| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <002801c36340$f9dbe360$0100a8c0@dragon>
From: mail at carstenkiess.de (Carsten Kiess)
Subject: Microsoft Scanning Tool, Parameterhandling
Hello,
anyone already used the Scanning Tool from MS? ( http://www.microsoft.com/downloads/details.aspx?FamilyID=c8f04c6c-b71b-4992-91f1-aaa785e709da&DisplayLang=en ) a) The download has the same name as the patch, minor but may be irritating and b) it seems to reverse the input parameters (see below) and c) can maybe somebody explain why it scans an IP-Range which is not in the specified bounds in either case? Specification is:
Targets can take any of the following forms:
a.b.c.d - IP address
a.b.c.d-i.j.k.l - IP address range
a.b.c.d/mask - IP address with CIDR mask
host - unqualified hostname
host.domain.com - fully-qualified domain name
localhost - check local machine
What it actually does is:
C:\Programme\KB823980Scan>kb823980scan 213.196.135.1-213.169.135.2 <=== Input Parms 1
Microsoft (R) KB823980 Scanner Version 1.00.0002 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
<+> Starting scan (timeout = 5000 ms)
Checking 213.169.135.2 - 213.196.135.1 <=== That's what it takes for scanning ....
213.169.135.42: connection to tcp/135 refused <=== These are the results for try 1
213.169.135.87: connection to tcp/135 refused
213.169.135.84: connection to tcp/135 refused
213.169.135.81: connection to tcp/135 refused
213.169.135.85: connection to tcp/135 refused
213.169.135.82: connection to tcp/135 refused
213.169.135.86: connection to tcp/135 refused
^C
C:\Programme\KB823980Scan>kb823980scan 213.196.135.2-213.169.135.1 <=== Input Parms 1
Microsoft (R) KB823980 Scanner Version 1.00.0002 for 80x86
Copyright (c) Microsoft Corporation 2003. All rights reserved.
<+> Starting scan (timeout = 5000 ms)
Checking 213.169.135.1 - 213.196.135.2 <=== That's what it takes for scanning ....
213.169.135.42: connection to tcp/135 refused <=== These are the results for try 1
213.169.135.85: connection to tcp/135 refused
213.169.135.82: connection to tcp/135 refused
213.169.135.86: connection to tcp/135 refused
213.169.135.87: connection to tcp/135 refused
213.169.135.84: connection to tcp/135 refused
213.169.135.81: connection to tcp/135 refused
^C
C:\Programme\KB823980Scan>
and d) a log-file did not show up in the current directory as documented (not on the html-page supplied but as pgm-help when calling w/o parms), but maybe it must be explicitly requested ...
Did I get something wrong? Nervous, tense, tired? <g> And last:
"Targets can be specified on the command line & in user-specified input files.
...
kb823980scan will create a list of vulnerable systems (unpatched as well
as those with KB823980 installed) in the current working directory. This file
should be fed as input to the autopatching script that you write. This file
will be named "Vulnerable.txt" by default. Its name can be changed with the
/o switch."
Hm. Could be used the other way round ... Has anybody ever heard of "speeding up" a worm? Somebody who could be interested to "sideattack" a specific site?
Carsten
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030815/c8378314/attachment.html
Powered by blists - more mailing lists