Hello, I've been looking for a way to fingerprint windows systems via 135/tcp. There are some differences in responses to invalid rpc request - it seems that different windows versions treat the Assoc group field differently. Usign this one can tell apart NT, 2000 and XP/2003.
I've enclosed a simple library to check the windows version, and see if it is vulnerable to the DCOM/RPC exploit (code ripped from dcom_scanz.c by kid and farp of buildtheb0x.com). There is also a simple program to demonstrate the library, and a dcom/rpc exploit patched to autodetect the target operating system. Since i have no knowledge about dcom/rpc i wanted to ask if there is a simpler way to do it? Maybe some call that would just return the version directly? jacek
idwin.tar.gz
Description: Binary data
