I believe vulnerable machines will crash. http://seclists.org/nmap-dev/2009/q1/0878.html
If you were getting mixed results you might want to re-grab the latest svn. It has been patched several times already today and corrected some issues I was seeing. 2009/3/31 Tim Mugherini <[email protected]> > I got that too went with -script-args unsafe=1 and seems to work for most > > Think someone mentioned that yesterday somewhere > > not sure what the downside may be > > 2009/3/31 Dan Baxter <[email protected]> > >> Thanks! That helps a lot. However, my results aren't quite what I'd >> hoped. Every machine that has 445 open, I get the result below. What would >> make the Conficker scan fail? Suggestions? Thanks >> >> >> >> PORT STATE SERVICE >> >> 445/tcp open microsoft-ds >> >> Host script results: >> | smb-check-vulns: >> | MS08-067: FIXED >> | Conficker: ERROR: SMB: Failed to receive bytes: ERROR >> |_ regsvc DoS: NOT RUN (add --script-args=unsafe=1 to run) >> >> >> >> Dan Baxter >> ------------------------------------------------- >> Quis custodiet ipsos custodes? >> >> >> 2009/3/31 Russell Butturini >> <[email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> >> > >> >>> I found you need to add the –vv (very verbose) flag using that >>> command. Otherwise you don’t see the script results. See below: >>> >>> >>> >>> Discovered open port 445/tcp on x.x.x.x >>> >>> Completed SYN Stealth Scan at 09:29, 0.00s elapsed (1 total ports) >>> >>> NSE: Initiating script scanning. >>> >>> Initiating NSE at 09:29 >>> >>> Completed NSE at 09:29, 0.50s elapsed >>> >>> Host x.x.x.x appears to be up ... good. >>> >>> Scanned at 2009-03-31 09:29:47 Central Daylight Time for 1s >>> >>> Interesting ports on x.x.x.x: >>> >>> PORT STATE SERVICE >>> >>> 445/tcp open microsoft-ds >>> >>> MAC Address: 00:11:25:E9:04:52 (IBM) >>> >>> >>> >>> Host script results: >>> >>> | smb-check-vulns: >>> >>> | MS08-067: FIXED >>> >>> | Conficker: Likely CLEAN >>> >>> *From:* >>> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>[mailto: >>> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]>] >>> *On Behalf Of *Dan Baxter >>> *Sent:* Tuesday, March 31, 2009 9:01 AM >>> *To:* PaulDotCom Security Weekly Mailing List >>> *Subject:* Re: [Pauldotcom] Scanning for Confiker via nmap >>> >>> >>> >>> So forgive my lack of nmap-fu, but if I run this what am I looking for? >>> I get back responses that list some with 445 open, some closed and a few >>> filtered. How do I determine which may be infected. >>> >>> >>> for clarification I'm running nmap -p 445 --script smb-check-vulns.nse >>> >>> Thanks >>> >>> Dan Baxter >>> ------------------------------------------------- >>> Quis custodiet ipsos custodes? >>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected]<https://mail.google.com/mail?view=cm&tf=0&[email protected]> >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
