In this article we'll be using the awesome open-source nmap network scanning engine. In this example I will be preforming my scan from a Linux box. However you can use other OSs.
wget http://nmap.org/dist/nmap-4.90RC1-1.i386.rpm
rpm -Uvh nmap-4.90RC1-1.i386.rpm
It is recommended that you get the latest nmap from their download page. Next, launch nmap on the local network IP range, in this example it is 192.168.96.0/22, but YMMV. The interesting argument here is the --script which utilizes the NSE (Nmap scripting engine) in order to assess whether or not the current windows machine nmap is connected to is vulnerable. So let's launch the scan
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 192.168.96.0/22
Once the scan has completed Identify the potentially infected machine on the LAN. An infected machine would result in nmap output similar to
Host script results:
| smb-os-discovery: Windows XP
| LAN Manager: Windows 2000 LAN Manager
| Name: WORKGROUP\LAME-WinXP
|_ System time: 2009-06-30 10:47:12 UTC+3
| smb-check-vulns:
| MS08-067: CHECK DISABLED (remove 'safe=1' argument to run)
| Conficker: Likely INFECTED (by Conficker.C or lower)
|_ regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
Once identified, you can use the great kkiller tool from kaspersky labs to clean the infected machine
You can find the latest kkiller from the following page page as well
Have fun, patch your broken windows, or better yet, learn some *nix foo or bar :)
Posts
1 comment:
nice article, thanks.
Post a Comment