Nmap Development mailing list archives
Re: WannaCry Script - MS17-010
From: Paulino Calderon <paulino () calderonpale com>
Date: Wed, 14 Jun 2017 21:54:00 -0500
Hello Tim, Thanks for reporting this. There are a few different reasons why the script might not be able to detect if a host is vulnerable : -Anonymous access to IPC is required. Configurations that block IPC$ will require users to provide smb credentials to get this work with the script arguments smbuser and smbpass -AV products might be detecting the probe and blocking the host response. -SMBv1 could be disabled -One user reported that some hosts weren't being marked as vulnerable when scanning large networks. I tried reproducing this with no luck. Did you try using a single host as a target? Please let me know if you experience different results. On the other hand, I'm not familiar with what the nessus check does but packet captures of these hosts will help me compare the difference. I did test it against Windows 2012 and it worked as expected in my lab so please share with me (privately if you want) more information to troubleshoot this. Cheers. El 13 jun. 2017 4:46 PM, "Tim Naami" <tnaami () gmail com> escribió: I'm using the MS17-010 script as discussed here: http://seclists.org/nmap-dev/2017/q2/79 It appears to miss a number of systems that are not patched. A quick NMAP scan will show systems are not vulnerable but my Nessus scanner says they are. Based on reboot date I know the systems have not been patched. I believe the possibility is related to Server 2012 R2 as it seems those are the ones Nessus says are vulnerable but NMAP does not. Yet NMAP is catching others not patched. TIA Tim _______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- WannaCry Script - MS17-010 Tim Naami (Jun 13)
- Re: WannaCry Script - MS17-010 Paulino Calderon (Jun 14)