nmap -v --script=smb-check-vulns IP (SCRIPT) [RESOLVIDO]

nmap -v --script=smb-check-vulns 192.168.1.3

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-09-29 14:46 BRT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 14:46
Scanning 192.168.1.3 [1 port]
Completed ARP Ping Scan at 14:46, 0.06s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 14:46
Completed Parallel DNS resolution of 1 host. at 14:46, 0.01s elapsed
Initiating SYN Stealth Scan at 14:46
Scanning 192.168.1.3 [1000 ports]
Discovered open port 135/tcp on 192.168.1.3
Discovered open port 139/tcp on 192.168.1.3
Discovered open port 3389/tcp on 192.168.1.3
Discovered open port 445/tcp on 192.168.1.3
Discovered open port 2869/tcp on 192.168.1.3
Completed SYN Stealth Scan at 14:46, 0.78s elapsed (1000 total ports)
NSE: Script scanning 192.168.1.3.
Initiating NSE at 14:46
Completed NSE at 14:46, 0.08s elapsed
Nmap scan report for 192.168.1.3
Host is up (0.040s latency).
Not shown: 995 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
2869/tcp open icslap
3389/tcp open ms-term-serv
MAC Address: 00:15:00:50:2B:04 (Intel Corporate)

Host script results:
| smb-check-vulns:
| MS08-067: NOT VULNERABLE
| Conficker: Likely CLEAN
| regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run)
| MS06-025: CHECK DISABLED (remove 'safe=1' argument to run)
|_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 1.28 seconds
Raw packets sent: 1001 (44.028KB) | Rcvd: 1001 (40.048KB)

PERGUNTAS: COMO FAÇO PARA ATIVAR A ATIVAR O "regsvc DoS" , "SMBv2 DoS" , "MS06-025" , "MS07-029" ?? reparem que os mesmos estao desativados(CHECK DISABLED)

creio que eu tenha que editar o escript que esta sendo usado..

vlw pessoal!

root@bt:~# nmap -v --script=smb-check-vulns --script-args=unsafe=1 10.239.68.18



Starting Nmap 5.35DC1 ( http://nmap.org ) at 2011-09-29 16:44 BRT

NSE: Loaded 1 scripts for scanning.

Initiating ARP Ping Scan at 16:44

Scanning 10.239.68.18 [1 port]

Completed ARP Ping Scan at 16:44, 0.00s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 16:44

Completed Parallel DNS resolution of 1 host. at 16:44, 0.01s elapsed

Initiating SYN Stealth Scan at 16:44

Scanning gti-adm01.xxx.net (10.239.68.18) [1000 ports]

Discovered open port 139/tcp on 10.239.68.18

Discovered open port 3389/tcp on 10.239.68.18

Discovered open port 135/tcp on 10.239.68.18

Discovered open port 22/tcp on 10.239.68.18

Discovered open port 445/tcp on 10.239.68.18

Discovered open port 9091/tcp on 10.239.68.18

Discovered open port 912/tcp on 10.239.68.18

Completed SYN Stealth Scan at 16:44, 1.18s elapsed (1000 total ports)

NSE: Script scanning 10.239.68.18.

NSE: Starting runlevel 1 (of 1) scan.

Initiating NSE at 16:44

Completed NSE at 16:44, 5.02s elapsed

Nmap scan report for gti-adm01.xxx.net (10.239.68.18)

Host is up (0.000031s latency).

Not shown: 993 closed ports

PORT     STATE SERVICE

22/tcp   open  ssh

135/tcp  open  msrpc

139/tcp  open  netbios-ssn

445/tcp  open  microsoft-ds

912/tcp  open  unknown

3389/tcp open  ms-term-serv

9091/tcp open  unknown

MAC Address: D8:D3:85:6D:25:43 (Hewlett Packard)



Host script results:

| smb-check-vulns:

|   MS08-067: NOT VULNERABLE

|   Conficker: Likely CLEAN

|   SMBv2 DoS (CVE-2009-3103): NOT VULNERABLE

|   MS06-025: NO SERVICE (the Ras RPC service is inactive)

|_  MS07-029: NO SERVICE (the Dns Server RPC service is inactive)



