Nmap Development mailing list archives
conficker script in NMAP
From: "Watson, Deborah L" <dwatson () pmrg com>
Date: Tue, 31 Mar 2009 14:58:10 -0500
Is there a reverence for understanding the output of the script. I am getting some responses from some systems and NT_STATUS_ACCESS_DENIED from others. I am thinking I need to provide credentials, but not finding an option for that. Ran like this: sudo -sC -p 445 -T4 -d -n -oA conficker_scan --min-hostgroup 256 --min-parallelism 64 --script smb-check-vulns --script-args safe=1 10.2.105.0/24 Also output is a little confusing: Result example 1: this example seems to have an access issue - is there a way to fix this? Host 10.2.105.19 appears to be up ... good. Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s Interesting ports on 10.2.105.19: PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: Likely CLEAN |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Final times for host: srtt: 0 rttvar: 3750 to: 100000 Result Example 2 - this looks like it ran, but what dos MS08-076: NOT RUN mean? We have verified that the patch is in fact installed. Host 10.2.105.22 appears to be up ... good. Scanned at 2009-03-31 12:04:51 Central Daylight Time for 3s Interesting ports on 10.2.105.22: PORT STATE SERVICE REASON 445/tcp open microsoft-ds syn-ack Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: Likely CLEAN |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Final times for host: srtt: 2000 rttvar: 7750 to: 100000 Thank you, Deborah Watson | IT Infrastructure Manager | CISSP, GCIA, GCIH, MCSE PM Realty Group 1000 Main, Suite 2400 | Houston, TX 77002 O 713.209.5966 | C 713.826.9201 | F 713.209.5966 dwatson () pmrg com <mailto:dwatson () pmrg com> | www.pmrg.com <http://www.pmrg.com/> ...because Performance Matters Disclaimer: This e-mail, including any attachments, may contain confidential and privileged information for the sole use of the intended recipient. Any review, use, distribution, disclosure or any action taken or omitted to be taken by others in reliance on it, is strictly prohibited. If you are not the intended recipient (or authorized to receive information for the intended recipient), please contact the sender by reply e-mail and delete all copies of this message. Notwithstanding any quotations or references to proposed fees, rates, commissions or prices contained in this communication, such matters do not constitute offers and will not bind the sender, his employer or their affiliates unless received by the recipient in writing signed by an authorized representative. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- conficker script in NMAP Watson, Deborah L (Mar 31)
- Re: conficker script in NMAP Brandon Enright (Mar 31)
- Re: conficker script in NMAP - NT_STATUS_ACCESS_DENIED Stroller (Mar 31)