Identificando conficker na rede
Introdução
Exemplos de uso do poderoso comando nmap
Identificando conficker na rede
Exemplo de um scan da rede, o resultado é de uma máquina rodando samba com compartilhamento para rede
# nmap -p139,445 --script p2p-conficker,smb-os-discovery,smb-check-vulns --script-args checkconficker=1,safe=1 -T4 10.38.54.0/24 Nmap scan report for 10.38.54.253 Host is up (0.82s latency). PORT STATE SERVICE 139/tcp open netbios-ssn 445/tcp open microsoft-ds MAC Address: 00:0C:29:3D:2B:8D (VMware) Host script results: | smb-check-vulns: | MS08-067: CHECK DISABLED (add '--script-args=unsafe=1' to run) | Conficker: UNKNOWN; not Windows, or Windows with disabled browser service (CLEAN); or Windows with crashed browser service (possibly INFECTED). | | If you know the remote system is Windows, try rebooting it and scanning | |_ again. (Error NT_STATUS_OBJECT_NAME_NOT_FOUND) | regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run) | SMBv2 DoS (CVE-2009-3103): CHECK DISABLED (add '--script-args=unsafe=1' to run) | MS06-025: CHECK DISABLED (add '--script-args=unsafe=1' to run) |_ MS07-029: CHECK DISABLED (add '--script-args=unsafe=1' to run) | smb-os-discovery: | OS: Unix (Samba 3.6.9-151.el6_4.1) | Computer name: terra | NetBIOS computer name: | Domain name: cancella.com.br | FQDN: terra.cancella.com.br | NetBIOS domain name: CANCELLA-NET |_ System time: 2014-06-03T11:55:00-03:00