Re: Help w\Conficker command

[Brandon Enright <bmenrigh () ucsd edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 31 Mar 2009 12:58:36 -0400
"Tepper Claudia A" <Claudia.Tepper () ci irs gov> wrote:

> Brandon ~  First let me thank you for this new version and it's
> capabilities!!

Actually the work was done by Ron and a couple other researchers.

>  
> Here is the command I'm running for Conficker:   
>     nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns
> --script-args=unsafe=1 singleipaddress
>  
> I did have to rename the c:\program files\nmap\script directory to
> scripts
>  
> Here is the error: 
>  
> Host script results:
> |  smb-check-vulns:
> |  MS08-067: FIXED
> |_ Conficker: ERROR: NT_STATUS_NOT_SUPPORTED
>
>  
> This is being run on WindowsXP, Service Pack 2.    Please help - we
> have a whole network to scan.
>  
> Thank you!
> Claudia  

I'm not sure what that NT error is or means but I think others on the
list will be able to chime in with why Windows would be reporting that
issue.

I should point out that the Conficker check is nearly the same as what
actual exploitation requires.  It is unlikely that a machine running an
NT error like the one above would be exploitable (and of course, in
this case the machine is patched).

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.10 (GNU/Linux)

iEYEARECAAYFAknSlN0ACgkQqaGPzAsl94I8QQCcCGub9zE+smoHf046Ta6lKQOz
ktMAnAjwO49xzccDC/gPUHFF2j32tXTR
=uTUD
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org