Nmap Development mailing list archives

Precise OS detection of Windows over port 445?


From: Richard Miles <richard.k.miles () googlemail com>
Date: Thu, 3 Jun 2010 13:38:29 +0000

Hi

I use nmap to detect Windows machine vulnerable to ms08_067, it works
very well. I also use nmap -sV -sC -p 443 target to get a precise
identification of the system, and it's very helpful like telling me
the Windows version and even service pack. It's essential to set the
target on metasploit. My question is, how reliable is this
information? Is possible it be incorrectly fingerprinted?

Independent of this, to set a correct target I need to know the OS
language and if NX is in use or not. Metasploit has a script to detect
OS language on port 445 but my experience is very bad, sometimes work
but most of the time it just return unknown. Someone know how they
detect it? Is possible to add a feature like that on nmap? Would be
awesome...

Also, there is a way to detect if NX is in use remotely?

Thanks.
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


Current thread: