Old box, but as I was trying to exploit it via the MS08-067 code from EDB, my initial attempts did not work (I chose XP SP0/SP1). Every time I ran the exploit, the service probably just crashed and I had to reset the machine. I then turned to metasploit which correctly detected the OS to be XP SP3, ran the exploit for the correct OS version, and successfully got me an admin shell.
My question is: If I wanted to run the EDB exploit successfully, I need detect the correct OS version beforehand. The nmap scripts don’t work - they only go as far as suggesting that the OS is XP, and not the service pack number. Are there other tools (non-metasploit) that fingerprint the OS more reliably?