2008 22:07, Ron wrote:
Hey all, I just put together a quick prototype for a ms08-067 checker. It's in the following branch: svn://svn.insecure.org/nmap-exp/ron/ms08-067-test The script is smb-checkvulns.nse. I ran it against about 5 test systems, and produced accurate results (and properly changed after I applied the patch). The only trick is that it can crash the svchost.exe process. If you have Visual Studio installed, it'll try to initiate the debugger; otherwise, it'll give you a 60-second countdown then reboot the system. I ran it about 50 times straight, and it didn't crash once. But it did crash a different box on the first go. :)
Hi Ron, I tried your script against an unpatched box and it crashed first time and reported the box as not vulnerable. After rebooting it reported the box as vulnerable and didn't crash it. I tried numerous times (I lost count but it was upwards of 70) to get it to crash again without success. So then I rebooted the box again and lo and behold it crashed first time again (and was reported as not vulnerable). There seems to be something about the state of the machine that only changes between reboots... Anyway, it correctly reports non-vulnerable boxes, correctly reports vulnerable ones if svchost doesn't crash, but incorrectly reports as non-vulnerable if svchost does crash. I've got a script-trace of the latter if you want it. Nice work. jah _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [NSE] MS08-067 check Ron (Nov 05)
- Re: [NSE] MS08-067 check jah (Nov 05)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 05)
- Re: [NSE] MS08-067 check Ron (Nov 09)
- Re: [NSE] MS08-067 check Ron (Nov 09)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check Ron (Nov 12)
- Re: [NSE] MS08-067 check Ron (Nov 12)
- Re: [NSE] MS08-067 check Brandon Enright (Nov 12)
- Re: [NSE] MS08-067 check jah (Nov 05)
- Re: [NSE] MS08-067 check Ron (Nov 07)