■ Install
1. 다운/패키지설치(소스설치-비추천 : http://nmap.org/download.html)
2. nmap 사용 ( 콘피커 관련 설정 )
nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns,smb-os-discovery --script-args safe=1 10.1.1.10
* 맨끝에 10.1.1.10을 타겟이 될 Windows 관련IP로 변경하시면 됩니다.
■ 사용 예제
1-1. 콘피커 비감염시 - 간편모드(grep만 줫을뿐입니다)
[root@localhost /]# nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns 10.1.1.10 | grep Conficker
| Conficker: Likely CLEAN
| Conficker: Likely CLEAN
1-2. 콘피커 비감염시 - 관련 풀모드
[root@localhost /]# nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns 10.1.1.10
.................
Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely CLEAN
|_ regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
.................
Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely CLEAN
|_ regsvc DoS: CHECK DISABLED (add '--script-args=unsafe=1' to run)
2-1. 콘피커 감염시 - 간편모드(grep만 줫을뿐입니다)
[root@localhost /]# nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns 10.1.1.10 | grep Conficker
| Conficker: Likely INFECTED
| Conficker: Likely INFECTED
2-2. 콘피커 감염시 - 풀모드
[root@localhost /]# nmap -PN -T4 -p139,445 -n -v --script smb-check-vulns 10.1.1.10 | grep Conficker
.................
Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely INFECTED
|_ regsvc DoS: VULNERABLE
.................
Host script results:
| smb-check-vulns:
| MS08-067: FIXED
| Conficker: Likely INFECTED
|_ regsvc DoS: VULNERABLE
■ Reference
NMAP : http://nmap.org
NMAP 스크립트 : http://nmap.org/nsedoc/index.html
728x90
댓글