![pen-test logo](/images/pen-test-logo.png)
Penetration Testing mailing list archives
Re: Identifying Windows O/S & SP
From: Jayson Anderson <sonick () sonick com>
Date: Wed, 24 Aug 2005 23:12:26 -0700
[current]nmap -sS -sV -P0 -O -pTARGETEDGUESS(s) -v -nTARGET where TARGETEDGUESS = 1 educated guess per run Fingerprinting (service packs in particular) may or may not be evolved enough for your needs. TARGETEDGUESS should be chosen as carefully as you would if you were expecting to loudly fully negotiate a connection; primary criteria being that where a banner providing adequate enumeration information is possible/expected is best case, open port next best. Both one open and one closed/filtered are needed for more specific fingerprinting; high ports are good for a stealth(ier) closed-port detection. I'm sure there are more specialized packages out there, though it should be known that there is NEVER a *guarantee* the remote IDS is not going to take notice. Half-close provides as good a chance as any. The degree of noisiness most likely grows right along with specificity per package...... Careful port target selection is paramount, detection should be expected in any case...any services providing a banner w/magic bullet identification in a fell swoop preferred... This is but one way to approach it.. Jayson On Wed, 2005-08-24 at 18:52 -0400, L3wD wrote:
I am looking for a method of correctly identifying Windows O/S Versions and Service Packs remotely. Here are my restrictions: - Performed Remotely (not in same broadcast domain) - No Admin Rights on Remote Box - No Username/Password on Remote Box - VERY Few Packets Generated (excluding TCP 3-way handshake) - Ability to **AVOID** IDS Detection My preferences are for something that is command line based, and can be run from a Linux platform. I'll take something GUI based or Windows based if that is all there is. Multiple tools are fine, as long as the number of packets generated are very low. I've taken a look at Winfingerprint 0.6.2 with only the Win32 OS Version option selected, but it generates 70+ packets which is too loud for my purposes.
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Identifying Windows O/S & SP L3wD (Aug 24)
- Re: Identifying Windows O/S & SP Jayson Anderson (Aug 26)
- Re: Identifying Windows O/S & SP Ivan . (Aug 26)
- Re: Identifying Windows O/S & SP Gustavo de Jesús Barrientos Guerrero (Aug 26)
- Re: Identifying Windows O/S & SP AdamT (Aug 26)
- <Possible follow-ups>
- Re: Identifying Windows O/S & SP ekamerling (Aug 26)
- Re: Identifying Windows O/S & SP Roger Dodger (Aug 26)