Hi folks, the dcetest.nasl shows the following (among others) and nmap
output follows below. I'm still getting a negative on 20008..
Furthermore with credentials, 20004 is positive.. I would be happy to
participate in getting to the bottom of this. Apologies if I'm a windows
idiot... :)
Object UUID : 65135beb-2008-468b-bc4e-5d6bb3d942cd
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
Object UUID : 7107c6dc-92b7-4e93-b9a9-8c4b64ba4ef1
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
Object UUID : 42e152dc-956c-49b6-a9d4-da2dad0bd609
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
Object UUID : 32e93193-a8d9-4e1a-b680-f49e00c24bb0
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
nmap shows:
# nmap -sV -T5 -p1- -O x.x.x.x
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-25 10:02
PDT
Interesting ports on lamb
(The 65518 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
80/tcp open http Microsoft IIS webserver 5.0
135/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1030/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
1031/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
1433/tcp open ms-sql-s?
1801/tcp open unknown
2103/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
2105/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
2107/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
8254/tcp open http Microsoft IIS webserver 5.0
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP
OS details: Microsoft Windows Millennium Edition (Me), Windows 2000
Professional or Advanced Server, or Windows XP
Service Info: OS: Windows
Nmap finished: 1 IP address (1 host up) scanned in 56.394 seconds
On Oct 18, 2005, at 3:31 PM, eliot wrote:
I have the latest plugin set (dcetest.nasl is dated 10/14/05)
and I ran 20008 on a unpatched SP4 W2K box and got nothing.
I was wondering if anyone else has gotten a positive result.
msdtc service is not activated by default. This service only runs if a sql
database is installed (MSDE, SQLSERVER) or if another service like Message
Queueing service is started.
You can start this service manually too if you want to test the plugin.
Regards,
Nicolas
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers
output follows below. I'm still getting a negative on 20008..
Furthermore with credentials, 20004 is positive.. I would be happy to
participate in getting to the bottom of this. Apologies if I'm a windows
idiot... :)
Object UUID : 65135beb-2008-468b-bc4e-5d6bb3d942cd
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
Object UUID : 7107c6dc-92b7-4e93-b9a9-8c4b64ba4ef1
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
Object UUID : 42e152dc-956c-49b6-a9d4-da2dad0bd609
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
Object UUID : 32e93193-a8d9-4e1a-b680-f49e00c24bb0
UUID : 906b0ce0-c70b-1067-b317-00dd010662da, version 1.0
Description : Distributed Transaction Coordinator
Windows process : msdtc.exe
Type : Local RPC service
Named pipe : LRPC000001ec.00000001
nmap shows:
# nmap -sV -T5 -p1- -O x.x.x.x
Starting nmap 3.93 ( http://www.insecure.org/nmap/ ) at 2005-10-25 10:02
PDT
Interesting ports on lamb
(The 65518 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
25/tcp open smtp Microsoft ESMTP 5.0.2195.6713
80/tcp open http Microsoft IIS webserver 5.0
135/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
139/tcp open netbios-ssn
443/tcp open https?
445/tcp open microsoft-ds Microsoft Windows 2000 microsoft-ds
1025/tcp open msrpc Microsoft Windows RPC
1026/tcp open msrpc Microsoft Windows RPC
1030/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
1031/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
1433/tcp open ms-sql-s?
1801/tcp open unknown
2103/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
2105/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
2107/tcp open mstask Microsoft mstask (task server -
c:\winnt\system32\Mstask.exe)
3372/tcp open msdtc Microsoft Distributed Transaction Coordinator
8254/tcp open http Microsoft IIS webserver 5.0
Device type: general purpose
Running: Microsoft Windows 95/98/ME|NT/2K/XP
OS details: Microsoft Windows Millennium Edition (Me), Windows 2000
Professional or Advanced Server, or Windows XP
Service Info: OS: Windows
Nmap finished: 1 IP address (1 host up) scanned in 56.394 seconds
On Oct 18, 2005, at 3:31 PM, eliot wrote:
I have the latest plugin set (dcetest.nasl is dated 10/14/05)
and I ran 20008 on a unpatched SP4 W2K box and got nothing.
I was wondering if anyone else has gotten a positive result.
msdtc service is not activated by default. This service only runs if a sql
database is installed (MSDE, SQLSERVER) or if another service like Message
Queueing service is started.
You can start this service manually too if you want to test the plugin.
Regards,
Nicolas
_______________________________________________
Plugins-writers mailing list
Plugins-writers@list.nessus.org
http://mail.nessus.org/mailman/listinfo/plugins-writers