[unisog] IRC bot outbreaks

Reg Quinton reggers at ist.uwaterloo.ca
Wed Jul 31 18:20:54 GMT 2002


> Q: What tools are you using to scan for blank administrative passwords?

I think I've shared this before ....

What I do is scan for port 139 (using nmap) and trying to run a "dir" of
the c$ share as user administrator with a "" password (using smbclient). I
do that every day at about 13:00 from cron. What we do you can have:

http://ist.uwaterloo.ca/~reggers/drafts/AdminScan
    I run from cron daily.
http://ist.uwaterloo.ca/~reggers/drafts/PopUpMsg
    A tool to put a popup message on the user's screen.

These are simple shell scripts which use Samba for the nitty gritty, nmap
to identify machines. You'll need to carve a bit for your search paths,
etc. if you want to use them.

If you pick up the code you'll see I use a "contact" tool in the script to
identify system contacts so I can mail them a note -- that's too much of a
localism to share.




More information about the unisog mailing list