[unisog] Vulnerability scanner for MS05-039

Youngquist, Jason R. jryoungquist at ccis.edu
Thu Aug 18 18:05:25 GMT 2005


Russell,

Have you finished your script?  Have ran Chris's script and it worked
decently, but want run another scan using some different software.

Thanks.
Jason Youngquist
Network Security Analyst
Technology Services
Columbia College
1001 Rogers Street, Columbia, MO  65216
(573) 875-7334
http://www.ccis.edu
 

-----Original Message-----
From: unisog-bounces at lists.sans.org
[mailto:unisog-bounces at lists.sans.org] On Behalf Of Russell Fulton
Sent: Tuesday, August 16, 2005 4:25 PM
To: UNIversity Security Operations Group
Subject: Re: [unisog] Vulnerability scanner for MS05-039

I'll add my thanks to Syl's!  Great work Chris.

I have also been busy and hacked a version metasploit's mscli to take a
file of IPs this makes it somewhat faster than running the mscli from a
script because you are not starting perl and loading  metasploit for
each machine.  The original version spawned processes to run the tests
in parallel but I am not sure if this is reliable -- more testing
needed.

I have been using noxscan since yesterday morning and getting large
numbers of INCONCLUSIVEs.
I turns out that 2003 and XP turn up as INCONCLUSIVE (quite rightly
since one can't test the vulnerability without logging in) but there
were also some w2k boxes too so I used my script to recheck these
machines and came up with about 80 more (to add to the 600 we found on
the first scan).  I hasten to add that the number is much lower this
morning ;)

I'll do a bit more work on my metasploit bulk script this morning and
then post it to the list.

Russell
 
Chris Russel wrote:
> Our vuln scanning tool is here, updated to detect MS05-039:
> 
> http://infosec.yorku.ca/tools/
> 
> (also checks MS04-007, MS04-011 for good measure)
> 
> It is designed for speed and should do a class-B in 5-10 minutes or
less 
> (run with 100+ threads). I got tired of renaming it after every new 
> Microsoft security bulletin, so it is just called noxscan now (used to
be 
> 011scan). It is somewhat of a hack but works well enough for us -
standard 
> disclaimer, YMMV, no guarantees of any kind... Tested on Linux,
OpenBSD, 
> and Solaris.
> 
> Thanks to those on #unisog who helped test it.
> 
_______________________________________________
unisog mailing list
unisog at lists.sans.org
http://www.dshield.org/mailman/listinfo/unisog



More information about the unisog mailing list