Security Basics mailing list archives
Re: Win95 detection
From: H Carvey <keydet89 () yahoo com>
Date: 3 Dec 2004 19:07:30 -0000
In-Reply-To: <200412021549.iB2FnAhL005056 () mail-h12-03 cc ksu edu> Samuel,
Great suggestions all, however these hosts are NOT part of a domain, and they are not managed. I have to do it remotely without admin access to them.
How about null sessions? Here's my line of reasoning...I don't have Win95 system to test this on... You've got nmap telling you that these systems may be Win95/98/ME. So, use a Perl script to parse the nmap output (check CPAN for the module), and for each system, make a null session connection, and attempt to enumerate information from the machine, as you would w/ svrinfo.exe. In the past, I've used a similar method to connect to the C:\ drive on remote Win9x systems to which I did not have admin rights. From there, it was simply a matter of parsing something like the autoexec.bat file to get information. Again, I apologize for not being more specific, but I don't have a Win95 system to work with. However, something along these lines should meet your needs. H. Carvey "Windows Forensics and Incident Recovery" http://www.windows-ir.com
Current thread:
- RE: Win95 detection Trevor Cushen (Dec 01)
- RE: Win95 detection Samuel Petreski (Dec 01)
- Re: Win95 detection Travis Foley (Dec 02)
- Re: Win95 detection Micheal Espinola Jr (Dec 02)
- Re: Win95 detection Nathaniel Hall (Dec 02)
- <Possible follow-ups>
- RE: Win95 detection Jeff Gercken (Dec 02)
- RE: Win95 detection Samuel Petreski (Dec 02)
- RE: Win95 detection Jeff Gercken (Dec 03)
- Re: Win95 detection H Carvey (Dec 03)
- Re: Win95 detection q q (Dec 07)
- Re: Win95 detection miguel . dilaj (Dec 07)
- RE: Win95 detection Samuel Petreski (Dec 01)