[unisog] Vulnerability scanner for MS05-039

Chris Russel russel at yorku.ca
Wed Aug 17 14:25:40 GMT 2005


Hey Russell,

If you have any info on the w2k systems that are showing inconclusive with 
noxscan but are vulnerable according to metasploit that would be useful - 
is the code just [00000000]?  If so I'm thinking it may be timeout issues 
(old, slow/busy machines or network glitches?), increasing the receive 
timeout may catch them.  I run with -r 1800 which is more than 
double the default... maybe I should change the default!

-- 
Chris Russel
Manager CNS Information Security
York University, Toronto, Canada

On Wed, 17 Aug 2005, Russell Fulton wrote:

> I'll add my thanks to Syl's!  Great work Chris.
>
> I have also been busy and hacked a version metasploit's mscli to take a file of IPs this makes it somewhat faster than running the mscli from a script because you are not starting perl and loading  metasploit for each machine.  The original version spawned processes to run the tests in parallel but I am not sure if this is reliable -- more testing needed.
>
> I have been using noxscan since yesterday morning and getting large numbers of INCONCLUSIVEs.
> I turns out that 2003 and XP turn up as INCONCLUSIVE (quite rightly since one can't test the vulnerability without logging in) but there were also some w2k boxes too so I used my script to recheck these machines and came up with about 80 more (to add to the 600 we found on the first scan).  I hasten to add that the number is much lower this morning ;)
>
> I'll do a bit more work on my metasploit bulk script this morning and  then post it to the list.
>
> Russell
>


More information about the unisog mailing list