Metasploit has an inbuilt ‘targeted’ scanner designed specifically to attempt to identify Microsoft Windows versions on networks, called smb_version module.
SMB stands for Server Message Block and Wiki says this:
In computer networking, Server Message Block (SMB), also known as Common Internet File System (CIFS) operates as an application-layer network protocol mainly used for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. It also provides an authenticated inter-process communication mechanism. Most usage of SMB involves computers running Microsoft Windows, where it was known as “Microsoft Windows Network” before the subsequent introduction of Active Directory. Corresponding Windows services are the “Server Service” (for the server component) and “Workstation Service” (for the client component).
OK, let’s see how the scan performs on my Virtual Hacking Lab.
Once inside the msf Console:
msf > use scanner/smb/smb_version
msf auxiliary(smb_version) > set RHOSTS ipaddress
RHOSTS => ipaddress
msf auxiliary(smb_version) > run
Output:
ipaddress is running Windows XP Service Pack 2 (language: English) (name:LAB) (domain:WORKGROUP)
This Metasploit scan was more precise and accurate than the Nmap scan, which although correctly identified the OS system as Windows XP, could not determine if it was Service Pack two, or three.