[unisog] Vulnerability scanner for MS05-039

Russell Fulton r.fulton at auckland.ac.nz
Tue Aug 16 21:25:12 GMT 2005

I'll add my thanks to Syl's!  Great work Chris.

I have also been busy and hacked a version metasploit's mscli to take a file of IPs this makes it somewhat faster than running the mscli from a script because you are not starting perl and loading  metasploit for each machine.  The original version spawned processes to run the tests in parallel but I am not sure if this is reliable -- more testing needed.

I have been using noxscan since yesterday morning and getting large numbers of INCONCLUSIVEs.
I turns out that 2003 and XP turn up as INCONCLUSIVE (quite rightly since one can't test the vulnerability without logging in) but there were also some w2k boxes too so I used my script to recheck these machines and came up with about 80 more (to add to the 600 we found on the first scan).  I hasten to add that the number is much lower this morning ;)

I'll do a bit more work on my metasploit bulk script this morning and  then post it to the list.

Chris Russel wrote:
> Our vuln scanning tool is here, updated to detect MS05-039:
> http://infosec.yorku.ca/tools/
> (also checks MS04-007, MS04-011 for good measure)
> It is designed for speed and should do a class-B in 5-10 minutes or less 
> (run with 100+ threads). I got tired of renaming it after every new 
> Microsoft security bulletin, so it is just called noxscan now (used to be 
> 011scan). It is somewhat of a hack but works well enough for us - standard 
> disclaimer, YMMV, no guarantees of any kind... Tested on Linux, OpenBSD, 
> and Solaris.
> Thanks to those on #unisog who helped test it.

More information about the unisog mailing list