mailing list archives
Re: Win95 detection
From: H Carvey <keydet89 () yahoo com>
Date: 3 Dec 2004 19:07:30 -0000
In-Reply-To: <200412021549.iB2FnAhL005056 () mail-h12-03 cc ksu edu>
Great suggestions all, however these hosts are NOT part of a domain, and
they are not managed. I have to do it remotely without admin access to them.
How about null sessions?
Here's my line of reasoning...I don't have Win95 system to test this on...
You've got nmap telling you that these systems may be Win95/98/ME. So, use a Perl script to parse the nmap output
(check CPAN for the module), and for each system, make a null session connection, and attempt to enumerate information
from the machine, as you would w/ svrinfo.exe.
In the past, I've used a similar method to connect to the C:\ drive on remote Win9x systems to which I did not have
admin rights. From there, it was simply a matter of parsing something like the autoexec.bat file to get information.
Again, I apologize for not being more specific, but I don't have a Win95 system to work with. However, something along
these lines should meet your needs.
"Windows Forensics and Incident Recovery"