Script `smb-vuln-conficker`

Script types: hostrule
Categories: intrusive, exploit, dos, vuln
Download: https://svn.nmap.org/nmap/scripts/smb-vuln-conficker.nse

Script Summary

Detects Microsoft Windows systems infected by the Conficker worm. This check is dangerous and it may crash systems.

Based loosely on the Simple Conficker Scanner, found here: -- http://iv.cs.uni-bonn.de/wg/cs/applications/containing-conficker/

This check was previously part of smb-check-vulns.

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername: See the documentation for the smbauth library.
randomseed, smbbasic, smbport, smbsign: See the documentation for the smb library.
vulns.short, vulns.showall: See the documentation for the vulns library.

Example Usage

nmap --script smb-vuln-conficker.nse -p445 <host>
nmap -sU --script smb-vuln-conficker.nse -p T:139 <host>

Script Output

| smb-vuln-conficker:
|   VULNERABLE:
|   Microsoft Windows system infected by Conficker
|     State: VULNERABLE
|     IDs:  CVE:2008-4250
|       This system shows signs of being infected by a variant of the worm Conficker.
|     References:
|       https://technet.microsoft.com/en-us/library/security/ms08-067.aspx
|       http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Win32%2fConficker
|_      https://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-4250

Requires

Authors:

Ron Bowes
Jiayi Ye
Paulino Calderon <calderon()websec.mx>

License: Same as Nmap--See https://nmap.org/book/man-legal.html

Script smb-vuln-conficker

Script Summary

Script Arguments

Example Usage

Script Output

Requires

Script `smb-vuln-conficker`