Windows Host Security: Network Security Hacks - Run the Verbose Switch
(Page 2 of 8 )
If you want more information on why a particular check failed, you can run the command with the -v (verbose) switch. Here are the results of the previous command, but this time with the verbose switch:
Scanning PLUNDER
.............................
Done scanning PLUNDER
----------------------------
PLUNDER(192.168.0.65)
----------------------------
* WINDOWS XP SP1
Note MS02-008 317244
Please refer to Q306460 for a detailed explanation.
Warning MS02-055 323255
File C:\WINDOWS\system32\hhctrl.ocx has a file
version [5.2.3735.0] greater than what is expected [5.2.3669.0].
Note MS03-008 814078
Please refer to Q306460 for a detailed explanation.
Note MS03-030 819696
Please refer to Q306460 for a detailed explanation.
Patch NOT Found MS03-041 823182
File C:\WINDOWS\system32\cryptui.dll has a file
version [5.131.2600.1106] that is less than what is expected
[5.131.2600.1243].
Patch NOT Found MS03-044 825119
File C:\WINDOWS\system32\itircl.dll has a file
version [5.2.3644.0] that is less than what is expected
[5.2.3790.80].
Patch NOT Found MS03-045 824141
File C:\WINDOWS\system32\user32.dll has a file
version [5.1.2600.1134] that is less than what is expected
[5.1.2600.1255].
Patch NOT Found MS03-049 828035
File C:\WINDOWS\system32\msgsvc.dll has a file
version [5.1.2600.0] that is less than what is expected
[5.1.2600.1309].
Note MS03-051 813360
Please refer to Q306460 for a detailed explanation.
* INTERNET EXPLORER 6 SP1
Patch NOT Found MS03-048 824145
The registry key **SOFTWARE\Microsoft\Internet Explorer\ActiveX
Compatibility\{69DEAF94-AF66-11D3-BEC0-00105AA9B6AE}** does not
exist. It is required for this patch to be considered installed.
* WINDOWS MEDIA PLAYER FOR WINDOWS XP SP1
Information
All necessary hotfixes have been applied.
After applying the listed updates, you should see something like this:
Scanning PLUNDER
.............................
Done scanning PLUNDER
----------------------------
PLUNDER(192.168.0.65)
----------------------------
* WINDOWS XP SP1
Information
All necessary hotfixes have been applied.
* INTERNET EXPLORER 6 SP1
Information
All necessary hotfixes have been applied.
* WINDOWS MEDIA PLAYER FOR WINDOWS XP SP1
Information
All necessary hotfixes have been applied.
When scanning the local system, Administrator privileges are needed. If you wish to scan a remote machine, you will need Administrator privileges on it. There are several ways to scan remote machines. To scan a single remote system, a NetBIOS name can be specified with the -h switch. Likewise, an IP address can be specified with the -iswitch.
For example, to scan the machine PLUNDER from another machine, either of these two commands can be used:
mbsacli /hf –h PLUNDER
mbsacli /hf –i 192.168.0.65
You can also scan a handful of additional systems by listing them on the command line with commas separating each NetBIOS name or IP address.
Note that, in addition to having Administrator privileges on the remote machine, you must also ensure that you have not disabled the default shares [Hack #27. If the default administrative shares have been disabled, then HFNetChk will not be able to check for the proper files on the remote system and, consequently, will not be able to determine whether an update was applied.
If you wish to scan a group of systems, there are several options for this as well. Using the -fh option, you can specify a file containing up to 256 Net-BIOS hostnames (one on each line) that will be scanned. You can do the same thing with IP addresses, using the -fip option. Ranges of IP addresses may also be specified by using the -r option.
For example, you could run a command like this to scan from 192.168.1.23 to 192.168.1.172:
mbsacli /hf –r 192.168.1.123 – 192.168.1.172
All of these options are very flexible, and you can use them in any combination to specify which remote systems will be scanned.
In addition to specifying remote systems by NetBIOS name and IP address, you can also scan systems by domain name by using the -d option, or you can scan your entire local network segment by using the -n command-line option.
When scanning systems from a personal workstation, the -u and -p options can prove useful. These allow you to specify a username and password to use when accessing the remote systems. These switches are particularly handy if you don’t normally log in using the Administrator account. The account that is specified with the -u option will of course need to have Administrator privileges on the remote machines being scanned.
Also, if you’re scanning a large number of systems, you might want to use the -t option. This allows you to specify the number of threads used by the scanner, and increasing this value generally will speed up scanning. Valid values are from 1 to 128; the default value is 64.
If you are scanning more than one machine, a huge amount of data will sim ply be dumped to the screen. Use the -f option to specify a file to store the results of the scan in, and view it at your leisure using a text editor.
HFNetChk is a very flexible tool and can be used to check the update status of a large number of machines in a very short amount of time. It is espe cially useful when a new worm has come onto the scene and you need to know if all of your systems are up-to-date on their patches.
See Also
 | If you've enjoyed what you've seen here, or to get more information, click on the "Buy the book!" graphic. Pick up a copy today!
Visit the O'Reilly Network http://www.oreillynet.com for more online content. |
Next: Hack 22: Get a List of Open Files and Their Owning Processes >>
More Windows Security Articles
More By O'Reilly Media
