nmap&wannacry

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

nmap&wannacry

ALICE
Salve,

ho eseguito la scansione della mia rete con nmap e lo script
smb-vuln-ms17-010.nse consigliato da Giuseppe Augiero nel suo post
"Risorse utili per contrastare WannaCry.

Il risultato è questo:

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 16:13 CEST
Nmap scan report for gateway (192.168.1.1)
Host is up (0.00047s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
|_nbstat: NetBIOS name: FRITZ-NAS, NetBIOS user: <unknown>, NetBIOS MAC:
<unknown> (unknown)
| smb-os-discovery:
|   OS: Unix (Samba 3.0.37)
|   Computer name: fritz
|   NetBIOS computer name:
|   Domain name: box
|   FQDN: fritz.box
|_  System time: 2017-05-17T16:14:11+02:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Nmap scan report for 192.168.1.4
Host is up (0.0033s latency).
PORT    STATE    SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.7
Host is up (0.011s latency).
PORT    STATE    SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.9
Host is up (0.0030s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.50
Host is up (0.012s latency).
PORT    STATE    SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.111
Host is up (0.0015s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
|_clock-skew: mean: -9s, deviation: 0s, median: -9s
|_nbstat: NetBIOS name: XP64-VM, NetBIOS user: <unknown>, NetBIOS MAC:
00:0c:29:15:63:88 (VMware)
| smb-os-discovery:
|   OS: Windows XP 3790 Service Pack 2 (Windows XP 5.2)
|   Computer name: xp64-vm
|   NetBIOS computer name: XP64-VM\x00
|   Workgroup: XP64\x00
|_  System time: 2017-05-17T16:14:02+02:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Nmap scan report for 192.168.1.112
Host is up (0.0055s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.116
Host is up (0.0011s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.123
Host is up (0.0011s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.202
Host is up (0.000079s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap done: 257 IP addresses (10 hosts up) scanned in 13.37 seconds

Delucidazioni e consigli?

Grazie

Giuseppe Ceccherini

_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp
Reply | Threaded
Open this post in threaded view
|

Re: nmap&wannacry

Simone Ferrini
Imho, non credo sia un'ottima idea condividere in una mailing list l'output di nmap della tua LAN.

_____________________________
From: ALICE <[hidden email]>
Sent: Wednesday, May 17, 2017 4:26 PM
Subject: [Gulp] nmap&wannacry
To: <[hidden email]>


Salve,

ho eseguito la scansione della mia rete con nmap e lo script
smb-vuln-ms17-010.nse consigliato da Giuseppe Augiero nel suo post
"Risorse utili per contrastare WannaCry.

Il risultato è questo:

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 16:13 CEST
Nmap scan report for gateway (192.168.1.1)
Host is up (0.00047s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
|_nbstat: NetBIOS name: FRITZ-NAS, NetBIOS user: <unknown>, NetBIOS MAC:
<unknown> (unknown)
| smb-os-discovery:
| OS: Unix (Samba 3.0.37)
| Computer name: fritz
| NetBIOS computer name:
| Domain name: box
| FQDN: fritz.box
|_ System time: 2017-05-17T16:14:11+02:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Nmap scan report for 192.168.1.4
Host is up (0.0033s latency).
PORT STATE SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.7
Host is up (0.011s latency).
PORT STATE SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.9
Host is up (0.0030s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.50
Host is up (0.012s latency).
PORT STATE SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.111
Host is up (0.0015s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
|_clock-skew: mean: -9s, deviation: 0s, median: -9s
|_nbstat: NetBIOS name: XP64-VM, NetBIOS user: <unknown>, NetBIOS MAC:
00:0c:29:15:63:88 (VMware)
| smb-os-discovery:
| OS: Windows XP 3790 Service Pack 2 (Windows XP 5.2)
| Computer name: xp64-vm
| NetBIOS computer name: XP64-VM\x00
| Workgroup: XP64\x00
|_ System time: 2017-05-17T16:14:02+02:00
| smb-security-mode:
| account_used: guest
| authentication_level: user
| challenge_response: supported
|_ message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Nmap scan report for 192.168.1.112
Host is up (0.0055s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.116
Host is up (0.0011s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.123
Host is up (0.0011s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.202
Host is up (0.000079s latency).
PORT STATE SERVICE
445/tcp closed microsoft-ds

Nmap done: 257 IP addresses (10 hosts up) scanned in 13.37 seconds

Delucidazioni e consigli?

