Nmap Development mailing list archives
Re: error message when scanning for Conficker
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Tue, 31 Mar 2009 23:04:03 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 31 Mar 2009 15:43:26 -0500 "Roberts, Jay" <jay.roberts () tgslc org> wrote:
Hello, I downloaded and have run scans against several PCs to test the result and I keep getting the following errors. When I run it against servers I get the result I expect of Conficker: Likely clean. Host script results: | smb-check-vulns: | MS08-067: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND | MS08-067: FIXED | Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND |_ regsvc DoS: ERROR: NT_STATUS_ACCESS_DENIED Final times for host: srtt: 0 rttvar: 3750 to: 100000 I ran nmap with the following: nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks] and sudo nmap -sC --script=smb-check-vulns --script-args=safe=1 -p445 \ -d -PN -n -T4 --min-hostgroup 256 --min-parallelism 64 \ -oA conficker_scan <your network(s) here> I was prompted to change from safe to unsafe on both. Any suggestions? Thanks, Jay Roberts
You don't need to run unsafe=1, rather, just run without "safe=1" (no script args at all) and the MS08-067 check will be run. As for the output your are seeing:
| MS08-067: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
You generally get this on non-Windows boxes (Samba on Linux/OS X, or a printer)
| MS08-067: FIXED
You're patched.
| Conficker: ERROR: NT_STATUS_OBJECT_NAME_NOT_FOUND
Running against non-Windows box.
|_ regsvc DoS: ERROR: NT_STATUS_ACCESS_DENIED
You really don't want to be running this check (it was turned on with unsafe=1) Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (GNU/Linux) iEYEARECAAYFAknSoWQACgkQqaGPzAsl94Jr2gCfRriT9l08Am+567sLA/AJu8jt GIkAnjbo4TNqYcwNyqXQtzp/0SNFIG7/ =/xFC -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- error message when scanning for Conficker Roberts, Jay (Mar 31)
- Re: error message when scanning for Conficker Brandon Enright (Mar 31)