Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: smb-system-info.nse request

From: Ron <ron () skullsecurity net>
Date: Tue, 2 Feb 2010 21:24:14 -0600
Sure thing, that's an easy change to make. It'll have to wait till next week, though, I'm sort of not around this week. 

On Tue, 2 Feb 2010 14:56:10 -0800 rilian4 rilian4 <rilian4 () gmail com> wrote:


I thought of something that might be useful to add into smb-system-info.nse.
I have a recent need to be able to scan my network and determine which PCs
on my network are running which versions of MS-Office...particularly
Ms-Office 2003 as I am trying to update everyone to Office 2007 and I run a
large enough network that it is not feasible to go around and check by hand
on each machine.

There is a registry key that belongs to MS-Office 2003:
{90110409-6000-11D3-8CFE-0150048383C9}
It is found in various spots but always in
HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\
This location stores information on programs for the windows add-remove
programs tool, at least in Windows XP.

The detection of this key at all signals some version of office 2003 is
installed and it has a data value called DisplayName that contains the full
string of the version of Office 2003.

I have determined that this key(The long string in curly braces) does not
exist on machines running office 2007 that have a regular install and not an
upgraded 2003 install. I have not yet determined if the key gets wiped if
you upgrade from 2003 to 2007.

Anyway, with enough information to go on, I think a "MS-Office version
detector" would be a handy addition to smb-system-info.nse or I suppose it
could be separated into its own script. smb-msoffice-info.nse or something
like that.

Anyway, just throwing this out there as the script said suggestions were
welcome.
Aaron
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/



-- 
Ron Bowes
http://www.skullsecurity.org
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: