Penetration Testing mailing list archives

Identifying Windows O/S & SP

From: L3wD <l3wd () earthlink net>
Date: Wed, 24 Aug 2005 18:52:30 -0400 (GMT-04:00)

    I am looking for a method of correctly identifying Windows O/S Versions and Service Packs remotely. Here are my 
restrictions:
- Performed Remotely (not in same broadcast domain)
- No Admin Rights on Remote Box
- No Username/Password on Remote Box
- VERY Few Packets Generated (excluding TCP 3-way handshake)
- Ability to **AVOID** IDS Detection

    My preferences are for something that is command line based, and can be run from a Linux platform. I'll take 
something GUI based or Windows based if that is all there is. Multiple tools are fine, as long as the number of packets 
generated are very low.

    I've taken a look at Winfingerprint 0.6.2 with only the Win32 OS Version option selected, but it generates 70+ 
packets which is too loud for my purposes.

Current thread:

Identifying Windows O/S & SP L3wD (Aug 24)
- Re: Identifying Windows O/S & SP Jayson Anderson (Aug 26)
- Re: Identifying Windows O/S & SP Ivan . (Aug 26)
- Re: Identifying Windows O/S & SP Gustavo de Jesús Barrientos Guerrero (Aug 26)
- Re: Identifying Windows O/S & SP AdamT (Aug 26)
- <Possible follow-ups>
- Re: Identifying Windows O/S & SP ekamerling (Aug 26)
- Re: Identifying Windows O/S & SP Roger Dodger (Aug 26)