This is the second utility that we can use to understand (discover) our target better.
OS Fingerprinting
Method: Active & Passive
Active: the tool sends network packets to the target machine and then it determines the operating system of the target machine based on the analysis done on the response it received.
(+) the fingerprinting process is fast
(-) the target machine may notice our attempt to get its operating system information.
Passive: Using tool called p0f.
(-) Slower Process
P0f (passive)
The p0f tool is a tool used to fingerprint an operating system passively. It can identify an operating system on:
• Machines that connect to your box (SYN mode, this is the default mode)
• Machines you connect to (SYN+ACK mode)
• Machine you cannot connect to (RST+ mode)
• Machines whose communications you can observe
#p0f -o p0f.log
OS Fingerprinting
Method: Active & Passive
Active: the tool sends network packets to the target machine and then it determines the operating system of the target machine based on the analysis done on the response it received.
(+) the fingerprinting process is fast
(-) the target machine may notice our attempt to get its operating system information.
Passive: Using tool called p0f.
(-) Slower Process
P0f (passive)
The p0f tool is a tool used to fingerprint an operating system passively. It can identify an operating system on:
• Machines that connect to your box (SYN mode, this is the default mode)
• Machines you connect to (SYN+ACK mode)
• Machine you cannot connect to (RST+ mode)
• Machines whose communications you can observe
#p0f -o p0f.log
This will save the log information to the p0f.log file
Next you need to generate network activities involving the TCP connection.
If p0f has successfully fingerprinted the remote machine operating system, you will see the remote machine operating system in the log file (p0f.log)
Next you need to generate network activities involving the TCP connection.
If p0f has successfully fingerprinted the remote machine operating system, you will see the remote machine operating system in the log file (p0f.log)
Xprobe2(active)
It fingerprints operating systems by using fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
Now you have know your target IP address and its operating system by using above tools. The next blog will be explained about Target Enumeration.
No comments:
Post a Comment