Script smb-vuln-webexec

Script types: portrule
Categories: intrusive, vuln
Download: https://svn.nmap.org/nmap/scripts/smb-vuln-webexec.nse

Script Summary

A critical remote code execution vulnerability exists in WebExService (WebExec).

See also:

• smb-webexec-exploit.nse

Script Arguments

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

randomseed, smbbasic, smbport, smbsign

See the documentation for the smb library.

vulns.short, vulns.showall

See the documentation for the vulns library.

Example Usage

nmap --script smb-vuln-webexec --script-args smbusername=<username>,smbpass=<password> -p445 <host>

Script Output

PORT    STATE SERVICE      REASON
445/tcp open  microsoft-ds syn-ack
| smb-vuln-webexec:
|   VULNERABLE:
|   Remote Code Execution vulnerability in WebExService
|     State: VULNERABLE
|     IDs:  CVE:CVE-2018-15442
|     Risk factor: HIGH
|       A critical remote code execution vulnerability exists in WebExService (WebExec).
|     Disclosure date: 2018-10-24
|     References:
|       https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15442
|       https://blog.skullsecurity.org/2018/technical-rundown-of-webexec
|_      https://webexec.org

Requires

• msrpc
• string
• shortport
• smb
• stdnse
• vulns
• rand
• stringaux

---

Author:

• Ron Bowes

License: Same as Nmap--See https://nmap.org/book/man-legal.html