Dailydave mailing list archives
Re: how to remotely fingerprint 2k3 SP0 vs SP1 ?
From: Jean-Baptiste Marchand <jbm () hsc fr>
Date: Fri, 10 Jun 2005 11:37:00 +0200
* Rich Smith <richard.j.smith () hp com> [10/06/05 - 10:16]:
-- SP1 does not show endpoint UUID data for the mstask.exe whereas SP0 has quite a number of entries (typically 20+).
Right, in Windows Server 2003 SP1, the Task Scheduler service (mstask.exe process) does not register its RPC services on the ncacn_ip_tcp transport but only on the ncacn_np transport (\pipe\atsvc): http://www.hsc.fr/ressources/articles/win_net_srv/ch04s09s02.html http://www.hsc.fr/ressources/breves/min_w2k3_net_srv.html.en Urity gave in 2004 a presentation on the subject of fingerprinting systems looking at registered RPC interfaces, you might be interested in looking at the RpcScan tool and the related presentation: http://www.securityfriday.com/tools/RpcScan.html Jean-Baptiste Marchand -- Jean-Baptiste.Marchand () hsc fr HSC - http://www.hsc.fr/ _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Hamid . K (Jun 06)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Rich Smith (Jun 08)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Jean-Baptiste Marchand (Jun 10)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Rich Smith (Jun 10)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Dave Aitel (Jun 10)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Hamid . K (Jun 10)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Isaac Dawson (Jun 11)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? MindsX (Jun 12)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Hamid . K (Jun 19)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Jean-Baptiste Marchand (Jun 10)
- Re: how to remotely fingerprint 2k3 SP0 vs SP1 ? Rich Smith (Jun 08)