Nmap Development mailing list archives

Re: Nmap 4.85BETA5: Now with Conficker detection!

From: Fyodor <fyodor () insecure org>
Date: Mon, 30 Mar 2009 19:30:08 -0700

On Tue, Mar 31, 2009 at 03:01:51PM +1300, Craig Humphrey wrote:

Hi Guys,

Awesome for getting this out so quick!

Just wanting to clarify the output from nmap when scanning for Conficker.
When it says: "MS08-067: NOT RUN"
Does that mean the scan/probe hasn't been run, or the patch hasn't been applied?


It means the script was not run.  I think you need to remove the
"--script-args safe=1" to run that one.  But when I just tried that
(and I also added -d) against one of my XP virtual machines, I got:

Host script results:
|  smb-check-vulns:  
|  MS08-067: LIKELY VULNERABLE (host stopped responding)
|  Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT
|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)

So in other words, I think it crashed the service.  When Ron says a
certain script does not qualify as "safe", he's not kidding around :).

Cheers,
-F

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

Current thread:

Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
  - Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
    - RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! LevelZero (Mar 31)
  - Re: Nmap 4.85BETA5: Now with Conficker detection! David Fifield (Mar 31)