PaulDotCom mailing list archives
Scanning for Confiker via nmap
From: gbugbear at gmail.com (Tim Mugherini)
Date: Tue, 31 Mar 2009 12:16:25 -0400
I got that too went with -script-args unsafe=1 and seems to work for most Think someone mentioned that yesterday somewhere not sure what the downside may be 2009/3/31 Dan Baxter <danthemanbaxter at gmail.com>
Thanks! That helps a lot. However, my results aren't quite what I'd hoped. Every machine that has 445 open, I get the result below. What would make the Conficker scan fail? Suggestions? Thanks PORT STATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-check-vulns: | MS08-067: FIXED | Conficker: ERROR: SMB: Failed to receive bytes: ERROR |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? 2009/3/31 Russell Butturini <rbutturini at epictn.com<https://mail.google.com/mail?view=cm&tf=0&to=rbutturini at epictn.com>I found you need to add the ?vv (very verbose) flag using that command. Otherwise you don?t see the script results. See below: Discovered open port 445/tcp on x.x.x.x Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports) NSE: Initiating script scanning. Initiating NSE at 09:29 Completed NSE at 09:29, 0.50s elapsed Host x.x.x.x appears to be up ... good. Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s Interesting ports on x.x.x.x: PORT STATE SERVICE 445/tcp open microsoft-ds MAC Address: 00:11:25:E9:04:52 (IBM) Host script results: | smb-check-vulns: | MS08-067: FIXED | Conficker: Likely CLEAN *From:* pauldotcom-bounces at mail.pauldotcom.com<https://mail.google.com/mail?view=cm&tf=0&to=pauldotcom-bounces at mail.pauldotcom.com>[mailto: pauldotcom-bounces at mail.pauldotcom.com<https://mail.google.com/mail?view=cm&tf=0&to=pauldotcom-bounces at mail.pauldotcom.com>] *On Behalf Of *Dan Baxter *Sent:* Tuesday, March 31, 2009 9:01 AM *To:* PaulDotCom Security Weekly Mailing List *Subject:* Re: [Pauldotcom] Scanning for Confiker via nmap So forgive my lack of nmap-fu, but if I run this what am I looking for? I get back responses that list some with 445 open, some closed and a few filtered. How do I determine which may be infected. for clarification I'm running nmap -p 445 --script smb-check-vulns.nse Thanks Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com<https://mail.google.com/mail?view=cm&tf=0&to=Pauldotcom at mail.pauldotcom.com> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20090331/fb37796c/attachment.htm
Current thread:
- Scanning for Confiker via nmap, (continued)
- Scanning for Confiker via nmap John Sawyer (Mar 30)
- Scanning for Confiker via nmap Josh Olson (Mar 30)
- Scanning for Confiker via nmap John Sawyer (Mar 30)
- Scanning for Confiker via nmap Albert R. Campa (Mar 30)
- Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
- Scanning for Confiker via nmap John Sawyer (Mar 30)
- Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
- Scanning for Confiker via nmap Dan Baxter (Mar 31)
- Scanning for Confiker via nmap Russell Butturini (Mar 31)
- Scanning for Confiker via nmap Dan Baxter (Mar 31)
- Scanning for Confiker via nmap Tim Mugherini (Mar 31)
- Scanning for Confiker via nmap Nick Baronian (Mar 31)
- Scanning for Confiker via nmap Tim Mugherini (Mar 31)
- Scanning for Confiker via nmap xgermx (Mar 31)
- Scanning for Confiker via nmap John Sawyer (Mar 30)
- Scanning for Confiker via nmap Tim Mugherini (Mar 31)
- Scanning for Confiker via nmap Chris Merkel (Mar 31)
- Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
- Scanning for Confiker via nmap John Sawyer (Mar 30)
- Scanning for Confiker via nmap Paul Asadoorian (Mar 30)
- Scanning for Confiker via nmap Jason Wood (Mar 30)
- Scanning for Confiker via nmap Paul Asadoorian (Mar 30)