I got that too went with -script-args unsafe=1 and seems to work for most Think someone mentioned that yesterday somewhere
not sure what the downside may be 2009/3/31 Dan Baxter <[email protected]> > Thanks! That helps a lot. However, my results aren't quite what I'd > hoped. Every machine that has 445 open, I get the result below. What would > make the Conficker scan fail? Suggestions? Thanks > > > PORT STATE SERVICE > > 445/tcp open microsoft-ds > > Host script results: > | smb-check-vulns: > | MS08-067: FIXED > | Conficker: ERROR: SMB: Failed to receive bytes: ERROR > |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) > > > > Dan Baxter > ------------------------------------------------- > Quis custodiet ipsos custodes? > > > 2009/3/31 Russell Butturini > <[email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> > > > >> I found you need to add the –vv (very verbose) flag using that command. >> Otherwise you don’t see the script results. See below: >> >> >> >> Discovered open port 445/tcp on x.x.x.x >> >> Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports) >> >> NSE: Initiating script scanning. >> >> Initiating NSE at 09:29 >> >> Completed NSE at 09:29, 0.50s elapsed >> >> Host x.x.x.x appears to be up ... good. >> >> Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s >> >> Interesting ports on x.x.x.x: >> >> PORT STATE SERVICE >> >> 445/tcp open microsoft-ds >> >> MAC Address: 00:11:25:E9:04:52 (IBM) >> >> >> >> Host script results: >> >> | smb-check-vulns: >> >> | MS08-067: FIXED >> >> | Conficker: Likely CLEAN >> >> *From:* >> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>[mailto: >> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>] >> *On Behalf Of *Dan Baxter >> *Sent:* Tuesday, March 31, 2009 9:01 AM >> *To:* PaulDotCom Security Weekly Mailing List >> *Subject:* Re: [Pauldotcom] Scanning for Confiker via nmap >> >> >> >> So forgive my lack of nmap-fu, but if I run this what am I looking for? I >> get back responses that list some with 445 open, some closed and a few >> filtered. How do I determine which may be infected. >> >> >> for clarification I'm running nmap -p 445 --script smb-check-vulns.nse >> >> Thanks >> >> Dan Baxter >> ------------------------------------------------- >> Quis custodiet ipsos custodes? >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
