Re: Identifying Windows O/S & SP

• Previous message: Geert VAN ACKER: "Re: Scan virtual hosts"
• In reply to: L3wD: "Identifying Windows O/S & SP"
• Next in thread: Roger Dodger: "Re: Identifying Windows O/S & SP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 25 Aug 2005 16:55:10 +1000
To: L3wD <l3wd@earthlink.net>

check out http://www.thc.org/releases.php they have a few tools. not
sure about IDS evasion and the packet count

- THC-Amap
- THC-Vmap
- THC-Rut
- THC-Probe

check here too:
http://www.networkintrusion.co.uk/osfp.htm

finally try google
http://www.google.com.au/search?q=daemon+fingerprinting&btnG=Search&hs=0v&hl=en&client=firefox-a&rls=org.mozilla%3Aen-US%3Aofficial

cheers
Ivan

On 8/25/05, L3wD <l3wd@earthlink.net> wrote:
> I am looking for a method of correctly identifying Windows O/S Versions and Service Packs remotely. Here are my restrictions:
> - Performed Remotely (not in same broadcast domain)
> - No Admin Rights on Remote Box
> - No Username/Password on Remote Box
> - VERY Few Packets Generated (excluding TCP 3-way handshake)
> - Ability to **AVOID** IDS Detection
>
> My preferences are for something that is command line based, and can be run from a Linux platform. I'll take something GUI based or Windows based if that is all there is. Multiple tools are fine, as long as the number of packets generated are very low.
>
> I've taken a look at Winfingerprint 0.6.2 with only the Win32 OS Version option selected, but it generates 70+ packets which is too loud for my purposes.
>

• Previous message: Geert VAN ACKER: "Re: Scan virtual hosts"
• In reply to: L3wD: "Identifying Windows O/S & SP"
• Next in thread: Roger Dodger: "Re: Identifying Windows O/S & SP"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: IP6tables crash ... matching, ie, if http do something. ... To communicate on the internet from say google to your pc. ... sends a little hello packet onto the internet looking for google. ... Google sends back a port number confirming the connection ... (comp.os.linux.misc) Re: General questions about Sockets ... > could I push it before I see the network slowing down and/or errors? ... Nagle/Delayed ACK interaction but you could confirm it with a packet ... > I can setup any port in my registry, but what would be the 'default' one I ... Google could confirm it. ... (microsoft.public.win32.programmer.networks) Re: How to determine incoming, good or bad? ... google to waste a microsecond querying it, ... Look at the port numbers - google wouldn't be querying your:46474 ... you could use a packet sniffer and grab the start of the ... If netstat is showing a connection from the other box, ... (comp.os.linux.misc) Re: More police sticking nose in... ... could open the packet. ... But whereas it is simple for Google just to *look* at what is being ... displayed on their web-sites, the only way that the post office could ... and figure out whether they depict an illegal act taking place? ... (uk.legal) OT: Latest Google Mash up ... pictures out by packet (as well as storing them on google maps). ... (uk.radio.amateur)