Nmap Development mailing list archives
[NSE] Check for MS06-025 vulnerability in Microsoft RRAS service
From: Dražen Popović <drazen.popovic () fer hr>
Date: Sat, 29 May 2010 00:52:47 +0200
Hi nmap-dev! I'm glad to inform you that my first NSE script is ready for the sharp eye of the nmap-dev community. The code is heavily documented for my own pleasure and for the ones that will eventually read the code. Note that the documentation focuses greatly on the matter itself rather than the programming steps. I encountered several problems which I also documented, and some of them remain a mystery to me. These problems involve the weird reactions I got from the service and the corresponding RPC procedures. I've commited the script in my SVN directory and updated my TODO with some important notes that I think my mentor should take a look at. Once I research these assumptions in more depth I plan to post my notes, ideas and recognized issues to nmap-dev for discussion. For now I would really appreciate any feedback on the script. And a special request goes for the ones that have a machine running WinXP SP1. There have been claims that this service is accessible with non administrator privileges on XP SP1, so that would be a great thing to check. With the script comes the smallish patch that changes one line in "msrpc.lua" library. You can do it manually, but I feel comfortable sending you the patch. This patch is harmless as it can not destabilize the code in any way, so you even don't have to revert it back. @Fyodor: You asked me if I can manage to check for the vulnerability without crashing the service. The answer is yes, but that means that NSE is infact entering the realm of, what OpenVAS guys like to call it, Local Checks. My steps would be to find the Windows patch for the vulnerability (KBXXXX) and then remotely using "Remote Registry" service determine if it was applied. This process is heavily automated in OpenVAS. Cheers everyone, Dražen. -- Laboratory for Systems and Signals Department of Electronic Systems and Information Processing Faculty of Electrical Engineering and Computing University of Zagreb
Attachment:
smb-check-ms06_025.nse
Description:
Attachment:
msrpc.patch
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 28)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 28)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 30)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 30)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Ron (May 31)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (Jun 01)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (Jun 02)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service David Fifield (Jun 02)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Dražen Popović (May 30)
- Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service Richard Miles (May 28)