Nmap Development mailing list archives
Re: conficker script in NMAP - NT_STATUS_ACCESS_DENIED
From: Stroller <stroller () stellar eclipse co uk>
Date: Wed, 1 Apr 2009 07:13:31 +0100
On 31 Mar 2009, at 20:58, Watson, Deborah L wrote:
... I am getting some responses from some systems and NT_STATUS_ACCESS_DENIED from others. I am thinking I need to provide credentials, but not finding an option for that.
For the record: me, too.I've run the script on a small domain of Windows XP machines managed by a 2003 SBS server.
Because they're all on the domain, security rights & permissions & stuff should all be the same on them (enforced with GPOs). But patching is sporadic, so they'll all be running different combinations of SP2 / SP3 / other updates.
I can only assume that these adjacent machines give different results because one is more patched than the other:
Host 192.168.0.52 appears to be up ... good. Interesting ports on 192.168.0.52: PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 00:16:D3:8B:D1:0C (Wistron) Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: ERROR: NT_STATUS_ACCESS_DENIED |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Host 192.168.0.53 appears to be up ... good. Interesting ports on 192.168.0.53: PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 00:19:21:4E:4D:29 (Elitegroup Computer System Co.) Host script results: | smb-check-vulns: | MS08-067: NOT RUN | Conficker: Likely CLEAN |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)Whilst others have noted that NT_STATUS_ACCESS_DENIED probably means you're safe, it would be reassuring to have a method to run this with Domain Admin credentials or to have someone state _for sure_ that this means the PC can't be infected.
I don't intend for the above paragraph to in any way detract from my gratitude for the hard work others have put into this facility.
Stroller. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- conficker script in NMAP Watson, Deborah L (Mar 31)
- Re: conficker script in NMAP Brandon Enright (Mar 31)
- Re: conficker script in NMAP - NT_STATUS_ACCESS_DENIED Stroller (Mar 31)