Using nmap 'Script' to Quickly Scan for One Particular Vulnerability (MS08-067) | Kali Linux / Backtrack

I usually scan for vulnerabilities using the Nessus Scanner but its “big and heavy” and takes time to scan hosts for all the vulnerabilities depending on the plugins available. Although, Nessus has the option to scan for a particular vulnerability, here I discuss a better and quicker way to do it.

A time came when the trustworthy MS08-067 NetApi Vulnerability became my favorite when hunting for vulnerable XP boxes during a penetration test. It is reliable and always gave me root access on compromised machine without crashing it. So I started looking for a way to quickly scan test networks for a computer with MS08-067 vulnerability before I moved onto others.

I discovered that it can be done using the Nmap scripting engine.

nmap -oA 192168-filename -sS -p445 --script smb-check-vulns.nse --script-args=unsafe=1

Be careful using the ‘unsafe’ option as it is likely to crash the victim machine. After completion of the scan, I found a system vulnerable. Note that the script also tests for the presence of the Conficker worm infection.

After discovering the vulnerability, I penetrated the system and planted the classic Netcat backdoor on it and then hid the backdoor using Aphex rootkit.

Pranshu Bajpai
Pranshu Bajpai
Principal Security Architect

Pranshu Bajpai, PhD, is a principle security architect..