Mayo 17

Use NMAP to Scan network for WCRY or WannaCry Ransomware vulnerability

  1. If you havent already got it, download and install NMAP from https://nmap.org/
  2. Download the script from https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse
  3. Save it to Nmap NSE script directory
    1. Windows location is C:\Program Files (x86)\Nmap\scripts
    2. Linux – /usr/share/nmap/scripts/ or /usr/local/share/nmap/scripts/
    3. OSX – /opt/local/share/nmap/scripts/
  4. Test the script on a known vulnerable device such as 202.157.185.31 or 64.17.101.90
    1. nmap -sC -p 445 -max-hostgroup 3 -open -script smb-vuln-ms17-010.nse 64.17.101.90
  5. Run against your enviroment

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-15 10:30 South Africa Standard Time
Nmap scan report for ns.bvtsvc.com (64.17.101.90)
Host is up (0.22s latency).
PORT STATE SERVICE
445/tcp open microsoft-ds

Host script results:
| smb-vuln-ms17-010:
| VULNERABLE:
| Remote Code Execution vulnerability in Microsoft SMBv1 servers (ms17-010)
| State: VULNERABLE
| IDs: CVE:CVE-2017-0143
| Risk factor: HIGH
| A critical remote code execution vulnerability exists in Microsoft SMBv1
| servers (ms17-010).
|
| Disclosure date: 2017-03-14
| References:
| https://technet.microsoft.com/en-us/library/security/ms17-010.aspx
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0143
|_ https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Nmap done: 1 IP address (1 host up) scanned in 4.63 seconds




Posted Mayo 17, 2017 by admin in category "TIPS AND TRICKS