Nmap Development mailing list archives
Re: [-SPAM-] NSE script for OS identification / clarification using Netbios/SMB
From: jah <jah () zadkiel plus com>
Date: Wed, 28 Nov 2007 20:04:58 +0000
Cool! Helped me to discover that one of my XP machines had "File and Printer sharing..." unchecked. Matthew Watchinski wrote:
Sounds like NSE is being used by a number of people so the Sourcefire VRT thought we should contributed some of the NSE scripts we've been working on. The attached script written by Judy Novak, utilizes Netbios requests and SMB AndX responses to help determine the OS and clarify the OS running on a host that has Netbios and SMB running. This can be helpful if OS identification returns multiple possible fingerprints for a given windows system. Hopefully people find it useful. Cheers, -matt ----------------------------------------------------------------------- -- This script probes a target for its operating system version sending -- traffic via UDP port 137 and TCP port 139/445. First, we need to -- elicit the NetBIOS share name associated with a workstation share. -- Once we have that, we need to encode the name into the "mangled" -- equivalent and send TCP 139/445 traffic to connect to the host and -- in an attempt to elicit the OS version name from an SMB Setup AndX -- response. -- -- Thanks to Michail Prokopyev and xSharez Scanner for required -- traffic to generate for OS version detection. -- -- Command line to run this script like following: -- -- sudo nmap -sU -sS --script osversion.nse -p U:137,T:139 10.4.12.224 ----------------------------------------------------------------------- -- This email has been verified as Virus free Virus Protection and more available at http://www.plus.net ------------------------------------------------------------------------ _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NSE script for OS identification / clarification using Netbios/SMB Matthew Watchinski (Nov 28)
- Re: [-SPAM-] NSE script for OS identification / clarification using Netbios/SMB jah (Nov 28)
- Re: NSE script for OS identification / clarification using Netbios/SMB Fyodor (Nov 28)
- Re: NSE script for OS identification / clarification using Netbios/SMB Brandon Enright (Nov 28)
- Re: NSE script for OS identification / clarification using Netbios/SMB Fyodor (Nov 29)
- Re: NSE script for OS identification / clarification using Netbios/SMB Brandon Enright (Nov 29)
- Re: NSE script for OS identification / clarification using Netbios/SMB Fyodor (Dec 04)
- Re: NSE script for OS identification / clarification using Netbios/SMB Brandon Enright (Nov 28)