Grazie

Giuseppe Ceccherini

_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp


_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp
Reply | Threaded
Open this post in threaded view
|

Re: nmap&wannacry

buda
In reply to this post by ALICE
Se è la stessa versione che ho usato al lavoro... Se  trovi la scritta vulnerabile  ci sono problemi altrimenti no. 

Il 17 mag 2017 16:26, "ALICE" <[hidden email]> ha scritto:
Salve,

ho eseguito la scansione della mia rete con nmap e lo script smb-vuln-ms17-010.nse consigliato da Giuseppe Augiero nel suo post "Risorse utili per contrastare WannaCry.

Il risultato è questo:

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 16:13 CEST
Nmap scan report for gateway (192.168.1.1)
Host is up (0.00047s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
|_nbstat: NetBIOS name: FRITZ-NAS, NetBIOS user: <unknown>, NetBIOS MAC: <unknown> (unknown)
| smb-os-discovery:
|   OS: Unix (Samba 3.0.37)
|   Computer name: fritz
|   NetBIOS computer name:
|   Domain name: box
|   FQDN: fritz.box
|_  System time: 2017-05-17T16:14:11+02:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Nmap scan report for 192.168.1.4
Host is up (0.0033s latency).
PORT    STATE    SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.7
Host is up (0.011s latency).
PORT    STATE    SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.9
Host is up (0.0030s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.50
Host is up (0.012s latency).
PORT    STATE    SERVICE
445/tcp filtered microsoft-ds

Nmap scan report for 192.168.1.111
Host is up (0.0015s latency).
PORT    STATE SERVICE
445/tcp open  microsoft-ds

Host script results:
|_clock-skew: mean: -9s, deviation: 0s, median: -9s
|_nbstat: NetBIOS name: XP64-VM, NetBIOS user: <unknown>, NetBIOS MAC: 00:0c:29:15:63:88 (VMware)
| smb-os-discovery:
|   OS: Windows XP 3790 Service Pack 2 (Windows XP 5.2)
|   Computer name: xp64-vm
|   NetBIOS computer name: XP64-VM\x00
|   Workgroup: XP64\x00
|_  System time: 2017-05-17T16:14:02+02:00
| smb-security-mode:
|   account_used: guest
|   authentication_level: user
|   challenge_response: supported
|_  message_signing: disabled (dangerous, but default)
|_smbv2-enabled: Server doesn't support SMBv2 protocol

Nmap scan report for 192.168.1.112
Host is up (0.0055s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.116
Host is up (0.0011s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.123
Host is up (0.0011s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap scan report for 192.168.1.202
Host is up (0.000079s latency).
PORT    STATE  SERVICE
445/tcp closed microsoft-ds

Nmap done: 257 IP addresses (10 hosts up) scanned in 13.37 seconds

Delucidazioni e consigli?

Grazie

Giuseppe Ceccherini

_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp

_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
G d+ s:+++ a? C++++$ UL+++>++++$ !P L++++ E- W+ N !o K++++ w--- O+++ M
V? PS+++ PE-- Y PGP t++ !5 !X R+ tv- b DI+ D+++ G++ e>+++++ h++ r? !y
------END GEEK CODE BLOCK------
Giu
Reply | Threaded
Open this post in threaded view
|

Re: nmap&wannacry

Giu
In reply to this post by Simone Ferrini

Il giorno 17 mag 2017, alle ore 19:46, Simone Ferrini <[hidden email]> ha scritto:

Imho, non credo sia un'ottima idea condividere in una mailing list l'output di nmap della tua LAN.


Simone non condivido  quello che scrivi, ma sarei interessato a capire il tuo punto di vista.

