MS17-010 Vulnerability - Scanning using NMAP on KALI Linux

MS17-010 is a severe SMB Server vulnerability affecting all Windows operating systems, which was made public in March 2017. It allows remote code execution on the victim computer and was exploited by WannaCry, Petya and Bad Rabbit Ransomware (and many other...)
For more information, check the Microsoft Security Bulletin MS17-010:
https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2017/ms17-010
https://support.microsoft.com/en-au/help/4013389/title

Nmap ("Network Mapper") is a free and open source license utility for network discovery and security auditing, which is installed by default on Kali Linux.
Check the NMAP website for more information:
https://nmap.org/
https://nmap.org/book/man.html

NMAP Scripting Engine (or NSE) allows users to write scripts for NMAP and share them.
NSE scripts can be used for network discovery, vulnerability detection, vulnerability exploitation, OS version detection, Backdoor detection and so on ...
For more information on NSE, check the links below:

In the video below we will use NMAP and a NSE script called "smb-vuln-ms17-010", in order to identify computers affected by the MS17-010 vulnerability.

List of commands used during this video:
nmap --script-updatedb
This command updates the NSE scripts.
locate *.nse
This command displays a full path-name list of NSE scripts (files having "nse" extension).
locate *vuln*.nse
This command displays a full path-name list of NSE scripts which contain the string "vuln" into the name. (These are scripts used for vulnerability detection)
nmap -v -p445 --script smb-vuln-ms17-010 <IP_Address or IP_Range>
This commands scans an IP address or an IP range of addresses on port 445 (SMB Server port), using the "smb-vuln-ms17-010" NSE script. The "-v" option increases the verbosity level.

Check also my other post on detecting the MS17-010 vulnerability by using Metasploit.


Comments

  1. This comment has been removed by the author.

    ReplyDelete
  2. This is an awesome post which gives almost perfect idea about web application scanners.

    FreeWebsiteVulnerabilityScanner

    ReplyDelete
  3. Hi dear,

    Thank you for this wonderful post. It is very informative and useful. I would like to share something here too.Access Scanning Document Services or ASDS converts paper files to PDF/OCR, TIFF or JPEG for backup and future viewing. ASDS provides document digitization services at cheap prices.


    document scanning near me


    ReplyDelete
  4. This post is really awesome. Genuinely i like this blog. It gives me more useful information. I hope you share lots of things with us .Cheap Linux VPS

    ReplyDelete
  5. Excellent post. I really enjoy reading and also appreciate your work.Bug Sweep Detection This concept is a good way to enhance knowledge. Keep sharing this kind of articles, Thank you.

    ReplyDelete
  6. A very useful blog, you have explained it well in this. Click to know more about this niche - professional document scanning services

    ReplyDelete

Post a Comment

Popular Posts

MS17-010 Vulnerability - Using EternalBlue exploit module in Metasploit

Generating shellcode - using msfvenom to generate a binary payload

MS17-010 Vulnerability - Scanning using Metasploit on KALI Linux