Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: [-SPAM-] NSE script for OS identification / clarification using Netbios/SMB
From: jah <jah () zadkiel plus com>
Date: Wed, 28 Nov 2007 20:04:58 +0000

Cool! Helped me to discover that one of my XP machines had "File and 
Printer sharing..." unchecked.

Matthew Watchinski wrote:
Sounds like NSE is being used by a number of people so the Sourcefire
VRT thought we should contributed some of the NSE scripts we've been
working on.

The attached script written by Judy Novak, utilizes Netbios requests and
SMB AndX responses to help determine the OS and clarify the OS running
on a host that has Netbios and SMB running.  This can be helpful if OS
identification returns multiple possible fingerprints for a given
windows system.

Hopefully people find it useful.

Cheers,
-matt

-----------------------------------------------------------------------
-- This script probes a target for its operating system version sending
-- traffic via UDP port 137 and TCP port 139/445.  First, we need to
-- elicit the NetBIOS share name associated with a workstation share.
-- Once we have that, we need to encode the name into the "mangled"
-- equivalent and send TCP 139/445 traffic to connect to the host and
-- in an attempt to elicit the OS version name from an SMB Setup AndX
-- response.
--
-- Thanks to Michail Prokopyev and xSharez Scanner for required
-- traffic to generate for OS version detection.
--
-- Command line to run this script like following:
--
-- sudo nmap -sU -sS --script osversion.nse  -p U:137,T:139 10.4.12.224
-----------------------------------------------------------------------




--
This email has been verified as Virus free
Virus Protection and more available at http://www.plus.net
  
------------------------------------------------------------------------


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]