Thanks! That helps a lot. However, my results aren't quite what I'd hoped. Every machine that has 445 open, I get the result below. What would make the Conficker scan fail? Suggestions? Thanks
PORT STATE SERVICE 445/tcp open microsoft-ds Host script results: | smb-check-vulns: | MS08-067: FIXED | Conficker: ERROR: SMB: Failed to receive bytes: ERROR |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) Dan Baxter ------------------------------------------------- Quis custodiet ipsos custodes? 2009/3/31 Russell Butturini <[email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> > > I found you need to add the –vv (very verbose) flag using that command. > Otherwise you don’t see the script results. See below: > > > > Discovered open port 445/tcp on x.x.x.x > > Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports) > > NSE: Initiating script scanning. > > Initiating NSE at 09:29 > > Completed NSE at 09:29, 0.50s elapsed > > Host x.x.x.x appears to be up ... good. > > Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s > > Interesting ports on x.x.x.x: > > PORT STATE SERVICE > > 445/tcp open microsoft-ds > > MAC Address: 00:11:25:E9:04:52 (IBM) > > > > Host script results: > > | smb-check-vulns: > > | MS08-067: FIXED > > | Conficker: Likely CLEAN > > *From:* > [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>[mailto: > [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>] > *On Behalf Of *Dan Baxter > *Sent:* Tuesday, March 31, 2009 9:01 AM > *To:* PaulDotCom Security Weekly Mailing List > *Subject:* Re: [Pauldotcom] Scanning for Confiker via nmap > > > > So forgive my lack of nmap-fu, but if I run this what am I looking for? I > get back responses that list some with 445 open, some closed and a few > filtered. How do I determine which may be infected. > > > for clarification I'm running nmap -p 445 --script smb-check-vulns.nse > > Thanks > > Dan Baxter > ------------------------------------------------- > Quis custodiet ipsos custodes? > > > _______________________________________________ > Pauldotcom mailing list > [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
