Nmap Development mailing list archives
RE: There is a script to detect ms010_061?
From: Drazen Popovic <Drazen.Popovic () fer hr>
Date: Tue, 9 Nov 2010 21:23:35 +0100
Hi all, long time no hear =) I'm working on it...as it turns out Metasploit offers a working exploit for these vuln so I'll base my work on that as I lack the reversing/IDA skillz for the time being. I'm trying to generate the client code for communicating with the vulnerable service (WinSpools) which then I will use to trigger the vulnerability and detect it. Regards, Draen. -----Original Message----- From: nmap-dev-bounces () insecure org on behalf of Richard Miles Sent: Tue 11/9/2010 20:59 To: Ron; nmap-dev () insecure org Subject: Re: There is a script to detect ms010_061? Too bad you know it and you can't write it. I believe it's a contract issue :( What's the problem in write the check for Nessus? Anyone is working on it? Thanks On Fri, Nov 5, 2010 at 8:51 AM, Ron <ron () skullsecurity net> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 No, but it IS possible to check for ms10-061 remotely. Against Windows 2000, XP, and 2003, it isn't an *incredibly* difficult check to write. Against Vista and higher it's pretty tricky, but do-able. I can't personally write it, because I've worked on the check for Nessus, but I encourage others to try! The kb lists the files that were changed: http://support.microsoft.com/kb/2347290 And the patchdiff2 tool is free and can be used with IDA to analyze the differences between the patched/unpatched files. Good luck! On Fri, 5 Nov 2010 08:37:03 -0500 Richard Miles <richard.k.miles () googlemail com> wrote:Hi There is a script to detect ms010_061? Like you do with smb-check-vulns... If not, should be a awesome improvement. Thanks _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEARECAAYFAkzUC9cACgkQ2t2zxlt4g/QPmACeLATJnK5LSzXrElsEGlfGPFjF gW0An2Ko4dLP/YPfxc+AcLUukoUjXy1a =LPFh -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- There is a script to detect ms010_061? Richard Miles (Nov 05)
- Re: There is a script to detect ms010_061? Ron (Nov 05)
- Re: There is a script to detect ms010_061? Richard Miles (Nov 09)
- RE: There is a script to detect ms010_061? Drazen Popovic (Nov 09)
- Re: There is a script to detect ms010_061? David Fifield (Nov 09)
- Re: There is a script to detect ms010_061? Richard Miles (Nov 10)
- Re: There is a script to detect ms010_061? Richard Miles (Nov 09)
- Re: There is a script to detect ms010_061? Ron (Nov 05)