RE: Getting a Machines Uptime Remotely

From: drm (drm@e-netaudit.com)
Date: Sun Feb 05 2006 - 16:33:20 EST

• Next message: Erik Kamerling: "Re: Getting a Machines Uptime Remotely"
• Previous message: Louis Lerman: "Re: Pen-Test and Social Engineering"
• In reply to: Paul Melson: "RE: Getting a Machines Uptime Remotely"
• Next in thread: ROB DIXON: "Re: Getting a Machines Uptime Remotely"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Timestamp is not a reliable method for determining the system uptime. See
RFC792 which states 'the timestamp is 32 bits of milliseconds since midnight
UT'. I only use timestamp as an alternative to echo when sites block echo
but not timestamp - not for accurately determining how long a machine has
been running.

To get the system uptime of Win machines

Try uptime.exe \\hostname Microsoft utility.

Or

Systeminfo /S hostname | @findstr "Time:"

DM

-----Original Message-----
Subject: Getting a Machines Uptime Remotely

> I'm trying to figure out how to get the uptime of a Win* machine remotely
using NMAP.
> Stealth is not a concern. I've done it with *nix based OS'es before using
NMAP but never
> Windows. Can anyone offer some advice on how to do this using NMAP. I've
tried a couple
> different things with no results.

Do you get a TCP timestamp response at all when you scan with 'nmap -O' ?
The two XP/SP2 boxes I just scanned don't give an RFC1323 timestamp
response. This leads me to believe that you won't be able to do anything
like this at all.

Your best bet will be to set up some sort of WUG/Nagios monitoring of these
hosts, probably via ping or some TCP port check, and wait for them to
reboot. Once they come back up, you'll be able to track uptime. Short of
that, you may be out of luck. If it's a mandate, I would look at trying to
get some level of AD/local authentication access so you can use something
like 'uptime.exe' (I think it ships with Win2K3, it's part of the reskit for
Win2K).

PaulM

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Erik Kamerling: "Re: Getting a Machines Uptime Remotely"
• Previous message: Louis Lerman: "Re: Pen-Test and Social Engineering"
• In reply to: Paul Melson: "RE: Getting a Machines Uptime Remotely"
• Next in thread: ROB DIXON: "Re: Getting a Machines Uptime Remotely"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:27 EDT