http://blogs.zdnet.com/security/?p=3043&tag=nl.e589
I followed these steps successfully on two machines, a Windows XP SP3 workstation and Windows 2003 SP2 server, and scanned three subnets in a few minutes.
Overview of steps:
- download and install ActiveState Win32 Python
- download python Crypto module
- download and install python Impacket module
- download, extract and run scs.py
create a working directory for downloads and builds. I used
c:\Download\ConfickerTools
ActiveState python
- download the .msi into the working directory
python Crypto module
http://www.voidspace.org.uk/downloads/pycrypto-2.0.1.win32-py2.6.exe
- run the executable. it should find the Python26 installation and install there
python Impacket module
- download into the working directory
http://oss.coresecurity.com/repo/Impacket-0.9.6.0.zip
- extract the .zip file, preserving the directory structure
- open a command prompt
- change into the extracted directory,
e.g., cd C:\Download\ConfickerTools\Impacket-0.9.6.0
- at the prompt enter
python setup.py install
python will build the module and install it into its library directory
simple conficker scanner (scs)
download from Bonn university, Germany, into the working directory
http://iv.cs.uni-bonn.de/uploads/media/scs.zip
extract
run the tool using the start and end addresses on your LAN, and redirect the output to a text file
e.g.
scs.py 192.168.1.1 192.168.1.254 > scs-out_192-168-1-0.txt
examine the output file for any infected machines
No comments:
Post a Comment