Categories: vuln, safe
Attempts to detect missing patches in Windows systems by checking the uptime returned during the SMB2 protocol negotiation.
SMB2 protocol negotiation response returns the system boot time pre-authentication. This information can be used to determine if a system is missing critical patches without triggering IDS/IPS/AVs.
Remember that a rebooted system may still be vulnerable. This check only reveals unpatched systems based on the uptime, no additional probes are sent.
Ignore OS detection results and show results
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusernameSee the documentation for the smbauth library.
randomseed, smbbasic, smbport, smbsignSee the documentation for the smb library.
vulns.short, vulns.showallSee the documentation for the vulns library.
nmap -O --script smb2-vuln-uptime <target>
nmap -p445 --script smb2-vuln-uptime --script-args smb2-vuln-uptime.skip-os=true <target>
| smb2-vuln-uptime: | VULNERABLE: | MS17-010: Security update for Windows SMB Server | State: LIKELY VULNERABLE | IDs: ms:ms17-010 CVE:2017-0147 | This system is missing a security update that resolves vulnerabilities in | Microsoft Windows SMB Server. | | References: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-0147 |_ https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
License: Same as Nmap--See https://nmap.org/book/man-legal.html