Jump to content

Scan for Downadup/Conficker


DingleBerries
 Share

Recommended Posts

Simple Nmap 4.85BETA5 command to scan for Downadup/Conficker.

nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

But what does it all mean?

-PN means to treat all hosts as online, and skip host discovery, which basically means don\'t try to ping ths hosts. This is useful because lots of hosts/firewalls drop icmp traffic.

-T4 is used to speed up the scan

-p139,445 tells it to scan those ports, which are related to samba windows file sharing

-n says don\'t try dns resolution

-v means make it spit out more information(aka verbose)

--script=smb-check-vulns runs the lua script smb-check-vulns, which appears to check for a few different vulnerablities. This script gets passed the safe=1 option which according to the web page tells the script to only do checks which are presumably safe for the system you are scanning against; the page warns that unsafe checks on a compromised system may cause it to crash.

Also more info on the approaching doom :rolleyes:

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...