Nmap Development mailing list archives
Re: match lines and serialnumberd probe
From: David Fifield <david () bamsoftware com>
Date: Mon, 24 May 2010 13:28:57 -0600
On Sun, May 23, 2010 at 07:56:19PM +0200, Patrik Karlsson wrote:
On 18 maj 2010, at 17.10, David Fifield wrote:Probe UDP serialnumberd q|\x53\x4e\x51\x55\x45\x52\x59\x3a \x31\x32\x37\x2e\x30\x2e\x30\x2e\x31\x3a\x57\x38\x58\x4c\x63\x50\x3a\x78\x73\x76\x72| rarity 8 ports 626 That looked mysterious until I saw it was all ASCII; it's the same as Probe UDP serialnumberd q|SNQUERY: 127.0.0.1:W8XLcP:xsvr| So the only part that looks strange is the W8XLcP: that might be your own serial number or something. I can't test this because I don't have OS X Server. So I want to add this probe, and maybe add it as a UDP payload, once we can determine if that field varies and how. Perhaps we can replace it with a dummy value like AAAAAA.I've replaced the probe with the following, and it still works: q|SNQUERY: 127.0.0.1:AAAAAA:xsvr| I'm sending you the complete response off-list just in case.
Okay, thanks. I added the probe, and had it print out the (rather long) numbers that are in the response. My hope is that by displaying them, someone will be inspired to find out what they all mean. I like to make the first match line as specific as possible, so that any deviations (that might disclose version differences) will be reported as new fingerprints. I also made a UDP payload from the probe. I'd appreciate if you would test nmap -sV -p 626 -sU <target> nmap -sn -PU636 <target> David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- match lines and serialnumberd probe Patrik Karlsson (May 09)
- Re: match lines and serialnumberd probe David Fifield (May 18)
- Re: match lines and serialnumberd probe Patrik Karlsson (May 23)
- Re: match lines and serialnumberd probe David Fifield (May 24)
- Re: match lines and serialnumberd probe Patrik Karlsson (May 24)
- Re: match lines and serialnumberd probe Samuel Benson (May 24)
- Re: match lines and serialnumberd probe David Fifield (May 25)
- Re: match lines and serialnumberd probe Samuel Benson (May 25)
- Re: match lines and serialnumberd probe Patrik Karlsson (May 25)
- Re: match lines and serialnumberd probe Patrik Karlsson (May 23)
- Re: match lines and serialnumberd probe David Fifield (May 18)