NSE:clock-skew (EXAMPLE)

Clock skew is an interesting thing to discover during a scan.  However it also can be a bit confusing

Nmap.org describes the vuln hunting process as such.

"At the end of the scan, it will show groups of systems that have similar median clock skew among their services. This can be used to identify targets with similar configurations, such as those that share a common time server."

The primary purpose of the scan is to potentially identify additional targets.

How does this scan help?

Because checking services that report timestamps can reveal additional targets that may have similar configurations. 

If you are able to exploit a target and another machine has similar configurations then your exploit may be able to be recycled for lateral movement, eventually allowing for an opportunity to escalate.

In the screen shot below we receive output on clock skew after running a general script scan on the target.

#nmap -sV -sC <IP>



Popular Posts