Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: Getting a Machines Uptime Remotely
From: "Holstein, Robert - BLS CTR" <Holstein.Robert () bls gov>
Date: Thu, 2 Feb 2006 15:22:25 -0500
I should have mentioned this in the first communiqué.  I don't have any privileges on any of the remote workstations to 
authenticate a remote connection with so RPC queries usually don't work. If someone knows a way to coax something from 
an RPC call im all ears.  Having no credentials to pass also eliminates psinfo, systeminfo, uptime or many of the other 
well know windows based tools.  

SNMP is supposedly completely disabled on these workstations so I don't know if trying to query an OID remotely would 
be worth the time. It's worth a try though.   That's one of the reasons I looked to NMAP.  I know it calculates uptime 
from the TCP timestamp for Linux OS.  I suspect it can do the same for windows, but I don't know how to go about it.


-----Original Message-----
From: Steve Friedl [mailto:steve () unixwiz net] 
Sent: Thursday, February 02, 2006 2:21 PM
To: Holstein, Robert - BLS CTR
Cc: pen-test () securityfocus com
Subject: Re: Getting a Machines Uptime Remotely

On Wed, Feb 01, 2006 at 10:18:06AM -0500, Holstein, Robert - BLS CTR wrote:

I'm trying to figure out how to get the uptime of a Win* machine 
remotely using NMAP.  Stealth is not a concern.  I've done it with 
*nix based OS'es before using NMAP but never Windows. Can anyone offer 
some advice on how to do this using NMAP.  I've tried a couple 
different things with no results.


There are two ways I can think of to get the uptime remotely, though neither with nmap.

1) via SNMP: the sysUpTime.0 OID is the number of 100ths of a second since
   boot. This has a 497-day limit before the 32-bit counter wraps around,
   but if it's a Windows machine I doubt you'll run into that ;-)

2) I'm sure there's an RPC type query which returns this information, but
   it surely requires a network credential.

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | steve () unixwiz net


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]