Thanks just read that too On 3/31/09, Nick Baronian <[email protected]> wrote: > I believe vulnerable machines will crash. > http://seclists.org/nmap-dev/2009/q1/0878.html > > If you were getting mixed results you might want to re-grab the latest svn. > It has been patched several times already today and corrected some issues I > was seeing. > > 2009/3/31 Tim Mugherini <[email protected]> > >> I got that too went with -script-args unsafe=1 and seems to work for most >> >> Think someone mentioned that yesterday somewhere >> >> not sure what the downside may be >> >> 2009/3/31 Dan Baxter <[email protected]> >> >>> Thanks! That helps a lot. However, my results aren't quite what I'd >>> hoped. Every machine that has 445 open, I get the result below. What >>> would >>> make the Conficker scan fail? Suggestions? Thanks >>> >>> >>> >>> PORT STATE SERVICE >>> >>> 445/tcp open microsoft-ds >>> >>> Host script results: >>> | smb-check-vulns: >>> | MS08-067: FIXED >>> | Conficker: ERROR: SMB: Failed to receive bytes: ERROR >>> |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) >>> >>> >>> >>> Dan Baxter >>> ------------------------------------------------- >>> Quis custodiet ipsos custodes? >>> >>> >>> 2009/3/31 Russell Butturini >>> <[email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> >>> > >>> >>>> I found you need to add the –vv (very verbose) flag using that >>>> command. Otherwise you don’t see the script results. See below: >>>> >>>> >>>> >>>> Discovered open port 445/tcp on x.x.x.x >>>> >>>> Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports) >>>> >>>> NSE: Initiating script scanning. >>>> >>>> Initiating NSE at 09:29 >>>> >>>> Completed NSE at 09:29, 0.50s elapsed >>>> >>>> Host x.x.x.x appears to be up ... good. >>>> >>>> Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s >>>> >>>> Interesting ports on x.x.x.x: >>>> >>>> PORT STATE SERVICE >>>> >>>> 445/tcp open microsoft-ds >>>> >>>> MAC Address: 00:11:25:E9:04:52 (IBM) >>>> >>>> >>>> >>>> Host script results: >>>> >>>> | smb-check-vulns: >>>> >>>> | MS08-067: FIXED >>>> >>>> | Conficker: Likely CLEAN >>>> >>>> *From:* >>>> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>[mailto: >>>> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>] >>>> *On Behalf Of *Dan Baxter >>>> *Sent:* Tuesday, March 31, 2009 9:01 AM >>>> *To:* PaulDotCom Security Weekly Mailing List >>>> *Subject:* Re: [Pauldotcom] Scanning for Confiker via nmap >>>> >>>> >>>> >>>> So forgive my lack of nmap-fu, but if I run this what am I looking for? >>>> I get back responses that list some with 445 open, some closed and a few >>>> filtered. How do I determine which may be infected. >>>> >>>> >>>> for clarification I'm running nmap -p 445 --script smb-check-vulns.nse >>>> >>>> Thanks >>>> >>>> Dan Baxter >>>> ------------------------------------------------- >>>> Quis custodiet ipsos custodes? >>>> >>>> >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >
-- Sent from my mobile device _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
