Re: Fwd: help (Windows 2008 service probe)

[David Fifield <david () bamsoftware com>]

On Mon, Oct 11, 2010 at 05:28:29PM +0530, viswanath emani wrote:
> On Tue, Sep 21, 2010 at 4:08 AM, David Fifield <david () bamsoftware com>wrote:
> > On Mon, Sep 20, 2010 at 12:15:56PM +0530, viswanath emani wrote:
> > > Hello David,
> > >
> > > Thanks a lot for your reply. The problem is that there is no match
> > available
> > > for Windows 2008 X64 and all those machines are being identified as
> > Windows
> > > 2008. I will try to get the signature for Windows 2008 X64. Thanks a lot
> > for
> > > your help.
> >
> > Thanks, if you can provide a signature that's great. Be aware that it's
> > not always possible to make fine distinctions such as x86 and x86_64 in
> > version detection. If it works for you, you will probably get better
> > results using the smb-os-discovery script.
> >
> > nmap -F --script=smb-os-discovery <target>
>
> Sorry for replying late. I Just got access to 64-bit machines. I am
> attaching the scanned output of two different Windows 2008 x64 boxes. For
> security reasons i have changed the Ipaddress and mac details of the
> machines.

I'm afraid, based on this output, that it doesn't appear possible to
distinguish x86 from x86_64 using SMB in this case. It's not always
possible to make such fine distinctions remotely.

However you have some clues in other output:

> 1521/tcp  open  oracle-tns    Oracle TNS Listener 11.1.0.6.0 (for 64-bit Windows)
> 50000/tcp open  ibm-db2       IBM DB2 Database Server 9.07.2 (QDB2/NT64)
> | db2-info: DB2 Version: 9.07.2
> | Server Platform: QDB2/NT64

I hope this suits what you need.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/