[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] fingerprinting windows via 135/tcp

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] fingerprinting windows via 135/tcp
From: Jacek Lipkowski <sq5bpf@andra.com.pl>
Date: Mon, 25 Aug 2003 10:47:00 +0200 (CEST)

Hello,

I've been looking for a way to fingerprint windows systems via 135/tcp.
There are some differences in responses to invalid rpc request - it seems
that different windows versions treat the Assoc group field differently.
Usign this one can tell apart NT, 2000 and XP/2003.

I've enclosed a simple library to check the windows version, and see if it
is vulnerable to the DCOM/RPC exploit (code ripped from dcom_scanz.c by
kid and farp of buildtheb0x.com). There is also a simple program to
demonstrate the library, and a dcom/rpc exploit patched to autodetect the
target operating system.

Since i have no knowledge about dcom/rpc i wanted to ask if there is a
simpler way to do it? Maybe some call that would just return the version
directly?

jacek

idwin.tar.gz

Prev by Date: Re: [Full-Disclosure] JAP back doored
Next by Date: Re: [Full-Disclosure] JAP back doored
Prev by thread: RE: [Full-Disclosure] Interscan - path disclosure - WAS:SpamAssasin - path disclosure
Next by thread: [Full-Disclosure] [TURBOLINUX SECURITY INFO] 25/Aug/2003
Index(es):
- Date
- Thread