Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Two situations with a similar goal: 1) You have access to a target network, and

ID: 655987 • Letter: T

Question

Two situations with a similar goal:

1) You have access to a target network, and you a Windows host. Is it possible to remotely finger print which (operating system security) patches are applied to the system without attempting actual exploits?

2) If you have either partial or full access to a target (unprivileged login, or root access) is it possible to finger print the security patches that have been applied without attempting the exploits that the patches remedy?

I should state first, that this is from a red team perspective. The owner of the target computer cannot be asked questions, or be asked to take any actions. Furthermore, stealth is of the essence.

There is a world of difference between an unpatched system, and a patched system, but it is quite noisy, and risks downing the system to try too many actual exploits (and it seems like the dumb way to go about finding the patch level.) Is there any safe, and quiet way to fingerprint this?

Explanation / Answer

It is possible to do an unauthenticated network fingerprint for certain patches, but only a few. Nessus is one tool, and it can find e.g. MS08-067, MS12-036, with no credentials. You can use Nessus for free under the home license. Nmap also has some scripts for this (e.g. MS08-067) although be aware that this is different to the fingerprinting Ramrod mentioned in his answer.

A lot of patches don't affect anything that's directly network-accessible, e.g. Internet Explorer patches. You can do a similar test by having the client visit a website that checks it. Qualys BrowserCheck is one example.

The usual way to do patch scanning to do scan using administrator credentials. There are lots of tools that do this (including Nessus). In theory I expect you can do pretty good patch scanning with non-admin credentials. However, I don't know of any tool that does this - and I doubt anyone would be particularly interested in creating one.

Related Questions

Two shuffleboard disks of equal mass, one orange and the other green, are involv
Question #2118105
Two shuffleboard disks of equal mass, one orange and the other green, are involv
Question #2187041
Two shuffleboard disks of equal mass, one orange and the other green, are involv
Question #2243773
Two shuffleboard disks of equal mass, one orange and the other green, are involv
Question #3892517
Two shuffleboard disks of equal mass, one orange and the other yellow, are invol
Question #1285500
Two shuffleboard disks of equal mass, one orange and the other yellow, are invol
Question #1410250
Two shuffleboard disks of equal mass, one orange and the other yellow, are invol
Question #1445854
Two shuffleboard disks of equal mass, one orange and the other yellow, are invol
Question #1449181
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Two sites near each other sites had a mean wind speed high enough to qualifty, b
Next
Two six-sided dice are rolled (one red and one green). Some possibilities are (R

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.