标题 | 简介 | 类型 | 公开时间 | ||||||||||
|
|||||||||||||
|
|||||||||||||
详情 | |||||||||||||
[SAFE-ID: JIWO-2024-1520] 作者: ecawen 发表于: [2018-05-12]
本文共 [450] 位读者顶过
Introduction
Sometimes on a network it is benificial to know the Operating
System(OS) of a machine. Accessing a system is easier when you know the
OS because you can specifically search the internet for known security
holes in the OS. Granted, security holes are usually patched quickly,
but you need to know when a security hole exists.[出自:jiwo.org] Active fingerpintingActivate fingerpinting is the process of transmitting packets to a remote host and analysing corresponding replies. Passive fingerprintingPassive fingerprinting is the process of analysing packets from a host on a network. In this case, fingerprinter acts as a sniffer and doesn’t put any traffic on a network. Fingerprinting techniques
Allmost all fingerprinting techniques are based on detecting difference in packets generated by different operating systems.
Other techniques are based on analysing: OS detection with nmap
Nmap is the famous tool for fingerpinting and OS detection is one of the main features.
The database is located at/usr/share/nmap/nmap-os-dbor/usr/share/local/nmap/nmap-os-db. wget https://svn.nmap.org/nmap/nmap-os-db Nmap OS detection command sudo nmap -O <target> Try an example:
If they block ping probes you can do:(recommended) sudo nmap -O <target> -Pn
OS detection with Xprobe
We are familiar with nmap,but with Xprobe is quite strange. To install Xprobe2 on ubuntu/debian type the following commands: sudo apt-get install xprobe2 Usage: usage: xprobe2 [options] target Options: -v Be verbose -r Show route to target(traceroute) -p <proto:portnum:state> Specify portnumber, protocol and state. Example: tcp:23:open, UDP:53:CLOSED -c <configfile> Specify config file to use. -h Print this help. -o <fname> Use logfile to log everything. -t <time_sec> Set initial receive timeout or roundtrip time. -s <send_delay> Set packsending delay (milseconds). -d <debuglv> Specify debugging level. -D <modnum> Disable module number <modnum>. -M <modnum> Enable module number <modnum>. -L Display modules. -m <numofmatches> Specify number of matches to print. -T <portspec> Enable TCP portscan for specified port(s). Example: -T21-23,53,110 -U <portspec> Enable UDP portscan for specified port(s). -f force fixed round-trip time (-t opt). -F Generate signature (use -o to save to a file). -X Generate XML output and save it to logfile specified with -o. -B Options forces TCP handshake module to try to guess open TCP port -A Perform analysis of sample packets gathered during portscan in order to detect suspicious traffic (i.e. transparent proxies, firewalls/NIDSs resetting connections). Use with -T. Figerprint of a Windows machine: xprobe2 -v <target> |