Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Precise OS detection of Windows over port 445?

From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 3 Jun 2010 16:12:58 +0000
Thanks guys.

Nice to know the detection is high precise.

But, the actual scripts are unable to tell me the lang of the target.
HD post on metasploit mail-list that it is done on metasploit using
the printer driver technique published by Immunity to detect the
service pack lang.

Would be nice add it to smb-os-discovery script, and in special, give
a option to add a credential for systems that do not allow null
session.

what do you think?

On Thu, Jun 3, 2010 at 2:58 PM, Ron <ron () skullsecurity net> wrote:

On Thu, 3 Jun 2010 08:39:35 -0600 David Fifield <david () bamsoftware com>
wrote:

Try adding "-O --script=smb-os-discovery" to your command line. When
conditions are good, the OS detection is very accurate, but it might
be overly specific. smb-os-discovery will always be correct unless the
remote system is actively lying.

You can also try a UDP scan to port 161 with the snmp-win32-* scripts.

David Fifield

smb-os-discovery reads the information directly from Windows, it isn't a guess, so it should be 100% accurate.

But, not all versions of Windows will advertise details like service pack, so you might not be able to narrow it down 
enough. Metasploit has some way of detecting the service pack that Nmap doesn't -- I've been meaning to look into 
that for awhile.

--
Ron Bowes
http://www.skullsecurity.org
http://www.twitter.com/iagox86

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: