Re: Identifying Windows O/S & SP

[Roger Dodger <random_alphanumeric_characters () yahoo com>]

How about trusty ol'Nmap

nmap -P0 -O -T Paranoid <ip address>

I didn't do a packet count but should avoid IDS in
paranoid mode...

Cheers,
RAC

----Original Message-----
From: L3wD [mailto:l3wd () earthlink net] 
Sent: Wednesday, August 24, 2005 6:53 PM
To: pen-test () securityfocus com
Subject: Identifying Windows O/S & SP

    I am looking for a method of correctly identifying
Windows O/S
Versions and Service Packs remotely. Here are my
restrictions:
- Performed Remotely (not in same broadcast domain)
- No Admin Rights on Remote Box
- No Username/Password on Remote Box
- VERY Few Packets Generated (excluding TCP 3-way
handshake)
- Ability to **AVOID** IDS Detection

    My preferences are for something that is command
line based, and can
be run from a Linux platform. I'll take something GUI
based or Windows
based if that is all there is. Multiple tools are
fine, as long as the
number of packets generated are very low.

    I've taken a look at Winfingerprint 0.6.2 with
only the Win32 OS
Version option selected, but it generates 70+ packets
which is too loud
for my purposes.



__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com