OS Fingerprinting Tools
Requirements
1. ICMP (ping) must be allowed from Source to Destination
2. Any Single port must be opened on Destination
Optional: Firewall may be active or not
## NMAP to get remote OS version
nmap -O 192.168.1.x
nmap -O -Pn 192.168.1.x
##PC with Active Firewall use below command
##(if any one port is open then it will show the OS version)
nmap -O -Pn -F -sT 192.168.1.x
NOTE: ICMP must be allowed from source to destination
## XPROBE2 to get remote OS version
XPROBE2 192.168.1.x
## PING to guess remote OS version
ping 192.168.0.x
it will return a TTL value match below table for remote OS
| Operating System (OS) | IP
Initial TTL | TCP
window size |
|---|
| Linux (kernel 2.4 and 2.6) | 64 | 5840 |
| Google's customized Linux | 64 | 5720 |
| FreeBSD | 64 | 65535 |
| Windows XP | 128 | 65535 |
| Windows 7, Vista and Server 2008 | 128 | 8192 |
| Cisco Router (IOS 12.4) | 255 | 4128 |
NOTE: Below Tools are not tested
## Windows Command to get OS Version of Remote PC
WMIC /NODE:hostname OS
WMIC /NODE:hostname OS > C:\OS.txt
systeminfo /s IP.ADDRESS /u UserOnRemotePc
systeminfo /s 172.16.23.108 /u Student
Get-WmiObject -Class Win32_OperatingSystem -Namespace root/cimv2 -ComputerName <ipaddr_or_hostname> | Format-List -Property *
Get-WmiObject -Class Win32_OperatingSystem -Namespace root/cimv2 -ComputerName <ipaddr_or_hostname> | Format-List -Property Name, OSArchitecture, SerialNumber
No comments:
Post a Comment