Script smb-double-pulsar-backdoor

Script types: hostrule
Categories: vuln, safe, malware

Script Summary

Checks if the target machine is running the Double Pulsar SMB backdoor.

Based on the python detection script by Luke Jennings of Countercept.

See also:

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap -p 445 <target> --script=smb-double-pulsar-backdoor

Script Output

| smb-double-pulsar-backdoor:
|   Double Pulsar SMB Backdoor
|     State: VULNERABLE
|     Risk factor: HIGH  CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
|       The Double Pulsar SMB backdoor was detected running on the remote machine.
|     Disclosure date: 2017-04-14
|     References:



  • Andrew Orr

License: Same as Nmap--See