Nmap Development mailing list archives
Re: Troubleshooting the Conficker script
From: Ron <ron () skullsecurity net>
Date: Tue, 31 Mar 2009 16:09:01 -0500
Unfortunately, the errors you see are the errors that Windows gives me, I just display them. I could interpret them better in the script, but often it's just a mystery. Might be better if I displayed less information, but eh? ;)
The most common one seems to be OBJECT_NAME_NOT_FOUND -- that one can be caused by any number of things, such as scanning older OSes (Windows NT and such) or non-Windows OSes (Samba, etc), or locked down Windows systems (where the services are stopped).
On the other hand, it could also mean that the service has crashed, either because of Conficker or something else bringing it down.
Since I use the same technique as Conficker would use to infect, being unable to scan in this way means that you *probably* won't become infected over the network.
Ron Rathbun, Dan wrote:
I'm using the Conficker script and every reachable host is returning these same script results. I tried backing down from -T4 to -T3 with no change in result. Thoughts? The site I am scanning is connected via a T3 to the Nmap server site so it should not be bandwidth related. The server is running RHEL5 and Nmap is at 12798.Here is the syntax I am using and the results I get when the port is open:./nmap --datadir=. -v -sC --script=smb-check-vulns.nse --script-args=safe=1 -p445 -d -PN -n -T3 --min-hostgroup 256 --min-parallelism 64 -oA conficker_scan X.X.52.0/24Host script results:| smb-check-vulns:| MS08-067: NOT RUN| Conficker: ERROR: SMB: Failed to receive bytes: TIMEOUT|_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run)Final times for host: srtt: 83494 rttvar: 83494 to: 417470Path: . URL: svn://svn.insecure.org/nmap Repository Root: svn://svn.insecure.org Repository UUID: e0a8ed71-7df4-0310-8962-fdc924857419 Revision: 12798 Node Kind: directory Schedule: normal Last Changed Author: david Last Changed Rev: 12798 Last Changed Date: 2009-03-31 11:29:52 -0700 (Tue, 31 Mar 2009) Dan RathbunInformation Security Director CISSP, GSLC, GSEC, GLEG, GSNA and G7799 CertifiedD 978.930.5656 dan.rathbun () aecom com AECOM 515 South Flower Street, 4th Floor Los Angeles, CA 90071-2201http://www.aecom.com <http://www.aecom.com/>This communication is intended for the sole use of the person(s) to whom it is addressed and may contain information that is privileged, confidential or subject to copyright. Any unauthorized use, disclosure or copying of this communication is strictly prohibited. If you have received this communication in error, please contact the sender immediately. Any communication received in error should be deleted and all copies destroyed._______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Troubleshooting the Conficker script Rathbun, Dan (Mar 31)
- Re: Troubleshooting the Conficker script Ron (Mar 31)
- Re: Troubleshooting the Conficker script Ron (Mar 31)
- RE: Troubleshooting the Conficker script Rathbun, Dan (Mar 31)