Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: nmap-dev Digest, Vol 70, Issue 43
From: viswanath emani <viswanath.emani () gmail com>
Date: Thu, 20 Jan 2011 18:28:32 +0530

Thanks for the information Rob.

On Thu, Jan 20, 2011 at 1:30 AM, <nmap-dev-request () insecure org> wrote:

Send nmap-dev mailing list submissions to
       nmap-dev () insecure org

To subscribe or unsubscribe via the World Wide Web, visit
       http://cgi.insecure.org/mailman/listinfo/nmap-dev
or, via email, send a message with subject or body 'help' to
       nmap-dev-request () insecure org

You can reach the person managing the list at
       nmap-dev-owner () insecure org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nmap-dev digest..."


Today's Topics:

  1. Probe for Windows 2008 R2 (viswanath emani)
  2. Re: Probe for Windows 2008 R2 (Rob Nicholls)
  3. New VA Modules: OpenVAS: 2, Nessus: 9
     (New VA Module Alert Service)
  4. Re: Zenmap Crashing and CPU Utilisation hangs at 50%
     (David Fifield)


----------------------------------------------------------------------

Message: 1
Date: Wed, 19 Jan 2011 18:44:37 +0530
From: viswanath emani <viswanath.emani () gmail com>
Subject: Probe for Windows 2008 R2
To: nmap-dev () insecure org, nmap-dev-owner () insecure org
Message-ID:
       <AANLkTik8Lj+GRWNYRdWPqd7FRbhddxmQBk0n_HEO+D6O () mail gmail 
com<AANLkTik8Lj%2BGRWNYRdWPqd7FRbhddxmQBk0n_HEO%2BD6O () mail gmail com>

Content-Type: text/plain; charset=ISO-8859-1

Hi,

Could you please let me know if there is a match available to identify
Windows 2008 R2.

Regards,
Viswanath.


------------------------------

Message: 2
Date: Wed, 19 Jan 2011 14:53:28 +0000
From: Rob Nicholls <robert () robnicholls co uk>
Subject: Re: Probe for Windows 2008 R2
To: viswanath emani <viswanath.emani () gmail com>
Cc: nmap-dev () insecure org
Message-ID: <3d63e8c6902418ea890d93ccd6f63f41 () robnicholls co uk>
Content-Type: text/plain; charset=UTF-8; format=flowed

 Hi,

 I can see two matches in the latest nmap-os-db file that are specific
 to 2008 R2:

 # Windows Server 2008 R2 Standard 7600
 Fingerprint Microsoft Windows Server 2008 R2
 Class Microsoft | Windows | 2008 | general purpose
 SEQ(SP=EC-10A%GCD=1-6%ISR=104-110%TI=I%TS=7)

 OPS(O1=M564NW8ST11%O2=M564NW8ST11%O3=M564NW8NNT11%O4=M564NW8ST11%O5=M564NW8ST11%O6=M564ST11)
 WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
 ECN(R=Y%DF=Y%T=7B-85%TG=80%W=2000%O=M564NW8NNS%CC=N%Q=)
 T1(R=Y%DF=Y%T=7B-85%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
 T2(R=N)
 T3(R=N)
 T4(R=N)
 T5(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=O%A=S+%F=AR%O=%RD=0%Q=)
 T6(R=N)
 T7(R=N)
 U1(DF=N%T=7B-85%TG=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
 IE(R=N)

 # Windows Server 2008 R2 Enterprise 7600
 Fingerprint Microsoft Windows Server 2008 R2
 Class Microsoft | Windows | 2008 | general purpose
 SEQ(SP=100-10A%GCD=1-6%ISR=106-110%TI=I%CI=I%II=I%SS=S%TS=7)

 OPS(O1=M5B4NW8ST11%O2=M5B4NW8ST11%O3=M5B4NW8NNT11%O4=M5B4NW8ST11%O5=M5B4NW8ST11%O6=M5B4ST11)
 WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=2000%W6=2000)
 ECN(R=N)
 T1(R=Y%DF=Y%T=7B-85%TG=80%S=O%A=S+%F=AS%RD=0%Q=)
 T2(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=S%F=AR%O=%RD=0%Q=)
 T3(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)
 T4(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
 T5(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 T6(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=A%A=O%F=R%O=%RD=0%Q=)
 T7(R=Y%DF=Y%T=7B-85%TG=80%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)
 U1(DF=N%T=7B-85%TG=80%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)
 IE(DFI=N%T=7B-85%TG=80%CD=Z)

 But because of the strong similarities in the network stack between
 Vista, 2008, 2008 R2 and Windows 7, it's not typically possible for Nmap
 to distinguish between 2008 R2 and the other Windows variants (Windows 7
 x64 and 2008 R2 share the same codebase, so have an identical network
 stack):

 For example, a scan I've just completed of a 2008 R2 host has
 identified it as:

 Running: Microsoft Windows 2008|7|Vista
 OS details: Microsoft Windows Server 2008, Microsoft Windows 7
 Professional, Microsoft Windows Vista SP0 or SP1, Server 2008 SP1, or
 Windows 7

 The only way I could tell that this is running 2008 R2 would be to look
 at the services (e.g. SMB, DNS, IIS) to identify version numbers. For
 example, Nmap will identify a 2008 host as running Microsoft DNS
 6.0.6002 and a 2008 R2 host as running Microsoft DNS 6.1.7600.

