Nmap Development mailing list archives
RE: Nmap 4.85BETA5: Now with Conficker detection!
From: Craig Humphrey <Craig.Humphrey () chapmantripp com>
Date: Tue, 31 Mar 2009 15:42:24 +1300
Hi Fyodor, Thanks for that. In the end I ran with --script-args=unsafe=1 which came back with: Host script results: | smb-check-vulns: | MS08-067: FIXED |_ Conficker: Likely CLEAN Which makes things clearer. BTW you're email came through quicker than my post to nmap-dev list, which I was going to put this reply to. Given that it is a little unsafe, I don't think I'll be running this against the whole firm during normal hours :) Thanks again! Later'ish Craig -----Original Message----- From: Fyodor [mailto:fyodor () insecure org] Sent: Tuesday, March 31, 2009 3:30 PM To: Craig Humphrey Cc: nmap-dev () insecure org Subject: Re: Nmap 4.85BETA5: Now with Conficker detection! On Tue, Mar 31, 2009 at 03:01:51PM +1300, Craig Humphrey wrote:
Hi Guys, Awesome for getting this out so quick! Just wanting to clarify the output from nmap when scanning for Conficker. When it says: "MS08-067: NOT RUN" Does that mean the scan/probe hasn't been run, or the patch hasn't been applied?
It means the script was not run. I think you need to remove the "--script-args safe=1" to run that one. But when I just tried that (and I also added -d) against one of my XP virtual machines, I got: Host script results: | smb-check-vulns: | MS08-067: LIKELY VULNERABLE (host stopped responding) | Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) So in other words, I think it crashed the service. When Ron says a certain script does not qualify as "safe", he's not kidding around :). Cheers, -F This email is intended solely for the use of the addressee and may contain information that is confidential or subject to legal professional privilege. If you receive this email in error please immediately notify the sender and delete the email. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! Fyodor (Mar 30)
- Re: Nmap 4.85BETA5: Now with Conficker detection! LevelZero (Mar 31)
- Re: Nmap 4.85BETA5: Now with Conficker detection! David Fifield (Mar 31)
- RE: Nmap 4.85BETA5: Now with Conficker detection! Craig Humphrey (Mar 30)