Nmap NSE Category vulns Script：smb-double-pulsar-backdoor 檢查目標機器是否運行Double Pulsar SMB後門

• 指令類型：hostrule

• 類別：vuln, safe, malware

• 下載：https://svn.nmap.org/nmap/scripts/smb-double-pulsar-backdoor.nse

Nmap Script摘要

檢查目標機器是否運行Double Pulsar SMB後門。

基於Countercept的Luke Jennings的python檢測腳本。https://github.com/countercept/doublepulsar-detection-script

另見：

smb-vuln-ms17-010.nse

Nmap Script參數

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

查看smbauth庫的文檔。

Nmap Script範例

nmap -p 445 <target> --script=smb-double-pulsar-backdoor

Nmap Script輸出

 smb-double-pulsar-backdoor:
|   VULNERABLE:
|   Double Pulsar SMB Backdoor
|     State: VULNERABLE
|     Risk factor: HIGH  CVSSv2: 10.0 (HIGH) (AV:N/AC:L/Au:N/C:C/I:C/A:C)
|       The Double Pulsar SMB backdoor was detected running on the remote machine.
|
|     Disclosure date: 2017-04-14
|     References:
|       https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/
|       https://github.com/countercept/doublepulsar-detection-script
|_      https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation

Nmap Script作者:

Andrew Orr

License: Same as Nmap--See https://nmap.org/book/man-legal.html

延伸閱讀

• 網路概念

• 技術文章

• 經驗分享

• 軟體介紹

• Nmap（持續更新Script中文翻譯）