Shulou(Shulou.com)06/01 Report--

1 Introduction

In response to the recent global "Eternal Blue" ransomware worm, in order to effectively prevent virus infection and minimize losses after virus infection, all units have adopted relevant emergency response measures, but there is no way to verify whether the treatment measures are effective. Fortunately, Paulino Calderon provides the nmap detection script for ms17 -010 at https://github.com/.

2 Upgrade or install the latest version of nmap

Go to the official website to download the latest version of nmap for installation. Download: https://nmap. org/dist/nmap-7.40-setup.exe.

Notes:

Nmap7.13 and above, using Npcap instead of WinPcap, due to compatibility issues, some computers will not be able to access the Internet after installing nmap7.40.

The solution is:

First download nmap7.12 from nmap official website, download address: https://nmap. org/dist/nmap-7.12-setup.exe.

Then install nmap7.40. When installing nmap7.40, cancel the installation of Npcap, as shown in the following figure:

The problem of not being able to access the Internet can be solved.

3 Install ms17-010 Script

At present, Nmap official website does not provide ms17-010 detection script. Download ms17 -010 script from https://github.com/: smb-vuln-ms17 -010.nse, download address: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/smb-vuln-ms17-010.nse

Then, copy the smb-vuln-ms17 -010.nse file to the/scripts/directory under the nmap installation directory. As shown in the figure:

4 Methods of use

The smb-vuln-ms17 -010.nse script is invoked using the nmap --script parameter to detect the ms17 -010 vulnerability.

Usage: nmap --script smb-vuln-ms17-010 Target IP. An example is shown in the figure below:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.