 Rob

 On Wed, 19 Jan 2011 18:44:37 +0530, viswanath emani wrote:
Hi,

Could you please let me know if there is a match available to
identify
Windows 2008 R2.

Regards,
Viswanath.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/




------------------------------

Message: 3
Date: Wed, 19 Jan 2011 10:00:42 -0800 (PST)
From: New VA Module Alert Service <postmaster () insecure org>
Subject: New VA Modules: OpenVAS: 2, Nessus: 9
To: nmap-dev () insecure org
Message-ID: <20110119180042.54366B2047 () web insecure org>
Content-Type: text/plain; charset="utf-8"

This report describes any new scripts/modules/exploits added to Nmap,
OpenVAS, Metasploit, and Nessus since yesterday.

== OpenVAS plugins (2) ==

r10020 103034 gb_joostina_45732.nasl

http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_joostina_45732.nasl?root=openvas&view=markup
Joostina 'index.php' Cross Site Scripting Vulnerability

r10020 103033 gb_ccms_45819.nasl

http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/gb_ccms_45819.nasl?root=openvas&view=markup
CompactCMS Multiple Cross Site Scripting Vulnerabilities

== Nessus plugins (9) ==

51572 ubuntu_USN-1044-1.nasl
http://nessus.org/plugins/index.php?view=single&id=51572
USN1044-1 : dbus vulnerability

51571 redhat-RHSA-2011-0164.nasl
http://nessus.org/plugins/index.php?view=single&id=51571
RHSA-2011-0164: mysql

51570 redhat-RHSA-2011-0163.nasl
http://nessus.org/plugins/index.php?view=single&id=51570
RHSA-2011-0163: kernel

51569 redhat-RHSA-2011-0162.nasl
http://nessus.org/plugins/index.php?view=single&id=51569
RHSA-2011-0162: kernel

51568 freebsd_pkg_4c0173451d8911e0bbee0014a5e3cda6.nasl
http://nessus.org/plugins/index.php?view=single&id=51568
FreeBSD : MoinMoin -- cross-site scripting vulnerabilities (5373)

51567 freebsd_pkg_2c2d4e83237011e0a91b00e0815b8da8.nasl
http://nessus.org/plugins/index.php?view=single&id=51567
FreeBSD : tarsnap -- cryptographic nonce reuse (5372)

51566 fedora_2011-0470.nasl
http://nessus.org/plugins/index.php?view=single&id=51566
Fedora 14 2011-0470

51565 fedora_2011-0099.nasl
http://nessus.org/plugins/index.php?view=single&id=51565
Fedora 14 2011-0099

51564 blogengine_getfile_accessible.nasl
http://nessus.org/plugins/index.php?view=single&id=51564
BlogEngine.NET api/BlogImporter.asmx GetFile Function Unauthorized
Access

------------------------------

Message: 4
Date: Wed, 19 Jan 2011 10:39:05 -0800
From: David Fifield <david () bamsoftware com>
Subject: Re: Zenmap Crashing and CPU Utilisation hangs at 50%
To: Rob Nicholls <robert () robnicholls co uk>
Cc: Ray Middleton <ray.middleton () gmail com>, nmap-dev () insecure org
Message-ID: <20110119183904.GA19700 () gusto bamsoftware com>
Content-Type: text/plain; charset=us-ascii

On Wed, Jan 19, 2011 at 10:23:01AM +0000, Rob Nicholls wrote:
On Tue, 18 Jan 2011 22:22:59 -0800, David Fifield wrote:
Guys, I think this is greatly ameliorated in r21861. Please give it a
try. I made it update the text field incrementally, and also apply
new
highlighting incrementally. I can "nmap --packet-trace -p- localhost"
without much delay, with highlighting on.

I'm guessing you might not have tested the new incremental update
code on Windows (it works as before/expected on Linux), as I don't
get to see any scan results until the entire scan has completed. The
highlighting seems to work fine though (from memory it looks
identical to before), and it didn't freeze/crash.

You're right, I didn't test it on Windows. It didn't work for me either
when I tried it. I did something different in r21875, please try it.

David Fifield


------------------------------

_______________________________________________
nmap-dev mailing list
nmap-dev () insecure org
http://cgi.insecure.org/mailman/listinfo/nmap-dev


End of nmap-dev Digest, Vol 70, Issue 43
****************************************

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
  • Re: nmap-dev Digest, Vol 70, Issue 43 viswanath emani (Jan 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]