When doing internal penetration tests, one of the most interesting points is look for old OS who doesn't have more patches, like Windows NT 4.0 and Windows 2000.
I in general do it via nmap, however nmap takes so much time (really much time) against big networks.
So I wonder to know, if you know any specific tool well precise and which allow us to active identify only specific operation systems (like Windows NT4 and Windows2000), do you know?
there's plenty of osfp proggys in BT
Watch your back, your packetz will belong to me soon... xD
BackTrack : Giving Machine Guns to Monkeys since 2006