EXPLOiTED
May 16 2004, 02:33 PM
Anyone know of anyother scanner besides DSSCan. DSSan fucsk up and closes on my win2k3 box. Anyone know how it determines if its vulnerable or not? Does it just do a netbios port scan?
iLLuSioN
May 16 2004, 03:17 PM
Well u can use scan1000 or scan500 for port 445 but it wont tell u if its vuln, this is wat i do,
I scan using scan1000 for port 445 , watever results i get i save to .txt file ips only, then i open DSScan and browse to the file and scan those ips i got and it will tell me if they are vuln or not, i dont know if im losing results like this or not but its workin well. Good luck
Alexander01
May 16 2004, 03:23 PM
i had the same problem. also on a 2k3 box.. really weird
Ash
May 16 2004, 04:52 PM
ive tried putting in vulnerable ips into that scanner but it says its not vul..weird
F34R
May 16 2004, 04:54 PM
I scan for 139 not 445 and I get plenty of results
Erra
May 16 2004, 08:24 PM
| QUOTE (Ash @ May 16 2004, 04:52 PM) |
| ive tried putting in vulnerable ips into that scanner but it says its not vul..weird |
could mean that your ISP is blocking those ports.
Jack28
May 16 2004, 08:38 PM
i have the same problem with DSSCan... not THAT MUCH vulnerable ips... anyone knows what the problem is? or not?
Qlimax
May 16 2004, 09:09 PM
| QUOTE (F34R @ May 16 2004, 04:54 PM) |
| I scan for 139 not 445 and I get plenty of results |
i think u scan more ip's then u need
becuse the exploit is connect to port 445 and not to 139
Jack28
May 16 2004, 09:55 PM
| QUOTE (Qlimax @ May 16 2004, 09:09 PM) |
| QUOTE (F34R @ May 16 2004, 04:54 PM) | | I scan for 139 not 445 and I get plenty of results |
i think u scan more ip's then u need
becuse the exploit is connect to port 445 and not to 139
|
it's also what DSSCan does
as0l0
May 17 2004, 12:07 AM
I think nessus is the best scanner for this. the founstone tool gives too many false negatives.
Eichel65
May 17 2004, 09:55 AM
Yes, DSScan often fails! Our server was "NOT VULNERABLE" in DSScan but hackable *gg*! Scann for Port 445, this is the best way i think!!
I have much results!!
Greets
Mux99
May 17 2004, 10:15 AM
I think there is also an scanner from eEye wich scans for this vulnerablility...
Ash
May 17 2004, 12:11 PM
| QUOTE (Mux99 @ May 17 2004, 10:15 AM) |
| I think there is also an scanner from eEye wich scans for this vulnerablility... |
ive just had alook on there site i could see the sasser scanning tool but not lsass one..
-NL-Rippertje
May 17 2004, 02:16 PM
i did scan lsass with scan100, scan500 and scan1000 but the amount of hackable results was so poor. So now im hacking sasser, since it is better imo.
rvd
May 17 2004, 08:23 PM
Hmm i don't get any results, i think my isp is blocking that port
, is there maybe anyway to find out ??
Masterace
May 17 2004, 08:38 PM
Perhaps now nearly ervery server was patched or hit by the worm.Perhaps you scan 64.*.*.*?there i got most results.
DMX2
May 18 2004, 12:00 AM
Mates...
Do a Dsscan...
and look at your firewall/network statistics and see whats happening..
Its scans for port 445 AND for port 139..
So a system with these two ports open is vurnerable.. (most likely to be vulnerable...I agreed with Tonikqin)
Greetz to all
tonikgin
May 18 2004, 12:04 AM
just because the ports are open does not in any way mean it's vulnerable.
Jack28
May 18 2004, 12:46 AM
| QUOTE (tonikgin @ May 18 2004, 12:04 AM) |
| just because the ports are open does not in any way mean it's vulnerable. |
i think hes right cuzz i think what he means is that DSScan scans for 445 and 139 [we are not talking about the exploit] when 2 ports are open, DSScan reports it as vulnerable.... am i right?
Grtz,
JaCky
as0l0
May 18 2004, 03:15 AM
| QUOTE (Jack28 @ May 18 2004, 08:46 AM) |
| QUOTE (tonikgin @ May 18 2004, 12:04 AM) | | just because the ports are open does not in any way mean it's vulnerable. |
i think hes right cuzz i think what he means is that DSScan scans for 445 and 139 [we are not talking about the exploit] when 2 ports are open, DSScan reports it as vulnerable.... am i right?
Grtz,
JaCky
|
i don't think so
l_Hacker_1987_l
May 18 2004, 10:34 AM
eEye Releases Free Retina Sasser Scanning Tool
hahaha
Retina Sasser Scanning Tool
rouge
May 18 2004, 10:40 AM
i get some open port and stuff but it doesn;t work to exploit them, i think after sasser this explit is a bit dead
EXPLOiTED
May 19 2004, 06:31 PM
Sasser exploit is still alive. It seems to be getting patched quickly... Oh well
lol, anyway, does anyone know where to get a RPC3 plugin for X-Scan? this would be much easier if i could scan cmd line or something to that extent. That and i have been having troubles with the XPHack for sasser worm. I have a XPHack.exe but it doesnt seem to work properly... Any insite on that as well..
EXPLOiT
123spawnie123
May 19 2004, 06:41 PM
| QUOTE |
Posts: 67
Member No.: 22631
Joined: 17-February 04
QUOTE (F34R @ May 16 2004, 04:54 PM)
I scan for 139 not 445 and I get plenty of results
i think u scan more ip's then u need
becuse the exploit is connect to port 445 and not to 139 |
not so, at least not for the 1st exploit (not the universal 1) it makes a nullsession port doesn't matter. so for the exploit and the scanner to work u have to be able to make a nullsession otherwize u'll get nuthing with ur scanner .. that said there's not much left anyway the worm killed it :| as for how exactly the scanner comes up with vulnerable or not i have no idea .. it sends some netbios querries but no idea what :| would like to know tho
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please
click here.
