Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Identify OS?

From: "Noonan, Wesley" <Wesley_Noonan () bmc com>
Date: Fri, 31 Jan 2003 14:03:56 -0600
If it is responding to SNMP, attempt to walk the MIB. That should tell you
exactly what it is. If you have access to the segment it is on, you can
sniff the wire for the community string to use. You could also try to pull
the FTP banners from it. If it is a native windows box, it will pretty
clearly tell you so. My bet though, and it is a WAG, is some flavor of unix.
Too many *nix type ports opened, not enough MS type ports (yeah, I know, not
a very scientific approach).

Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan () bmc com
http://www.bmc.com



-----Original Message-----
From: Nick Jacobsen [mailto:nick () ethicsdesign com]
Sent: Friday, January 31, 2003 01:33
To: pen-test () securityfocus com
Subject: Identify OS?

Hey All again,
Could any of you give me an idea of what type of machine the following
might
be, based on the ports open?  it is sitting at xxx.xxx.xxx.001 on a
network,
so I am thinking it is some sort of gateway, but what OS/hardware?  Below
is
the results of telnetting to port 23, and the ruslts of an nmap scan
(tried
the identify OS option, didn't do sh*t)

Nick J.
Ethics Design
nick () ethicsdesign com

<-----------------  Telnet results  ---------------------------->
Authorized uses only. All activity may be monitored and reported.
login: cisco
Password:
Login incorrect
<----------------- End Telnet Results  ----------------------->
<-----------------  Nmap Scan Results ---------------------->
21/tcp     open        ftp
22/tcp     open        ssh
23/tcp     open        telnet
53/tcp     open        domain
111/tcp    open        sunrpc
161/tcp    filtered    snmp
162/tcp    filtered    snmptrap
389/tcp    open        ldap
512/tcp    open        exec
513/tcp    open        login
514/tcp    open        shell
1002/tcp   open        unknown
1169/tcp   open        unknown
1433/tcp   filtered    ms-sql-s
1720/tcp   open        H.323/Q.931
2410/tcp   open        unknown
2785/tcp   open        unknown
2786/tcp   open        unknown
6000/tcp   open        X11
6112/tcp   open        dtspc
7937/tcp   open        unknown
7938/tcp   open        unknown
32774/tcp  open        sometimes-rpc11
32775/tcp  open        sometimes-rpc13
32778/tcp  open        sometimes-rpc19
Too many fingerprints match this host for me to give an accurate OS guess
TCP/IP fingerprint:
SInfo(V=3.10ALPHA7%P=i686-pc-windows-
windows%D=1/30%Time=3E394B34%O=21%C=1)
T1(Resp=N)
T2(Resp=N)
T3(Resp=N)
T4(Resp=N)
T5(Resp=N)
T6(Resp=N)
T7(Resp=N)
PU(Resp=N)
<---------------------  End Nmap Scan Results  ---------->


--------------------------------------------------------------------------
--
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please
see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: