PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-17 05:09:00 +00:00
Code Issues Projects Releases Wiki Activity

Updated Conficker.D-detection code

Browse Source
This commit is contained in:
ron
2009-04-17 01:09:29 +00:00
parent 14f2c0c6db
commit dd9f063b1f
1 changed files with 14 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
scripts/smb-check-vulns.nse
View File

@@ -219,34 +219,32 @@ function check_conficker(host)
return false, bind_result return false, bind_result
end end
-- Call netpathcanonicalize -- Try checking a valid string to find Conficker.D
local path = "\\..\\" status, netpathcanonicalize_result, error_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, "\\")
local error_result if(status == true and netpathcanonicalize_result['can_path'] == 0x5c45005c) then
status, netpathcanonicalize_result, error_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, path)
-- Stop the SMB session
msrpc.stop_smb(smbstate) msrpc.stop_smb(smbstate)
return true, INFECTED2
end
-- Try checking an illegal string ("\..\") to find Conficker.C and earlier
local error_result
status, netpathcanonicalize_result, error_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, "\\..\\")
if(status == false) then if(status == false) then
if(string.find(netpathcanonicalize_result, "INVALID_NAME")) then if(string.find(netpathcanonicalize_result, "INVALID_NAME")) then
msrpc.stop_smb(smbstate)
return true, CLEAN return true, CLEAN
--elseif(string.find(netpathcanonicalize_result, "UNKNOWN_57") ~= nil and error_result['can_path'] == 0x5c450000) then
elseif(string.find(netpathcanonicalize_result, "UNKNOWN_57") ~= nil) then elseif(string.find(netpathcanonicalize_result, "UNKNOWN_57") ~= nil) then
msrpc.stop_smb(smbstate)
return true, INFECTED return true, INFECTED
else else
msrpc.stop_smb(smbstate)
return false, netpathcanonicalize_result return false, netpathcanonicalize_result
end end
end end
-- Try a check that supposedly finds Conficker.E
local path = "\\"
local error_result
status, netpathcanonicalize_result, error_result = msrpc.srvsvc_netpathcanonicalize(smbstate, host.ip, path)
-- Stop the SMB session -- Stop the SMB session
msrpc.stop_smb(smbstate) msrpc.stop_smb(smbstate)
if(error_result['can_path'] == 0x5c45005c) then
return true, INFECTED2
end
return true, CLEAN return true, CLEAN
end end
@@ -345,7 +343,7 @@ action = function(host)
response = response .. "Conficker: Likely INFECTED\n" response = response .. "Conficker: Likely INFECTED\n"
found = true found = true
elseif(result == INFECTED2) then elseif(result == INFECTED2) then
response = response .. "Conficker: Likely INFECTED (by Conficker.D or higher)" response = response .. "Conficker: Likely INFECTED (by Conficker.D or higher)\n"
found = true found = true
else else
response = response .. "Conficker: Unknown response received (" .. result .. ")" response = response .. "Conficker: Unknown response received (" .. result .. ")"