Nmap Development mailing list archives
Nmap Fingerprint Submitter - Broken?
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Sat, 15 Dec 2007 18:39:57 -0000
I just tried out the Nmap Fingerprint Submitter, but it keeps telling me
"Fingerprint doesn't look good! Please check that it pasted OK."
I did a quick test and 4.21ALPHA4 (from a different box, but against a
similar system) gives me a fingerprint that looks like:
OS:SCAN(V=4.21ALPHA4%D=12/15%OT=3389%CT=%CU=%PV=Y%DS=1%G=N%M=001B77%TM=4764
OS:1B6E%P=i686-pc-windows-windows)T1(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)
OS:T2(Resp=N)T3(Resp=N)T4(Resp=N)T5(Resp=N)T6(Resp=N)T7(Resp=N)PU(Resp=N)
Which it accepts, but later versions say:
4.23RC3 (SVN 6369):
SCAN(V=4.23RC3%D=12/15%OT=135%CT=%CU=%PV=Y%DS=1%G=N%M=00138F%TM=47641BA0%P=i
686-
pc-windows-windows)
SEQ(SP=104%GCD=1%ISR=106%TI=I%II=I%SS=S%TS=7)
OPS(O1=M5B4ST11%O2=M5B4ST11%O3=M5B4NNT11%O4=M5B4ST11%O5=M5B4ST11%O6=M5B4ST11
)
WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
ECN(R=Y%DF=Y%TG=80%W=2000%O=M5B4NNS%CC=N%Q=)
T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
T1(R=Y%DF=Y%TG=80%S=O%A=O%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
4.50:
SCAN(V=4.50%D=12/15%OT=135%CT=%CU=%PV=Y%DS=1%G=N%M=00138F%TM=47641D68%P=i686
-pc-
windows-windows)
SEQ(SP=103%GCD=1%ISR=10E%TI=I%II=I%SS=S%TS=7)
OPS(O1=M5B4ST11%O2=M5B4ST11%O3=M5B4NNT11%O4=M5B4ST11%O5=M5B4ST11%O6=M5B4ST11
)
WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
ECN(R=Y%DF=Y%TG=80%W=2000%O=M5B4NNS%CC=N%Q=)
T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
T1(R=Y%DF=Y%TG=80%S=O%A=O%F=AS%RD=0%Q=)
T2(R=N)
T3(R=N)
T4(R=N)
U1(R=N)
IE(R=Y%DFI=N%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
I think the JavaScript is looking specifically for the prefix "OS:" at the
start of every line, which appears to have changed in recent versions of
nmap. We also appear to space out the TX lines (although I don't know if
that's a problem or not?), putting OS: before all of these lines seems to
keep the online submitter happy. It seems to think that the following looks
valid ("Fingerprint looks good!") although I haven't tried submitting it:
OS:SCAN(V=4.50%D=12/15%OT=135%CT=%CU=%PV=Y%DS=1%G=N%M=00138F%TM=47641D99%P=i
686-pc-
OS:windows-windows)
OS:SEQ(SP=102%GCD=1%ISR=105%TI=I%II=I%SS=S%TS=7)
OS:OPS(O1=M5B4ST11%O2=M5B4ST11%O3=M5B4NNT11%O4=M5B4ST11%O5=M5B4ST11%O6=M5B4S
T11)
OS:WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
OS:ECN(R=Y%DF=Y%TG=80%W=2000%O=M5B4NNS%CC=N%Q=)
OS:T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
OS:T1(R=Y%DF=Y%TG=80%S=O%A=O%F=AS%RD=0%Q=)
OS:T2(R=N)
OS:T3(R=N)
OS:T4(R=N)
OS:U1(R=N)
OS:IE(R=Y%DFI=N%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S)
Has the online submitter been broken ever since we ditched support for the
first-generation OS detection? :-S
Rob
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Current thread:
- Vista Pro reported as Vista Home fabrice boissat (Dec 14)
- Re: Vista Pro reported as Vista Home David Fifield (Dec 14)
- Nmap Fingerprint Submitter - Broken? Rob Nicholls (Dec 15)
- Re: Nmap Fingerprint Submitter - Broken? David Fifield (Dec 15)
- RE: Nmap Fingerprint Submitter - Broken? Rob Nicholls (Dec 15)
- Re: Nmap Fingerprint Submitter - Broken? Fyodor (Dec 20)
- Nmap Fingerprint Submitter - Broken? Rob Nicholls (Dec 15)
- Re: Vista Pro reported as Vista Home David Fifield (Dec 14)