Answer the question
In order to leave comments, you need to log in
What Windows settings (from XP to 10) include access to this or that information about the computer in the process of scanning an IP address within a local network?
There are a lot of programs that allow you to scan computers on a local network and get information about them. I also understand that the DNS name, MAC address and shared folders can be obtained in most cases. But the question is, how do some computers let you know more about yourself? For example, what kind of accounts are on the computer, what programs are installed, what is contained in the event logs, what type of OS is installed. All this is clearly revealed under certain conditions. The only question is which ones? Tell. I can only assume that a prerequisite should be the inclusion of a remote registry, RDP, access to shared folders. Can someone tell me a comprehensive article on "sharing information about a computer over a network"?
Answer the question
In order to leave comments, you need to log in
Well... the keyword is WMI. It was just invented to facilitate the work of the administrator in scanning remote computers for anything. Of course, this works under certain conditions - a computer in a domain, a scanning script is launched by a domain administrator, etc. Download a demo of 10-Strike (computer inventory software) and marvel at what it can find out.
1. Included on Windows null sessions and guest accounts can allow you to get quite a lot of information about the system without authorization. You can google for details. But with this information, the system cannot be broken, although it can serve as a starting point for further excavations.
2. In addition, according to some specific manifestations in network traffic, one can assume with a high degree of probability about the OS installed on the host. In this case, the analysis can be completely passive. Read about traffic analyzers, experiment with the same nmap, for example.
3.Next - analysis of open ports. Potov - we connect to each port and look at the answers, analyzing the answers you can often get information about what kind of service is listening to this port and what software implements it, as well as the software version and something else.
Everything is on WMI, permissions for queries are set in the appropriate snap-in. I use the free Spiceworks and habrahabr.ru . The domain is optional.
Part of the information is determined by NetBios, part by WMI, if you install an SNMP agent, you get SNMP information.
You can merge information from any service. If you are not an admin, then only the basic infa will be determined.
The same information can be obtained in different ways from several sources. By the way, the remote registry does not always have to be enabled.
If the administrator, then the computer must allow remote administration through the firewall and settings in the registry. In axes starting with Vista, the stumbling block is Remote UAC settings that block the remote work of the administrator. Disable remote uac . I recommend reading this article.
After this setting, you can collect information remotely and control the computer.
Linux can be distinguished from Windows by TTL, it can be configured, but by default ttl = 128 Windows
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question