[unisog] MS04-007 scanner

jan.droemer at philips.com jan.droemer at philips.com
Wed Feb 18 17:51:34 GMT 2004

Hello from the other side of the ocean,

Attached a perl script we wrote to detect vulnerable systems via port 139. 
It's based on the Nessus plugin.
So far it seems as if it's not possible to scan NT systems.

Hope this helps.


Matt Crawford <crawdad at fnal.gov>
18.02.2004 18:22

        To:     "Christopher E. Cramer" <chris.cramer at duke.edu>
        cc:     Keith Schoenefeld <schoenk at utulsa.edu>
unisog at sans.org
(bcc: Jan Droemer/HBG/PDE/PHILIPS)
        Subject:        Re: [unisog] MS04-007 scanner

> it is worth noting that the scanner operates by checking on port 445.
> if there is a server that isn't patched and has 445 closed or filtered,
> you'll get an error on the connection.  this does not mean that the
> system is not vulnerable - it may still be vulnerable over another 
> port.

Right - this will not find any NT4 systems and will miss some W2000 
We're sticking with the Nessus plugin which does some extra work in 
order to be
able to make essentially the same probe on port 139.

More information about the unisog mailing list