指令類型:portrule
下載:https://svn.nmap.org/nmap/scripts/http-vuln-cve2017-5689.nse
Nmap Script指令摘要
偵測具有英特爾主動管理技術的系統是否容易受到 INTEL-SA-00075 特權提升漏洞 (CVE2017-5689) 的影響。
此腳本通過嘗試執行帶有空白回應參數的摘要認證來確定目標是否易受攻擊。如果認證成功,則會收到 HTTP 200 回應。
參考資料:
Nmap Script指令參數
slaxml.debug請參閱 slaxml 函式庫的文檔。
http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline, http.truncated-ok, http.useragent請參閱 http 函式庫的文檔。
smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername請參閱 smbauth 函式庫的文檔。
vulns.short, vulns.showall請參閱 vulns 函式庫的文檔。
Nmap Script指令範例
nmap -p 16992 --script http-vuln-cve2017-5689 <target>Nmap Script指令輸出
PORT STATE SERVICE REASON
16992/tcp open amt-soap-http syn-ack
| http-vuln-cve2017-5689:
| VULNERABLE:
| Intel Active Management Technology INTEL-SA-00075 Authentication Bypass
| State: VULNERABLE
| IDs: CVE:CVE-2017-5689 BID:98269
| Risk factor: High CVSSv2: 10.0 (HIGH) (AV:N/AC:L/AU:N/C:C/I:C/A:C)
| Intel Active Management Technology is vulnerable to an authentication bypass that
| can be exploited by performing digest authentication and sending a blank response
| digest parameter.
|
| Disclosure date: 2017-05-01
| References:
| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5689
| https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
| http://www.securityfocus.com/bid/98269
| https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf
| https://www.embedi.com/news/what-you-need-know-about-intel-amt-vulnerability
|_ https://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
RequiresNmap Script作者:
Andrew Orr
License: Same as Nmap--See https://nmap.org/book/man-legal.html
