hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > Exploit Articles
fluffibunni
Oct 11 2003, 03:26 PM
can you tell me what is the different betwin SP1 and SPX
i know what is sevice pack but why in exlpoit we should set it is too different between service packS
and can you tell me how to understand SP of the win2k server huh.gif
ghasedak
Oct 11 2003, 04:40 PM
wink.gif I did,t see an Scanner do this job but With some of them you can find they batched for a bug or no
w00dy
Oct 12 2003, 03:42 AM
QUOTE
know what is sevice pack but why in exlpoit we should set it is too different between service packS
and can you tell me how to understand SP of the win2k server

Service packs are groups of patches released in a lump sum. You have to set the service pack for some exploits because depending on which service pack, the sec hole might differ. As for finding out which SP is installed, trial and error is the only way without access to a shell, which you probably dont have and is why you are exploiting it.
tolf
Oct 14 2003, 03:53 AM
QUOTE (w00dy @ Oct 12 2003, 03:42 AM)
QUOTE
know what is sevice pack but why in exlpoit we should set it is too different between service packS
and can you tell me how to understand SP of the win2k server

Service packs are groups of patches released in a lump sum. You have to set the service pack for some exploits because depending on which service pack, the sec hole might differ. As for finding out which SP is installed, trial and error is the only way without access to a shell, which you probably dont have and is why you are exploiting it.

Not entirely correct..

Try this nice little fingerprinting tool "Xprobe"

http://www.sys-security.com/html/projects/X.html

This will give you a good indication of the OS and SP used...

Enjoy

Output:

[+] Target is 192.168.1.200
[+] Loading modules.
[+] Following modules are loaded:
[x]ICMP echo (ping)
[x]TTL distance [x]ICMP echo
[x]ICMP Timestamp [x]ICMP Address [x]ICMP Info Request [x]ICMP port unreachable [+] 7 modules registered [+] Initializing scan engine [+] Running scan engine [+] Host: 192.168.1.200 is up (Guess probability: 100%) [+] Target: 192.168.1.200 is alive [+] Primary guess:
[+] Host 192.168.1.200 Running OS: "Microsoft Windows 2000/2000SP1/2000SP2" (Guess probability: 68%)
[+] Other guesses:
[+] Host 192.168.1.200 Running OS: "Microsoft Windows XP Professional" (Guess probability: 68%) [+] Host 192.168.1.200 Running OS: "Microsoft Windows ME" (Guess probability: 63%) [+] Host 192.168.1.200 Running OS: "Microsoft Windows NT 4 Service Pack 4 and Above" (Guess probability: 59%) [+] Host 192.168.1.200 Running OS: "NetBSD 1.5.2" (Guess probability: 59%)
[+] Cleaning up scan engine [+] Modules deinitialized [+] Execution completed. carman:~/tmp/xprobe2/src #
skydance
Oct 14 2003, 06:11 AM
[+] Host 192.168.1.200 Running OS: "Microsoft Windows 2000/2000SP1/2000SP2" (Guess probability: 68%)
[+] Other guesses:
[+] Host 192.168.1.200 Running OS: "Microsoft Windows XP Professional" (Guess probability: 68%)

it does not say exact SP version... 2000SP1/2000SP2 its not good enough and bouth 2k and XP have 68% probability hihihi blink.gif

languard will fingerprint ok but only in LANs.

mingsweeper is good but u have to update fingerprints database cause its really old rolleyes.gif
hermel
Oct 14 2003, 07:47 AM
Use the Retina Scanner wink.gif
fluffibunni
Oct 14 2003, 05:03 PM
thax but i didn't find my answer unsure.gif sad.gif sad.gif
shiz
Oct 19 2003, 02:04 PM
usin that nickname and askin those dummy questions

tssk tssk
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.