Tuesday, March 31, 2009

Conficker Worm and Nmap

It has been a while since I made any posts here. Really kind of forgot about this thing. But there is a lot of talk about Conficker.
Well the guys at the Honeynet Project have figured a way to detect it.
Nmap has release a beta that has the ability to check for it. You can get it here.

The command looks like the following:
nmap -PN -T4 -p139,445 -n -v --script=smb-check-vulns --script-args safe=1 [targetnetworks]

Big thanks goes out to Dan Kaminsky @ DoxPara Research Tillmann Werner and Felix Leder of the Honeynet Project.
And of course to Fyodor for making Nmap

I have also posted some info over on the Back Track Forums will continue to update there as need be.