Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos

Nmap Development: Re: [-SPAM-] NSE script for OS identification / clarification using Netbios/SMB

Re: [-SPAM-] NSE script for OS identification / clarification using Netbios/SMB

From: jah <jah_at_zadkiel.plus.com>
Date: Wed, 28 Nov 2007 20:04:58 +0000

Cool! Helped me to discover that one of my XP machines had "File and
Printer sharing..." unchecked.

Matthew Watchinski wrote:
> Sounds like NSE is being used by a number of people so the Sourcefire
> VRT thought we should contributed some of the NSE scripts we've been
> working on.
>
> The attached script written by Judy Novak, utilizes Netbios requests and
> SMB AndX responses to help determine the OS and clarify the OS running
> on a host that has Netbios and SMB running. This can be helpful if OS
> identification returns multiple possible fingerprints for a given
> windows system.
>
> Hopefully people find it useful.
>
> Cheers,
> -matt
>
> -----------------------------------------------------------------------
> -- This script probes a target for its operating system version sending
> -- traffic via UDP port 137 and TCP port 139/445. First, we need to
> -- elicit the NetBIOS share name associated with a workstation share.
> -- Once we have that, we need to encode the name into the "mangled"
> -- equivalent and send TCP 139/445 traffic to connect to the host and
> -- in an attempt to elicit the OS version name from an SMB Setup AndX
> -- response.
> --
> -- Thanks to Michail Prokopyev and xSharez Scanner for required
> -- traffic to generate for OS version detection.
> --
> -- Command line to run this script like following:
> --
> -- sudo nmap -sU -sS --script osversion.nse -p U:137,T:139 10.4.12.224
> -----------------------------------------------------------------------
>
>
>
>
> --
> This email has been verified as Virus free
> Virus Protection and more available at http://www.plus.net
>
> ------------------------------------------------------------------------
>
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Nov 28 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]