Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: Getting a Machines Uptime Remotely
From: "Ray Sawyer" <rays () oscamtechnical com>
Date: Sun, 5 Feb 2006 12:56:31 -0500
For determining uptime of Windows systems download uptime.exe. Google it. It is free.

-----Original Message-----
From: Pete Herzog [mailto:lists () isecom org] 
Sent: Friday, February 03, 2006 5:56 AM
To: Holstein, Robert - BLS CTR
Cc: pen-test () securityfocus com
Subject: Re: Getting a Machines Uptime Remotely

Hi,

The UPTIME is from the Timestamp of a TCP packet.  If you know the OS you can figure out the uptime from the number of 
milliseconds in the timestamp.

Windows, however, does not provide timestamp information in TCP and rarely in the timestamp option of ICMP (nmap can 
request this as -PP).

As others said before, SNMP, NNTP, and RPC are options.  Other services may also give you local time (often times in 
GMT though) that will let you know its time but not its uptime.  Therefore, you will have to do a little deductive work 
to narrow in.  For example, if automatic Windowsupdate is used then you can look correspond patches with release dates 
knowing that often a reboot is performed after the patch is applied.  Windows update may not be automatic which means 
you need to know an update schedule or maybe it's not updated at all ever which means you really can't use that as a 
guage.

But if you just need to settle a bet, there's always a few tricks to BSOD the system and then you make your own UPTIME 
calculation ;)  Just kidding.

There may be other tricks but you'll have to google for it.  AFAIK, without researching for you, there are easy ways to 
get the local time but not the uptime.

Sincerely,
-pete.

www.isestorm.org

Holstein, Robert - BLS CTR wrote:

I should have mentioned this in the first communiqué.  I don't have any privileges on any of the remote workstations 
to authenticate a remote connection with so RPC queries usually don't work. If someone knows a way to coax something 
from an RPC call im all ears.  Having no credentials to pass also eliminates psinfo, systeminfo, uptime or many of 
the other well know windows based tools.  

SNMP is supposedly completely disabled on these workstations so I don't know if trying to query an OID remotely would 
be worth the time. It's worth a try though.   That's one of the reasons I looked to NMAP.  I know it calculates 
uptime from the TCP timestamp for Linux OS.  I suspect it can do the same for windows, but I don't know how to go 
about it.


-----Original Message-----
From: Steve Friedl [mailto:steve () unixwiz net]
Sent: Thursday, February 02, 2006 2:21 PM
To: Holstein, Robert - BLS CTR
Cc: pen-test () securityfocus com
Subject: Re: Getting a Machines Uptime Remotely

On Wed, Feb 01, 2006 at 10:18:06AM -0500, Holstein, Robert - BLS CTR wrote:

I'm trying to figure out how to get the uptime of a Win* machine 
remotely using NMAP.  Stealth is not a concern.  I've done it with 
*nix based OS'es before using NMAP but never Windows. Can anyone 
offer some advice on how to do this using NMAP.  I've tried a couple 
different things with no results.


There are two ways I can think of to get the uptime remotely, though neither with nmap.

1) via SNMP: the sysUpTime.0 OID is the number of 100ths of a second since
   boot. This has a 497-day limit before the 32-bit counter wraps around,
   but if it's a Windows machine I doubt you'll run into that ;-)

2) I'm sure there's an RPC type query which returns this information, but
   it surely requires a network credential.

Steve

--- 
Stephen J Friedl | Security Consultant |  UNIX Wizard  |   +1 714 544-6561
www.unixwiz.net  | Tustin, Calif. USA  | Microsoft MVP | 
steve () unixwiz net


----------------------------------------------------------------------
-------- Audit your website security with Acunetix Web Vulnerability 
Scanner:

Hackers are concentrating their efforts on attacking applications on 
your website. Up to 75% of cyber attacks are launched on shopping 
carts, forms, login pages, dynamic content etc. Firewalls, SSL and 
locked-down servers are futile against web application hacking. Check 
your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------
---------





------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are 
launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile 
against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and 
other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

###########################################

This message has been scanned by F-Secure Anti-Virus for Microsoft Exchange.
For more information, connect to http://www.oscamtechnical.com/fsecuresbs.html


**********************************************************************
Oscam Technical monitors, controls and protects all its messaging traffic in compliance with its corporate email policy 
using Clearswift products. Find out more about Oscam Technical and its anti-virus and content filtering solutions at 
www.oscamtechnical.com
**********************************************************************
This communication and any files transmitted with it are confidential and may contain privileged information intended 
solely for named addressee(s). It may not be used or disclosed except for the purpose for which it has been sent. If 
you are not the intended recipient, you must not copy, distribute, or take any action in reliance on it. Unless 
expressly stated, opinions in this message are those of the individual sender and not of Oscam Technical. If you have 
received this communication in error, please notify Oscam Technical by emailing oscamadmin () oscamtechnical com 
quoting the sender and delete the message and any attached documents and files. Oscam Technical accepts no liability or 
responsibility for an onward transmission or use of emails and attachments having left the Oscam Technical domain. 

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.oscamtechnical.com
**********************************************************************


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]