Nmap Development mailing list archives
Famatech RAdmin fingerprint probe and match set
From: Tom Sellers <nmap () fadedcode net>
Date: Tue, 08 Jan 2008 19:04:28 -0600
I have generated a Probe/Match combination for the RAdmin remote control software. Software: RAdmin Vendor: Famatech URL: www.radmin.com Description: Remote control software for MS Windows based hosts. Default Port: 4899 Configurable Port#: Yes The first four match lines below probably go into too much detail. I included them in the event that there was an interest in the data and that having it did not incur to much overhead. ########################################################## Probe TCP RAdmin q|\x01\x00\x00\x00\x01\x00\x00\x00\x08\x08| ports 4899 #Specific version and configuration matches match radmin m|^\x01\x00\x00\x00\x25\x09\x00\x01\x10\x08\x01\x00\x09\x08| p/RAdmin 2.x Remote Control Software/ o/Windows/ i/Using Windows Authentication/ match radmin m|^\x01\x00\x00\x00\x25\x0a\x00\x01\x10\x08\x01\x00\x0a\x08| p/RAdmin 2.x Remote Control Software/ o/Windows/ i/Using RAdmin Authentication/ match radmin m|^\x01\x00\x00\x00\x25\x00\x00\x02\x12\x08\x02\x00\x00\x0a| p/RAdmin 3.x Remote Control Software/ o/Windows/ i/Using RAdmin Authentication/ match radmin m|^\x01\x00\x00\x00\x25\x71\x00\x02\x12\x08\x02\x00\x71\x0a| p/RAdmin 3.x Remote Control Software/ o/Windows/ i/Using Windows Authentication/ #Generic Radmin 2.x and 3.x detection match radmin m|^\x01\x00\x00\x00\x25| p/RAdmin Remote Control Software/ o/Windows/ ########################################################## Thanks much, Tom Sellers _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Famatech RAdmin fingerprint probe and match set Tom Sellers (Jan 08)
- Re: Famatech RAdmin fingerprint probe and match set Fyodor (Jan 12)
- Re: Famatech RAdmin fingerprint probe and match set doug (Jan 13)
- Re: Famatech RAdmin fingerprint probe and match set Fyodor (Jan 12)