Giu


_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp
Reply | Threaded
Open this post in threaded view
|

Re: nmap&wannacry

Marco Cacchiani
In reply to this post by ALICE
Salve a tutti,

Lurko il gruppo da anni ... lo so, lo so, prima o poi mi devo associare!

questa mail solo per ringraziare dell'hint sull'uso di NMAP con NSE per la
detezione della vulnerabilita' wannaCry. L'ho usato all'interno di alcune
delle reti che gestisco e mi ha salvato ore di lavoro!

Grazie a Giuseppe Augiero per il tutorial e a Giuseppe Ceccherini per la
segnalazione.

P.S. se mi posso permettere un appunto a Giuseppe Augiero:

lo script smb-vuln-ms17-010.nse, descritto e linkato sul suo post:
   
   https://www.augiero.it/index.php/risorse-utili-per-contrastare-wannacry/

l'avrei fatto scaricare dalla repository github gestita direttamente
dall'autore:

   https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse
   
cosa che, tra l'altro, avrebbe consentito a tutti (gli inesperti come
me) di rendersi conto che nella stessa repository sono presenti altre
innumerevoli utility della stessa categoria.

Saluti a tutti,

Marco Cacchiani

On Wed, 17 May 2017, ALICE wrote:

> Salve,
>
> ho eseguito la scansione della mia rete con nmap e lo script
> smb-vuln-ms17-010.nse consigliato da Giuseppe Augiero nel suo post
> "Risorse utili per contrastare WannaCry.
>
> [...]

--
Marco Cacchiani

Tel   : +39 3355613564
E-mail: [hidden email]
        [hidden email]
        [hidden email]
PEC   : [hidden email]

Indirizzo:
  Via Filippi, 22 - Loc. Caprona
  56010 Vicopisano (PISA)

Public pgp key ([hidden email]):
  http://server.siriusnet.it/marco/pgp_public_key-FED595EE.asc

Public pgp key ([hidden email]):
  http://server.siriusnet.it/marco/pgp_public_key-A53F5E7D.asc

------------------------------------------------------------------------
Ai sensi  del  D.Lgs 196/03 si precisa che  le informazioni contenute in
questo messaggio sono  da  considerarsi riservate e ad uso esclusivo del
destinatario.
Qualora  il  messaggio  le  fosse pervenuto per errore,  La preghiamo di
eliminarlo senza copiarlo e non inoltrarlo a terzi dandocene gentilmente
comunicazione.
_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp
Giu
Reply | Threaded
Open this post in threaded view
|

Re: nmap&wannacry

Giu

> Il giorno 18 mag 2017, alle ore 11:38, Marco Cacchiani <[hidden email]> ha scritto:
>
> Salve a tutti,
>
> Lurko il gruppo da anni ... lo so, lo so, prima o poi mi devo associare!
>
> questa mail solo per ringraziare dell'hint sull'uso di NMAP con NSE per la
> detezione della vulnerabilita' wannaCry. L'ho usato all'interno di alcune
> delle reti che gestisco e mi ha salvato ore di lavoro!
>
> Grazie a Giuseppe Augiero per il tutorial e a Giuseppe Ceccherini per la
> segnalazione.

Grazie a te

>
> P.S. se mi posso permettere un appunto a Giuseppe Augiero:
>
> lo script smb-vuln-ms17-010.nse, descritto e linkato sul suo post:
>
>  https://www.augiero.it/index.php/risorse-utili-per-contrastare-wannacry/
>
> l'avrei fatto scaricare dalla repository github gestita direttamente
> dall'autore:
>
>  https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse
>
> cosa che, tra l'altro, avrebbe consentito a tutti (gli inesperti come
> me) di rendersi conto che nella stessa repository sono presenti altre
> innumerevoli utility della stessa categoria.
>


Generalmente limito il numero di link esterni sul mio sito per evitare che con il tempo abbia da gestire un
numero notevole di bad link.

La pagina completa di tutti gli script  è quella che tu hai linkato ma io volevo dare focus solo allo script nse per il wannacry.

Giu

_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp
Giu
Reply | Threaded
Open this post in threaded view
|

Re: nmap&wannacry

Giu

_______________________________________________
Gulp mailing list
[hidden email]
https://lists.gulp.linux.it/listinfo/gulp