mirror of
https://github.com/nmap/nmap.git
synced 2025-12-06 04:31:29 +00:00
Add some cross-references to NSEdoc for recent scripts
This commit is contained in:
dmiller
@@ -55,6 +55,7 @@ by it will be checked in addition to the root.
|
|||||||
-- </table>
|
-- </table>
|
||||||
--
|
--
|
||||||
-- @see http-enum.nse
|
-- @see http-enum.nse
|
||||||
|
-- @see http-security-headers.nse
|
||||||
|
|
||||||
categories = { "default", "safe", "vuln" }
|
categories = { "default", "safe", "vuln" }
|
||||||
author = "Steve Benson"
|
author = "Steve Benson"
|
||||||
|
|||||||
@@ -24,6 +24,8 @@ Performs a HEAD request for the root folder ("/") of a web server and displays t
|
|||||||
--
|
--
|
||||||
--@args path The path to request, such as <code>/index.php</code>. Default <code>/</code>.
|
--@args path The path to request, such as <code>/index.php</code>. Default <code>/</code>.
|
||||||
--@args useget Set to force GET requests instead of HEAD.
|
--@args useget Set to force GET requests instead of HEAD.
|
||||||
|
--
|
||||||
|
--@see http-security-headers.nse
|
||||||
|
|
||||||
author = "Ron Bowes"
|
author = "Ron Bowes"
|
||||||
|
|
||||||
|
|||||||
@@ -14,6 +14,8 @@ https://github.com/countercept/doublepulsar-detection-script
|
|||||||
---
|
---
|
||||||
-- @usage nmap -p 445 <target> --script=smb-double-pulsar-backdoor
|
-- @usage nmap -p 445 <target> --script=smb-double-pulsar-backdoor
|
||||||
--
|
--
|
||||||
|
-- @see smb-vuln-ms17-010.nse
|
||||||
|
--
|
||||||
-- @output
|
-- @output
|
||||||
-- | smb-double-pulsar-backdoor:
|
-- | smb-double-pulsar-backdoor:
|
||||||
-- | VULNERABLE:
|
-- | VULNERABLE:
|
||||||
|
|||||||
@@ -5,7 +5,7 @@ local string = require "string"
|
|||||||
|
|
||||||
description = [[
|
description = [[
|
||||||
Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code
|
Attempts to detect if a Microsoft SMBv1 server is vulnerable to a remote code
|
||||||
execution vulnerability (ms17-010).
|
execution vulnerability (ms17-010, a.k.a. EternalBlue).
|
||||||
|
|
||||||
The script connects to the $IPC tree, executes a transaction on FID 0 and
|
The script connects to the $IPC tree, executes a transaction on FID 0 and
|
||||||
checks if the error "STATUS_INSUFF_SERVER_RESOURCES" is returned to
|
checks if the error "STATUS_INSUFF_SERVER_RESOURCES" is returned to
|
||||||
@@ -18,7 +18,7 @@ References:
|
|||||||
* https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
|
* https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
|
||||||
* https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|
* https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
|
||||||
* https://msdn.microsoft.com/en-us/library/ee441489.aspx
|
* https://msdn.microsoft.com/en-us/library/ee441489.aspx
|
||||||
* https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb
|
* https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/smb/smb_ms17_010.rb
|
||||||
* https://github.com/cldrn/nmap-nse-scripts/wiki/Notes-about-smb-vuln-ms17-010
|
* https://github.com/cldrn/nmap-nse-scripts/wiki/Notes-about-smb-vuln-ms17-010
|
||||||
]]
|
]]
|
||||||
|
|
||||||
@@ -26,9 +26,11 @@ References:
|
|||||||
-- @usage nmap -p445 --script smb-vuln-ms17-010 <target>
|
-- @usage nmap -p445 --script smb-vuln-ms17-010 <target>
|
||||||
-- @usage nmap -p445 --script vuln <target>
|
-- @usage nmap -p445 --script vuln <target>
|
||||||
--
|
--
|
||||||
|
-- @see smb-double-pulsar-backdoor.nse
|
||||||
|
--
|
||||||
-- @output
|
-- @output
|
||||||
-- Host script results:
|
-- Host script results:
|
||||||
-- | smb-vuln-ms17-010:
|
-- | smb-vuln-ms17-010:
|
||||||
-- | VULNERABLE:
|
-- | VULNERABLE:
|
||||||
-- | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|
-- | Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
|
||||||
-- | State: VULNERABLE
|
-- | State: VULNERABLE
|
||||||
@@ -36,7 +38,7 @@ References:
|
|||||||
-- | Risk factor: HIGH
|
-- | Risk factor: HIGH
|
||||||
-- | A critical remote code execution vulnerability exists in Microsoft SMBv1
|
-- | A critical remote code execution vulnerability exists in Microsoft SMBv1
|
||||||
-- | servers (ms17-010).
