Penetration Testing mailing list archives
Re: Identifying Windows O/S & SP
From: AdamT <adwulf () gmail com>
Date: Fri, 26 Aug 2005 15:48:30 +0100
On 8/24/05, L3wD <l3wd () earthlink net> wrote:
I am looking for a method of correctly identifying Windows O/S Versions and Service Packs remotely. Here are my restrictions: - Performed Remotely (not in same broadcast domain) - No Admin Rights on Remote Box - No Username/Password on Remote Box - VERY Few Packets Generated (excluding TCP 3-way handshake) - Ability to **AVOID** IDS Detection
You should put this list to the NMAP summer of code team, they're currently looking at reworking the whole TCP fingerprinting / OS identification module. I'm guessing much of what you want is going to be restricted by the 'few packets generated' condition - especially if it stops you from establishing a connection to a remote TCP port for long enough to get a banner message. I suppose you'd need to plug in a sniffer and do some calibrating at home first. Eg - get your NT4 server, and sniff traffic from it, then apply SP1, repeat, apply SP2, etc... then look to see what's changed. -- AdamT "Maidenhead is *not* in Kent"
Current thread:
- Identifying Windows O/S & SP L3wD (Aug 24)
- Re: Identifying Windows O/S & SP Jayson Anderson (Aug 26)
- Re: Identifying Windows O/S & SP Ivan . (Aug 26)
- Re: Identifying Windows O/S & SP Gustavo de Jesús Barrientos Guerrero (Aug 26)
- Re: Identifying Windows O/S & SP AdamT (Aug 26)
- <Possible follow-ups>
- Re: Identifying Windows O/S & SP ekamerling (Aug 26)
- Re: Identifying Windows O/S & SP Roger Dodger (Aug 26)