06-24-2011, 03:18 PM
Using the following commands we can quickly fingerprint the SMB Port (445) to determine the OS version.
>$ ./msfconsole
msf> use auxiliary/scanner/portscan/syn
msf auxiliary(syn)>show options
msf auxiliary(syn)>set RHOST 192.168.1.2
set the necessary options, using port 445 as the port
msf auxiliary(smb version)>run
[*] TCP OPEN 192.168.1.2:445
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Then based on your results, if port 445 is open on the host, use
msf> use auxiliary/scanner/smb/smb_version
msf auxiliary(smb version)>show options
msf auxiliary(smb version)>set RHOST 192.168.1.2
set the rhosts option then run the auxiliary module:
msf auxiliary(smb version)>run
[*] 192.168.1.2 is runnnin Windows XP Service Pack 3(Language: English) (name
C1) (domainC1)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
>$ ./msfconsole
msf> use auxiliary/scanner/portscan/syn
msf auxiliary(syn)>show options
msf auxiliary(syn)>set RHOST 192.168.1.2
set the necessary options, using port 445 as the port
msf auxiliary(smb version)>run
[*] TCP OPEN 192.168.1.2:445
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
Then based on your results, if port 445 is open on the host, use
msf> use auxiliary/scanner/smb/smb_version
msf auxiliary(smb version)>show options
msf auxiliary(smb version)>set RHOST 192.168.1.2
set the rhosts option then run the auxiliary module:
msf auxiliary(smb version)>run
[*] 192.168.1.2 is runnnin Windows XP Service Pack 3(Language: English) (name
C1) (domainC1)[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed