Nmap Development mailing list archives
Nmap Fingerprint Submitter - Broken?
From: "Rob Nicholls" <robert () everythingeverything co uk>
Date: Sat, 15 Dec 2007 18:39:57 -0000
I just tried out the Nmap Fingerprint Submitter, but it keeps telling me "Fingerprint doesn't look good! Please check that it pasted OK." I did a quick test and 4.21ALPHA4 (from a different box, but against a similar system) gives me a fingerprint that looks like: OS:SCAN(V=4.21ALPHA4%D=12/15%OT=3389%CT=%CU=%PV=Y%DS=1%G=N%M=001B77%TM=4764 OS:1B6E%P=i686-pc-windows-windows)T1(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=) OS:T2(Resp=N)T3(Resp=N)T4(Resp=N)T5(Resp=N)T6(Resp=N)T7(Resp=N)PU(Resp=N) Which it accepts, but later versions say: 4.23RC3 (SVN 6369): SCAN(V=4.23RC3%D=12/15%OT=135%CT=%CU=%PV=Y%DS=1%G=N%M=00138F%TM=47641BA0%P=i 686- pc-windows-windows) SEQ(SP=104%GCD=1%ISR=106%TI=I%II=I%SS=S%TS=7) OPS(O1=M5B4ST11%O2=M5B4ST11%O3=M5B4NNT11%O4=M5B4ST11%O5=M5B4ST11%O6=M5B4ST11 ) WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) ECN(R=Y%DF=Y%TG=80%W=2000%O=M5B4NNS%CC=N%Q=) T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=) T1(R=Y%DF=Y%TG=80%S=O%A=O%F=AS%RD=0%Q=) T2(R=N) T3(R=N) T4(R=N) U1(R=N) IE(R=Y%DFI=N%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) 4.50: SCAN(V=4.50%D=12/15%OT=135%CT=%CU=%PV=Y%DS=1%G=N%M=00138F%TM=47641D68%P=i686 -pc- windows-windows) SEQ(SP=103%GCD=1%ISR=10E%TI=I%II=I%SS=S%TS=7) OPS(O1=M5B4ST11%O2=M5B4ST11%O3=M5B4NNT11%O4=M5B4ST11%O5=M5B4ST11%O6=M5B4ST11 ) WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) ECN(R=Y%DF=Y%TG=80%W=2000%O=M5B4NNS%CC=N%Q=) T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=) T1(R=Y%DF=Y%TG=80%S=O%A=O%F=AS%RD=0%Q=) T2(R=N) T3(R=N) T4(R=N) U1(R=N) IE(R=Y%DFI=N%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) I think the JavaScript is looking specifically for the prefix "OS:" at the start of every line, which appears to have changed in recent versions of nmap. We also appear to space out the TX lines (although I don't know if that's a problem or not?), putting OS: before all of these lines seems to keep the online submitter happy. It seems to think that the following looks valid ("Fingerprint looks good!") although I haven't tried submitting it: OS:SCAN(V=4.50%D=12/15%OT=135%CT=%CU=%PV=Y%DS=1%G=N%M=00138F%TM=47641D99%P=i 686-pc- OS:windows-windows) OS:SEQ(SP=102%GCD=1%ISR=105%TI=I%II=I%SS=S%TS=7) OS:OPS(O1=M5B4ST11%O2=M5B4ST11%O3=M5B4NNT11%O4=M5B4ST11%O5=M5B4ST11%O6=M5B4S T11) OS:WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) OS:ECN(R=Y%DF=Y%TG=80%W=2000%O=M5B4NNS%CC=N%Q=) OS:T1(R=Y%DF=Y%TG=80%S=O%A=S+%F=AS%RD=0%Q=) OS:T1(R=Y%DF=Y%TG=80%S=O%A=O%F=AS%RD=0%Q=) OS:T2(R=N) OS:T3(R=N) OS:T4(R=N) OS:U1(R=N) OS:IE(R=Y%DFI=N%TG=80%TOSI=Z%CD=Z%SI=S%DLI=S) Has the online submitter been broken ever since we ditched support for the first-generation OS detection? :-S Rob _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Vista Pro reported as Vista Home fabrice boissat (Dec 14)
- Re: Vista Pro reported as Vista Home David Fifield (Dec 14)
- Nmap Fingerprint Submitter - Broken? Rob Nicholls (Dec 15)
- Re: Nmap Fingerprint Submitter - Broken? David Fifield (Dec 15)
- RE: Nmap Fingerprint Submitter - Broken? Rob Nicholls (Dec 15)
- Re: Nmap Fingerprint Submitter - Broken? Fyodor (Dec 20)
- Nmap Fingerprint Submitter - Broken? Rob Nicholls (Dec 15)
- Re: Vista Pro reported as Vista Home David Fifield (Dec 14)