Nmap Development mailing list archives
Re: nmap-dev Digest, Vol 70, Issue 43
From: viswanath emani <viswanath.emani () gmail com>
Date: Thu, 20 Jan 2011 18:28:32 +0530
Thanks for the information Rob. On Thu, Jan 20, 2011 at 1:30 AM, <nmap-dev-request () insecure org> wrote:
Send nmap-dev mailing list submissions to nmap-dev () insecure org To subscribe or unsubscribe via the World Wide Web, visit http://cgi.insecure.org/mailman/listinfo/nmap-dev or, via email, send a message with subject or body 'help' to nmap-dev-request () insecure org You can reach the person managing the list at nmap-dev-owner () insecure org When replying, please edit your Subject line so it is more specific than "Re: Contents of nmap-dev digest..." Today's Topics: 1. Probe for Windows 2008 R2 (viswanath emani) 2. Re: Probe for Windows 2008 R2 (Rob Nicholls) 3. New VA Modules: OpenVAS: 2, Nessus: 9 (New VA Module Alert Service) 4. Re: Zenmap Crashing and CPU Utilisation hangs at 50% (David Fifield) ---------------------------------------------------------------------- Message: 1 Date: Wed, 19 Jan 2011 18:44:37 +0530 From: viswanath emani <viswanath.emani () gmail com> Subject: Probe for Windows 2008 R2 To: nmap-dev () insecure org, nmap-dev-owner () insecure org Message-ID: <AANLkTik8Lj+GRWNYRdWPqd7FRbhddxmQBk0n_HEO+D6O () mail gmail com<AANLkTik8Lj%2BGRWNYRdWPqd7FRbhddxmQBk0n_HEO%2BD6O () mail gmail com>Content-Type: text/plain; charset=ISO-8859-1 Hi, Could you please let me know if there is a match available to identify Windows 2008 R2. Regards, Viswanath. ------------------------------ Message: 2 Date: Wed, 19 Jan 2011 14:53:28 +0000 From: Rob Nicholls <robert () robnicholls co uk> Subject: Re: Probe for Windows 2008 R2 To: viswanath emani <viswanath.emani () gmail com> Cc: nmap-dev () insecure org Message-ID: <3d63e8c6902418ea890d93ccd6f63f41 () robnicholls co uk> Content-Type: text/plain; charset=UTF-8; format=flowed Hi, I can see two matches in the latest nmap-os-db file that are specific to 2008 R2: # Windows Server 2008 R2 Standard 7600 Fingerprint Microsoft Windows Server 2008 R2 Class Microsoft | Windows | 2008 | general purpose SEQ(SP=EC-10A%GCD=1-6%ISR=104-110%TI=I%TS=7) OPS(O1=M564NW8ST11%O2=M564NW8ST11%O3=M564NW8NNT11%O4=M564NW8ST11%O5=M564NW8ST11%O6=M564ST11) WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) ECN(R=Y%DF=Y%T=7B-85%TG=80%W=2000%O=M564NW8NNS%CC=N%Q=) T1(R=Y%DF=Y%T=7B-85%TG=80%S=O%A=S+%F=AS%RD=0%Q=) T2(R=N) T3(R=N) T4(R=N) T5(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=O%A=S+%F=AR%O=%RD=0%Q=) T6(R=N) T7(R=N) U1(DF=N%T=7B-85%TG=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(R=N) # Windows Server 2008 R2 Enterprise 7600 Fingerprint Microsoft Windows Server 2008 R2 Class Microsoft | Windows | 2008 | general purpose SEQ(SP=100-10A%GCD=1-6%ISR=106-110%TI=I%CI=I%II=I%SS=S%TS=7) OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11) WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000) ECN(R=N) T1(R=Y%DF=Y%T=7B-85%TG=80%S=O%A=S+%F=AS%RD=0%Q=) T2(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=) T3(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=) T4(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) T5(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) T6(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=) T7(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=) U1(DF=N%T=7B-85%TG=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G) IE(DFI=N%T=7B-85%TG=80%CD=Z) But because of the strong similarities in the network stack between Vista, 2008, 2008 R2 and Windows 7, it's not typically possible for Nmap to distinguish between 2008 R2 and the other Windows variants (Windows 7 x64 and 2008 R2 share the same codebase, so have an identical network stack): For example, a scan I've just completed of a 2008 R2 host has identified it as: Running: Microsoft Windows 2008|7|Vista OS details: Microsoft Windows Server 2008, Microsoft Windows 7 Professional, Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or Windows 7 The only way I could tell that this is running 2008 R2 would be