Re: Win95 detection
From: H Carvey (keydet89_at_yahoo.com)
Date: 12/03/04
- Previous message: Craig Humphrey: "RE: DMZ / Firewall rule diagramming"
- Maybe in reply to: Samuel Petreski: "Win95 detection"
- Next in thread: q q: "Re: Win95 detection"
- Reply: q q: "Re: Win95 detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 3 Dec 2004 19:07:30 -0000 To: security-basics@securityfocus.com('binary' encoding is not supported, stored as-is) In-Reply-To: <200412021549.iB2FnAhL005056@mail-h12-03.cc.ksu.edu>
Samuel,
>Great suggestions all, however these hosts are NOT part of a domain, and
>they are not managed. I have to do it remotely without admin access to them.
>
How about null sessions?
Here's my line of reasoning...I don't have Win95 system to test this on...
You've got nmap telling you that these systems may be Win95/98/ME. So, use a Perl script to parse the nmap output (check CPAN for the module), and for each system, make a null session connection, and attempt to enumerate information from the machine, as you would w/ svrinfo.exe.
In the past, I've used a similar method to connect to the C:\ drive on remote Win9x systems to which I did not have admin rights. From there, it was simply a matter of parsing something like the autoexec.bat file to get information.
Again, I apologize for not being more specific, but I don't have a Win95 system to work with. However, something along these lines should meet your needs.
H. Carvey
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
- Previous message: Craig Humphrey: "RE: DMZ / Firewall rule diagramming"
- Maybe in reply to: Samuel Petreski: "Win95 detection"
- Next in thread: q q: "Re: Win95 detection"
- Reply: q q: "Re: Win95 detection"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