|
-- | servers (ms17-010).
|
||||||
-- |
|
-- |
|
||||||
-- | Disclosure date: 2017-03-14
|
-- | Disclosure date: 2017-03-14
|
||||||
-- | References:
|
-- | References:
|
||||||
-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|
-- | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|
||||||
@@ -114,9 +116,9 @@ local function check_ms17010(host, port, sharename)
|
|||||||
0x0, --
|
0x0, --
|
||||||
0x0700, -- BCC (Length of "\PIPE\")
|
0x0700, -- BCC (Length of "\PIPE\")
|
||||||
0x5c50, -- \P
|
0x5c50, -- \P
|
||||||
0x4950, -- IP
|
0x4950, -- IP
|
||||||
0x455c -- E\
|
0x455c -- E\
|
||||||
)
|
)
|
||||||
stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION")
|
stdnse.debug2("SMB: Sending SMB_COM_TRANSACTION")
|
||||||
result, err = smb.smb_send(smbstate, smb_header, smb_params, '', overrides)
|
result, err = smb.smb_send(smbstate, smb_header, smb_params, '', overrides)
|
||||||
if(result == false) then
|
if(result == false) then
|
||||||
@@ -130,12 +132,12 @@ local function check_ms17010(host, port, sharename)
|
|||||||
stdnse.debug1("Valid SMB_COM_TRANSACTION response received")
|
stdnse.debug1("Valid SMB_COM_TRANSACTION response received")
|
||||||
|
|
||||||
--STATUS_INSUFF_SERVER_RESOURCES indicate that the machine is not patched
|
--STATUS_INSUFF_SERVER_RESOURCES indicate that the machine is not patched
|
||||||
if err == 0xc0000205 then
|
if err == 0xc0000205 then
|
||||||
stdnse.debug1("STATUS_INSUFF_SERVER_RESOURCES response received")
|
stdnse.debug1("STATUS_INSUFF_SERVER_RESOURCES response received")
|
||||||
return true
|
return true
|
||||||
elseif err == 0xc0000022 then
|
elseif err == 0xc0000022 then
|
||||||
stdnse.debug1("STATUS_ACCESS_DENIED response received. This system is likely patched.")
|
stdnse.debug1("STATUS_ACCESS_DENIED response received. This system is likely patched.")
|
||||||
return false, "This system is patched."
|
return false, "This system is patched."
|
||||||
elseif err == 0xc0000008 then
|
elseif err == 0xc0000008 then
|
||||||
stdnse.debug1("STATUS_INVALID_HANDLE response received. This system is likely patched.")
|
stdnse.debug1("STATUS_INVALID_HANDLE response received. This system is likely patched.")
|
||||||
return false, "This system is patched."
|
return false, "This system is patched."
|
||||||
@@ -157,10 +159,10 @@ action = function(host,port)
|
|||||||
description = [[
|
description = [[
|
||||||
A critical remote code execution vulnerability exists in Microsoft SMBv1
|
A critical remote code execution vulnerability exists in Microsoft SMBv1
|
||||||
servers (ms17-010).
|
servers (ms17-010).
|
||||||
]],
|
]],
|
||||||
references = {
|
references = {
|
||||||
'https://technet.microsoft.com/en-us/library/security/ms17-010.aspx',
|
'https://technet.microsoft.com/en-us/library/security/ms17-010.aspx',
|
||||||
'https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/'
|
'https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/'
|
||||||
},
|
},
|
||||||
dates = {
|
dates = {
|
||||||
disclosure = {year = '2017', month = '03', day = '14'},
|
disclosure = {year = '2017', month = '03', day = '14'},
|
||||||
|
|||||||
Reference in New Issue
Block a user