Read data files from: /usr/share/nmap

Nmap done: 1 IP address (1 host up) scanned in 6.30 seconds

           Raw packets sent: 1082 (47.592KB) | Rcvd: 1003 (40.136KB)

root@bt:~#

 

Isso responde a sua pergunta?

repara bem:

miketrack@bt:~$ nmap -v --script=smb-check-vulns 192.168.1.3
Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-09-29 16:59 BRT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 16:59
Scanning 192.168.1.3 [2 ports]
Completed Ping Scan at 16:59, 1.10s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:59
Completed Parallel DNS resolution of 1 host. at 16:59, 0.01s elapsed
Initiating Connect Scan at 16:59
Scanning 192.168.1.3 [1000 ports]
Discovered open port 135/tcp on 192.168.1.3
Discovered open port 3389/tcp on 192.168.1.3
Discovered open port 445/tcp on 192.168.1.3
Discovered open port 139/tcp on 192.168.1.3
Completed Connect Scan at 16:59, 0.78s elapsed (1000 total ports)
NSE: Script scanning 192.168.1.3.
Initiating NSE at 16:59
Completed NSE at 16:59, 0.11s elapsed
Nmap scan report for 192.168.1.3
Host is up (0.038s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-term-serv

Host script results:
| smb-check-vulns:
| MS08-067: NOT VULNERABLE
| Conficker: Likely CLEAN
| regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
| SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run)
| MS06-025: CHECK DISABLED (remove 'safe=1' argument to run) AQUI APARECE QUE PRECIZA DO PARAMETRO.. MAS NO COMANDO SEGUINTE ELE NEM APARECE NADA! POXA! PQ?
|_ MS07-029: CHECK DISABLED (remove 'safe=1' argument to run)

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.21 seconds
miketrack@bt:~$


miketrack@bt:~$ nmap -v --script=smb-check-vulns --script-args=unsafe=1 192.168.1.3

Starting Nmap 5.59BETA1 ( http://nmap.org ) at 2011-09-29 16:56 BRT
NSE: Loaded 1 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 16:56
Scanning 192.168.1.3 [2 ports]
Completed Ping Scan at 16:56, 1.10s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 16:56
Completed Parallel DNS resolution of 1 host. at 16:56, 0.01s elapsed
Initiating Connect Scan at 16:56
Scanning 192.168.1.3 [1000 ports]
Discovered open port 135/tcp on 192.168.1.3
Discovered open port 3389/tcp on 192.168.1.3
Discovered open port 139/tcp on 192.168.1.3
Discovered open port 445/tcp on 192.168.1.3
Completed Connect Scan at 16:56, 0.79s elapsed (1000 total ports)
NSE: Script scanning 192.168.1.3.
Initiating NSE at 16:56
Completed NSE at 16:56, 0.14s elapsed
Nmap scan report for 192.168.1.3
Host is up (0.044s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
3389/tcp open ms-term-serv

NSE: Script Post-scanning.
Read data files from: /usr/local/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 2.23 seconds


estranho ne? comigo da diferente..

mesmo assim vlw pela atençao ae Pacheco!
oque vc acha o que poderia ser Pache?

Mistério, kra! O q eu t sugiro é atualizar a versão do nmap (ou instalar uma versão anterior) pra v se dá o msm problema.

vlw pacheco! vc é o cara! =]

cara, eu faço faculdade de redes e uso somente backtrack, até deixei ele nos trinks com AWN, Docky, Docky Cairo, Compiz, Emerald, + eu gosto muito de modo texto e vi que no back track inclusive a ultima versao que saio R1 Revolution 1 tudo tem que ser feito na unha, aprendi a instalar nvidia etc.. e eu queria um conselho seu, ja procurei muitas comunidades sobre backtrack mas eu vejo que nao tem muita gente que se dedica sobre essa stupenda distribuiçao.. vc conheçe alguma comunidade ou site a respeito disso? vlw!

Kra, tinha o www.backtrack.com.br, mas não sei pq q o site parou d responder (ou tá fora do ar, sei lá!). O lance é ler em inglês msm:

http://www.backtrack-linux.org

Ae tem um monte d coisa. Se vc quiser saber o funcionamento d alguma ferramenta em específico, procure no google sobre ela.