Re: Identifying Windows O/S & SP
From: AdamT (adwulf_at_gmail.com)
Date: 08/26/05
- Previous message: fukami: "22nd Chaos Communication Congress 2005: Call for Papers"
- In reply to: L3wD: "Identifying Windows O/S & SP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Aug 2005 15:48:30 +0100 To: pen-test@securityfocus.com
On 8/24/05, L3wD <l3wd@earthlink.net> wrote:
> I am looking for a method of correctly identifying Windows O/S Versions and Service Packs remotely. Here are my restrictions:
> - Performed Remotely (not in same broadcast domain)
> - No Admin Rights on Remote Box
> - No Username/Password on Remote Box
> - VERY Few Packets Generated (excluding TCP 3-way handshake)
> - Ability to **AVOID** IDS Detection
>
You should put this list to the NMAP summer of code team, they're
currently looking at reworking the whole TCP fingerprinting / OS
identification module.
I'm guessing much of what you want is going to be restricted by the
'few packets generated' condition - especially if it stops you from
establishing a connection to a remote TCP port for long enough to get
a banner message.
I suppose you'd need to plug in a sniffer and do some calibrating at
home first. Eg - get your NT4 server, and sniff traffic from it, then
apply SP1, repeat, apply SP2, etc... then look to see what's changed.
-- AdamT "Maidenhead is *not* in Kent"
- Previous message: fukami: "22nd Chaos Communication Congress 2005: Call for Papers"
- In reply to: L3wD: "Identifying Windows O/S & SP"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
