Full Version: Lsass Scanners
Anyone know of anyother scanner besides DSSCan. DSSan fucsk up and closes on my win2k3 box. Anyone know how it determines if its vulnerable or not? Does it just do a netbios port scan?
Well u can use scan1000 or scan500 for port 445 but it wont tell u if its vuln, this is wat i do,
I scan using scan1000 for port 445 , watever results i get i save to .txt file ips only, then i open DSScan and browse to the file and scan those ips i got and it will tell me if they are vuln or not, i dont know if im losing results like this or not but its workin well. Good luck
I scan using scan1000 for port 445 , watever results i get i save to .txt file ips only, then i open DSScan and browse to the file and scan those ips i got and it will tell me if they are vuln or not, i dont know if im losing results like this or not but its workin well. Good luck
i had the same problem. also on a 2k3 box.. really weird
ive tried putting in vulnerable ips into that scanner but it says its not vul..weird
I scan for 139 not 445 and I get plenty of results 
| QUOTE (Ash @ May 16 2004, 04:52 PM) |
| ive tried putting in vulnerable ips into that scanner but it says its not vul..weird |
could mean that your ISP is blocking those ports.
i have the same problem with DSSCan... not THAT MUCH vulnerable ips... anyone knows what the problem is? or not?
| QUOTE (F34R @ May 16 2004, 04:54 PM) |
| I scan for 139 not 445 and I get plenty of results |
i think u scan more ip's then u need
becuse the exploit is connect to port 445 and not to 139
| QUOTE (Qlimax @ May 16 2004, 09:09 PM) | ||
i think u scan more ip's then u need becuse the exploit is connect to port 445 and not to 139 |
it's also what DSSCan does
I think nessus is the best scanner for this. the founstone tool gives too many false negatives.
Yes, DSScan often fails! Our server was "NOT VULNERABLE" in DSScan but hackable *gg*! Scann for Port 445, this is the best way i think!!
I have much results!!
Greets
I have much results!!
Greets
I think there is also an scanner from eEye wich scans for this vulnerablility...
| QUOTE (Mux99 @ May 17 2004, 10:15 AM) |
| I think there is also an scanner from eEye wich scans for this vulnerablility... |
ive just had alook on there site i could see the sasser scanning tool but not lsass one..
i did scan lsass with scan100, scan500 and scan1000 but the amount of hackable results was so poor. So now im hacking sasser, since it is better imo.
Hmm i don't get any results, i think my isp is blocking that port 
, is there maybe anyway to find out ??
, is there maybe anyway to find out ??
Perhaps now nearly ervery server was patched or hit by the worm.Perhaps you scan 64.*.*.*?there i got most results.
Mates...
Do a Dsscan...
and look at your firewall/network statistics and see whats happening..
Its scans for port 445 AND for port 139..
So a system with these two ports open is vurnerable.. (most likely to be vulnerable...I agreed with Tonikqin)
Greetz to all
Do a Dsscan...
and look at your firewall/network statistics and see whats happening..
Its scans for port 445 AND for port 139..
So a system with these two ports open is vurnerable.. (most likely to be vulnerable...I agreed with Tonikqin)
Greetz to all
just because the ports are open does not in any way mean it's vulnerable.
| QUOTE (tonikgin @ May 18 2004, 12:04 AM) |
| just because the ports are open does not in any way mean it's vulnerable. |
i think hes right cuzz i think what he means is that DSScan scans for 445 and 139 [we are not talking about the exploit] when 2 ports are open, DSScan reports it as vulnerable.... am i right?
Grtz,
JaCky
| QUOTE (Jack28 @ May 18 2004, 08:46 AM) | ||
i think hes right cuzz i think what he means is that DSScan scans for 445 and 139 [we are not talking about the exploit] when 2 ports are open, DSScan reports it as vulnerable.... am i right? Grtz, JaCky |
i don't think so
i get some open port and stuff but it doesn;t work to exploit them, i think after sasser this explit is a bit dead
Sasser exploit is still alive. It seems to be getting patched quickly... Oh well lol, anyway, does anyone know where to get a RPC3 plugin for X-Scan? this would be much easier if i could scan cmd line or something to that extent. That and i have been having troubles with the XPHack for sasser worm. I have a XPHack.exe but it doesnt seem to work properly... Any insite on that as well..
EXPLOiT
lol, anyway, does anyone know where to get a RPC3 plugin for X-Scan? this would be much easier if i could scan cmd line or something to that extent. That and i have been having troubles with the XPHack for sasser worm. I have a XPHack.exe but it doesnt seem to work properly... Any insite on that as well..EXPLOiT
| QUOTE |
Posts: 67 Member No.: 22631 Joined: 17-February 04 QUOTE (F34R @ May 16 2004, 04:54 PM) I scan for 139 not 445 and I get plenty of results i think u scan more ip's then u need becuse the exploit is connect to port 445 and not to 139 |
not so, at least not for the 1st exploit (not the universal 1) it makes a nullsession port doesn't matter. so for the exploit and the scanner to work u have to be able to make a nullsession otherwize u'll get nuthing with ur scanner .. that said there's not much left anyway the worm killed it :| as for how exactly the scanner comes up with vulnerable or not i have no idea .. it sends some netbios querries but no idea what :| would like to know tho
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
