Jan 15, 2013

How to determine OS of the remote computer

Scan of a local network 
nmap -O -sV 192.168.10.*
#...
#Nmap scan report for 192.168.10.100
#Host is up (0.074s latency).
#Nmap scan report for 192.168.10.102
#Host is up (0.0015s latency).
#Nmap scan report for 192.168.10.104
#Host is up (0.11s latency).
#...
Identify OS on remote host 
sudo nmap -O -sV 192.168.10.20
#Starting Nmap 6.00 ( http://nmap.org ) at 2013-01-15 10:29 FET
#Nmap scan report for 192.168.10.20
#Host is up (0.00032s latency).
#Not shown: 980 closed ports
#PORT     STATE SERVICE        VERSION
#80/tcp   open  http           Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
#89/tcp   open  http           Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
#135/tcp  open  msrpc          Microsoft Windows RPC
#139/tcp  open  netbios-ssn
#443/tcp  open  skype2         Skype
#445/tcp  open  netbios-ssn
#912/tcp  open  vmware-auth    VMware Authentication Daemon 1.0 (Uses VNC, SOAP)
#1025/tcp open  msrpc          Microsoft Windows RPC
#1026/tcp open  msrpc          Microsoft Windows RPC
#1027/tcp open  msrpc          Microsoft Windows RPC
#1028/tcp open  msrpc          Microsoft Windows RPC
#1062/tcp open  msrpc          Microsoft Windows RPC
#1104/tcp open  memcache       memcached
#1192/tcp open  msrpc          Microsoft Windows RPC
#1248/tcp open  msrpc          Microsoft Windows RPC
#1433/tcp open  ms-sql-s       Microsoft SQL Server 2008 R2 10.50.2500; SP1
#2003/tcp open  http           Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
#3389/tcp open  ms-wbt-server?
#8009/tcp open  ajp13          Apache Jserv (Protocol v1.3)
#8181/tcp open  http           Apache Tomcat/Coyote JSP engine 1.1
#MAC Address: 1C:6F:65:8C:34:B3 (Giga-byte Technology Co.)
#Device type: general purpose
#Running: Microsoft Windows 7|2008
#OS CPE: cpe:/o:microsoft:windows_7 cpe:/o:microsoft:windows_server_2008::sp1
#OS details: Microsoft Windows 7 or Windows Server 2008 SP1
#Network Distance: 1 hop
#Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
#
#OS and Service detection performed. Please report any incorrect results at #http://nmap.org/submit/ .
#Nmap done: 1 IP address (1 host up) scanned in 101.33 seconds
The same technique can be also used for all over the WAN remote hosts. Scanning for OS version on a remote host can be quite handy to you as an administrator. On the other hand, this technique can also be abused by hackers. They can target any host with their exploitation attack based on quite accurate information of a running OS and its patch level. Let this be just a quick reminder for all of us to keep all our systems up to date. http://how-to.linuxcareer.com/how-to-determine-os-of-the-remote-computer
Posted by
Labels: , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)