to look at the services (e.g. SMB, DNS, IIS) to identify version numbers. For example, Nmap will identify a 2008 host as running Microsoft DNS 6.0.6002 and a 2008 R2 host as running Microsoft DNS 6.1.7600. Rob On Wed, 19 Jan 2011 18:44:37 +0530, viswanath emani wrote:Hi, Could you please let me know if there is a match available to identify Windows 2008 R2. Regards, Viswanath. _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/------------------------------ Message: 3 Date: Wed, 19 Jan 2011 10:00:42 -0800 (PST) From: New VA Module Alert Service <postmaster () insecure org> Subject: New VA Modules: OpenVAS: 2, Nessus: 9 To: nmap-dev () insecure org Message-ID: <20110119180042.54366B2047 () web insecure org> Content-Type: text/plain; charset="utf-8" This report describes any new scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus since yesterday. == OpenVAS plugins (2) == r10020 103034 gb_joostina_45732.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_joostina_45732.nasl?root=openvas&view=markup Joostina 'index.php' Cross Site Scripting Vulnerability r10020 103033 gb_ccms_45819.nasl http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ccms_45819.nasl?root=openvas&view=markup CompactCMS Multiple Cross Site Scripting Vulnerabilities == Nessus plugins (9) == 51572 ubuntu_USN-1044-1.nasl http://nessus.org/plugins/index.php?view=single&id=51572 USN1044-1 : dbus vulnerability 51571 redhat-RHSA-2011-0164.nasl http://nessus.org/plugins/index.php?view=single&id=51571 RHSA-2011-0164: mysql 51570 redhat-RHSA-2011-0163.nasl http://nessus.org/plugins/index.php?view=single&id=51570 RHSA-2011-0163: kernel 51569 redhat-RHSA-2011-0162.nasl http://nessus.org/plugins/index.php?view=single&id=51569 RHSA-2011-0162: kernel 51568 freebsd_pkg_4c0173451d8911e0bbee0014a5e3cda6.nasl http://nessus.org/plugins/index.php?view=single&id=51568 FreeBSD : MoinMoin -- cross-site scripting vulnerabilities (5373) 51567 freebsd_pkg_2c2d4e83237011e0a91b00e0815b8da8.nasl http://nessus.org/plugins/index.php?view=single&id=51567 FreeBSD : tarsnap -- cryptographic nonce reuse (5372) 51566 fedora_2011-0470.nasl http://nessus.org/plugins/index.php?view=single&id=51566 Fedora 14 2011-0470 51565 fedora_2011-0099.nasl http://nessus.org/plugins/index.php?view=single&id=51565 Fedora 14 2011-0099 51564 blogengine_getfile_accessible.nasl http://nessus.org/plugins/index.php?view=single&id=51564 BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized Access ------------------------------ Message: 4 Date: Wed, 19 Jan 2011 10:39:05 -0800 From: David Fifield <david () bamsoftware com> Subject: Re: Zenmap Crashing and CPU Utilisation hangs at 50% To: Rob Nicholls <robert () robnicholls co uk> Cc: Ray Middleton <ray.middleton () gmail com>, nmap-dev () insecure org Message-ID: <20110119183904.GA19700 () gusto bamsoftware com> Content-Type: text/plain; charset=us-ascii On Wed, Jan 19, 2011 at 10:23:01AM +0000, Rob Nicholls wrote:On Tue, 18 Jan 2011 22:22:59 -0800, David Fifield wrote:Guys, I think this is greatly ameliorated in r21861. Please give it a try. I made it update the text field incrementally, and also apply new highlighting incrementally. I can "nmap --packet-trace -p- localhost" without much delay, with highlighting on.I'm guessing you might not have tested the new incremental update code on Windows (it works as before/expected on Linux), as I don't get to see any scan results until the entire scan has completed. The highlighting seems to work fine though (from memory it looks identical to before), and it didn't freeze/crash.You're right, I didn't test it on Windows. It didn't work for me either when I tried it. I did something different in r21875, please try it. David Fifield ------------------------------ _______________________________________________ nmap-dev mailing list nmap-dev () insecure org http://cgi.insecure.org/mailman/listinfo/nmap-dev End of nmap-dev Digest, Vol 70, Issue 43 ****************************************
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Re: nmap-dev Digest, Vol 70, Issue 43 viswanath emani (Jan 20)