Home page logo

basics logo Security Basics mailing list archives

Re: Win95 detection
From: H Carvey <keydet89 () yahoo com>
Date: 3 Dec 2004 19:07:30 -0000

In-Reply-To: <200412021549.iB2FnAhL005056 () mail-h12-03 cc ksu edu>


Great suggestions all, however these hosts are NOT part of a domain, and
they are not managed. I have to do it remotely without admin access to them.

How about null sessions?  

Here's my line of reasoning...I don't have Win95 system to test this on...

You've got nmap telling you that these systems may be Win95/98/ME.  So, use a Perl script to parse the nmap output 
(check CPAN for the module), and for each system, make a null session connection, and attempt to enumerate information 
from the machine, as you would w/ svrinfo.exe.  

In the past, I've used a similar method to connect to the C:\ drive on remote Win9x systems to which I did not have 
admin rights.  From there, it was simply a matter of parsing something like the autoexec.bat file to get information.

Again, I apologize for not being more specific, but I don't have a Win95 system to work with.  However, something along 
these lines should meet your needs.

H. Carvey
"Windows Forensics and Incident Recovery"

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]