Re: [NSE] smb-vuln-ms17-010.nse: Script to detect ms17-010 (smb-vuln-ms17-010)

[Paulino Calderon <paulino () calderonpale com>]

Hehe forgot to attach the file. I know you can get it from github but I’m sending it for the archive anyway.

Attachment: smb-vuln-ms17-010.nse
Description:

Paulino Calderon Pale || @calderpwn on Twitter || http://www.calderonpale.com



> On May 14, 2017, at 8:37 PM, Paulino Calderon <paulino () calderonpale com> wrote:
>
> Hey list,
>
> I need some help testing the script smb-vuln-ms17-010. I tested it on a vulnerable win7 machine and it works as 
> expected but I suspect there might be some issues with newer Windows versions and certain smb configurations (v2 
> authentication protocols with signing enabled).
>
> Don't forget to send me packet captures if you run into servers that are incorrectly marked as not vulnerable. 
>
> Cheers!
>
> smb-vuln-ms17-010: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse 
> description = [[
> Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code
> execution vulnerability (ms2017-010).
>
> The script connects to the $IPC tree, executes a transaction on FID 0 and
> checks if the error "STATUS_INSUFF_SERVER_RESOURCES" is returned to
> determine if the target is not patched against CVE2017-010.
>
> Tested on a vulnerable Windows 7. We might have some issues with v2 protocols with
> signing enabled.
>
> References:
> * https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
> * https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
> * https://msdn.microsoft.com/en-us/library/ee441489.aspx
> * https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb 
> ]]
>
>
>
> Paulino Calderon Pale || @calderpwn on Twitter || http://www.calderonpale.com

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/