Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Check for MS06-025 vulnerability in Microsoft RRAS service

From: Dražen Popović <drazen.popovic () fer hr>
Date: Wed, 02 Jun 2010 12:57:11 +0200
On Wed, 2010-06-02 at 00:22 +0000, Richard Miles wrote:

Thanks for the update. Nice to know that it works with limited account.

Maybe the exploitation failed with null session because you used
router as a pipe. Have you tested others?



This service can be accessed across the "router" pipe, according to the
protocol specification. But on WinXP this service is also accessible
across the "srvsvc" pipe, which is accessible for everyone with access
to port 445.

Question for nmap-dev:
  To add one scripts argument such as "smbpipe", or to add some code
that determines the remote OS (results from nmap os fingerprint or
smb-os-discovery) and chooses the pipe accordingly?

Regards,
Dražen.



-- 
Laboratory for Systems and Signals
Department of Electronic Systems and Information Processing
University of Zagreb
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: