RE: Identify OS?
From: Noonan, Wesley (Wesley_Noonan@bmc.com)
Date: 01/31/03
- Previous message: Bob Mahan: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Maybe in reply to: Nick Jacobsen: "Identify OS?"
- Next in thread: Rafael Coninck Teigao: "Re: Identify OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Noonan, Wesley" <Wesley_Noonan@bmc.com> To: "'Nick Jacobsen'" <nick@ethicsdesign.com>, pen-test@securityfocus.com Date: Fri, 31 Jan 2003 14:03:56 -0600
If it is responding to SNMP, attempt to walk the MIB. That should tell you
exactly what it is. If you have access to the segment it is on, you can
sniff the wire for the community string to use. You could also try to pull
the FTP banners from it. If it is a native windows box, it will pretty
clearly tell you so. My bet though, and it is a WAG, is some flavor of unix.
Too many *nix type ports opened, not enough MS type ports (yeah, I know, not
a very scientific approach).
Wes Noonan, MCSE/CCNA/CCDA/NNCSS/Security+
Senior QA Rep.
BMC Software, Inc.
(713) 918-2412
wnoonan@bmc.com
http://www.bmc.com
> -----Original Message-----
> From: Nick Jacobsen [mailto:nick@ethicsdesign.com]
> Sent: Friday, January 31, 2003 01:33
> To: pen-test@securityfocus.com
> Subject: Identify OS?
>
> Hey All again,
> Could any of you give me an idea of what type of machine the following
> might
> be, based on the ports open? it is sitting at xxx.xxx.xxx.001 on a
> network,
> so I am thinking it is some sort of gateway, but what OS/hardware? Below
> is
> the results of telnetting to port 23, and the ruslts of an nmap scan
> (tried
> the identify OS option, didn't do sh*t)
>
> Nick J.
> Ethics Design
> nick@ethicsdesign.com
>
> <----------------- Telnet results ---------------------------->
> Authorized uses only. All activity may be monitored and reported.
> login: cisco
> Password:
> Login incorrect
> <----------------- End Telnet Results ----------------------->
> <----------------- Nmap Scan Results ---------------------->
> 21/tcp open ftp
> 22/tcp open ssh
> 23/tcp open telnet
> 53/tcp open domain
> 111/tcp open sunrpc
> 161/tcp filtered snmp
> 162/tcp filtered snmptrap
> 389/tcp open ldap
> 512/tcp open exec
> 513/tcp open login
> 514/tcp open shell
> 1002/tcp open unknown
> 1169/tcp open unknown
> 1433/tcp filtered ms-sql-s
> 1720/tcp open H.323/Q.931
> 2410/tcp open unknown
> 2785/tcp open unknown
> 2786/tcp open unknown
> 6000/tcp open X11
> 6112/tcp open dtspc
> 7937/tcp open unknown
> 7938/tcp open unknown
> 32774/tcp open sometimes-rpc11
> 32775/tcp open sometimes-rpc13
> 32778/tcp open sometimes-rpc19
> Too many fingerprints match this host for me to give an accurate OS guess
> TCP/IP fingerprint:
> SInfo(V=3.10ALPHA7%P=i686-pc-windows-
> windows%D=1/30%Time=3E394B34%O=21%C=1)
> T1(Resp=N)
> T2(Resp=N)
> T3(Resp=N)
> T4(Resp=N)
> T5(Resp=N)
> T6(Resp=N)
> T7(Resp=N)
> PU(Resp=N)
> <--------------------- End Nmap Scan Results ---------->
>
>
> --------------------------------------------------------------------------
> --
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Next message: Rafael Coninck Teigao: "Re: Identify OS?"
- Previous message: Bob Mahan: "RE: z/OS, OS/390 Pen testing tips/ideas/papers?"
- Maybe in reply to: Nick Jacobsen: "Identify OS?"
- Next in thread: Rafael Coninck Teigao: "Re: Identify OS?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
