Full Disclosure mailing list archives
fingerprinting windows via 135/tcp
From: Jacek Lipkowski <sq5bpf () andra com pl>
Date: Mon, 25 Aug 2003 10:47:00 +0200 (CEST)
Hello, I've been looking for a way to fingerprint windows systems via 135/tcp. There are some differences in responses to invalid rpc request - it seems that different windows versions treat the Assoc group field differently. Usign this one can tell apart NT, 2000 and XP/2003. I've enclosed a simple library to check the windows version, and see if it is vulnerable to the DCOM/RPC exploit (code ripped from dcom_scanz.c by kid and farp of buildtheb0x.com). There is also a simple program to demonstrate the library, and a dcom/rpc exploit patched to autodetect the target operating system. Since i have no knowledge about dcom/rpc i wanted to ask if there is a simpler way to do it? Maybe some call that would just return the version directly? jacek
Attachment:
idwin.tar.gz
Description:
Current thread:
- fingerprinting windows via 135/tcp Jacek Lipkowski (Aug 25)