Nmap Development mailing list archives
Re: Nmap 4.85BETA7 Released!
From: David Fifield <david () bamsoftware com>
Date: Thu, 2 Apr 2009 08:02:43 -0600
On Thu, Apr 02, 2009 at 09:47:49AM -0400, henry.nymann () valeosylvania com wrote:
David Fifield <david () bamsoftware com> wrote on 04/02/2009 09:44:01 AM:On Thu, Apr 02, 2009 at 09:28:43AM -0400, henry. nymann () valeosylvania com wrote:o Add helpful text for the two most common errors seen in the Conficker check in smb-check-vulns.nse. So instead of saying things like "Error: NT_STATUS_ACCESS_DENIED", output is like: | Conficker: Likely CLEAN; access was denied. | | If you have a login, try using --script-args=smbuser=xxx,smbpass=yyy | | (replace xxx and yyy with your username and password). Also try | |_ smbdomain=zzz if you know the domain. (Error NT_STATUS_ACCESS_DENIED) The other improved message is for NT_STATUS_OBJECT_NAME_NOT_FOUND. [David]I downloaded and tried the new beta 7 version this morning.Specifically,I'm running it on a Windows 2003 SP2 server, and I uninstalled beta 6 first. However, I am not getting the new messages that this e-mail references, so does that mean something did not update correctly on my server? Doing a "Help | About" confirms the beta 7 version.The only added help messages are for the errors NT_STATUS_ACCESS_DENIED and NT_STATUS_OBJECT_NAME_NOT_FOUND. If you weren't getting those errors before then you won't get any new output. Specifically, if all you saw was "Likely CLEAN" or "Likely INFECTED" then nothing in the output will change.I get many of the NT_STATUS_ACCESS_DENIED and NT_STATUS_OBJECT_NAME_NOT_FOUND responses during my scans. With the beta 7 version I am still getting those responses. I get very few "likely clean" messages, and no "likely infected" messages (so far).
Are you getting the help text with those errors? Instead of just saying, "ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND", does it say | Conficker: UNKNOWN; not Windows, or Windows with disabled browser service (CLEAN); or Windows with crashed browser service (possibly INFECTED). | | If you know the remote system is Windows, try rebooting it and scanning | |_ again. (Error NT_STATUS_OBJECT_NAME_NOT_FOUND) If you are getting the longer error messages, then the script is working like it is supposed to. Unfortunately the error messages could be from a variety of causes and the script can't differentiate between all of them. For NT_STATUS_OBJECT_NAME_NOT_FOUND for example, if the remote operating system is not Windows, then it is not infected. But it could be that the service required to do detection (the "browser service") has crashed, and then you can't test infection remotely. You will have to find that computer and check it locally. You can use the smb-os-discovery.nse script to find out operating systems. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.85BETA7 Released! Fyodor (Apr 01)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)
- Re: Nmap 4.85BETA7 Released! David Fifield (Apr 02)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)
- Re: Nmap 4.85BETA7 Released! David Fifield (Apr 02)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)
- Re: Nmap 4.85BETA7 Released! David Fifield (Apr 02)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)
- Re: Nmap 4.85BETA7 Released! David Fifield (Apr 02)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)
- Re: Nmap 4.85BETA7 Released! David Fifield (Apr 02)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)
- Re: Nmap 4.85BETA7 Released! David Fifield (Apr 02)
- Re: Nmap 4.85BETA7 Released! henry . nymann (Apr 02)