NMap 101: Operating System Detection, Haktip 99
ฝัง
- เผยแพร่เมื่อ 6 ก.ย. 2024
- Hak5 -- Cyber Security Education, Inspiration, News & Community since 2005:
____________________________________________
This week on HakTip, Shannon demonstrates some options you can use in NMap for operating system detection.
This is really fun. NMap has the power to tell you what operating system and services a remote target is running, by decoding the data that a system responds with after NMap sends out a probe. This process is called TCP/IP fingerprinting. Let's start with the simplist of these, -O. Type: nmap -O 10.73.31.145. When the target is scanned, NMap will tell you what operating system it's running. You can also add -v to this command to show more verbose information that NMap acquires. Sometimes NMap isn't able to determine what operating system the target it using, so then you can submit the output to the to NMaps Fingerprint and Correction Page on their website. This will help NMap become better and better, as thousands of OS's exist.
If you want NMap to just guess what a target is running, you can do this: nmap -O --osscan-guess 10.73.31.145. You can also use --fuzzy instead of --osscan-guess if you want... Why? I have no clue.
nmap -sV 10.73.31.145 will tell you what service version the target is running. If you find you aren't getting the output you thought you would, you can make this verbose, by typing: nmap sV --version-trace 10.73.31.145.
Lastly is an RPC scan (or a Remote Procedue Call), which uses the -sR option. This displays info about services called RPC's which are commonly used in Linux systems for the Network File System service. Oftentimes this RPC service is used to make a client and a server function and communicate correctly to each other. Simply type: nmap -sR 10.73.31.145.
And that's it for port scanning! What would you like to see next about NMAP? Send me a comment below or email us at tips@hak5.org. And be sure to check out our sister show, Hak5 for more great stuff just like this. I'll be there, reminding you to trust your technolust.
~-~~-~~~-~~-~
Please watch: "Bash Bunny Primer - Hak5 2225"
• Bash Bunny Primer - Ha...
~-~~-~~~-~~-~
____________________________________________
Founded in 2005, Hak5's mission is to advance the InfoSec industry. We do this through our award winning educational podcasts, leading pentest gear, and inclusive community - where all hackers belong.
What would I do with the info from the port scanner
--osscan-guess; --fuzzy (Guess OS detection results)
When Nmap is unable to detect a perfect OS match, it sometimes offers up near-matches as possibilities. The match has to be very close for Nmap to do this by default. Either of these (equivalent) options make Nmap guess more aggressively. Nmap will still tell you when an imperfect match is printed and display its confidence level (percentage) for each guess.
Linux information from a female perspective; this is awesome!
Keep up the good work Shannon.
Can anyone provide list of open ports required for nmap OS detection? I know its sends out probes different TCP, UDP, and ICMP probes to known open and closed ports of the target machine. I am trying to use nmap to find out OS of all the computers in the network but they are behind the firewalls, so need to know which ports I need to open in the Firewall.
show ppl how to use 'nbtscan' and the various options from the console of course.
your shows are good.
THE JUST DID NOT SAY THAT THE TARGET THAT HAS A DETECTION SYSTEM ALREADY RECEIVES A BLOCK
Thankyou maan love you
How accurate is ctus computer from 24 are?
In all of these videos where you forget to sudo you could be typing sudo !! instead of using the up arrow and jumping to the beginning of the line.
NICE!
I want join ethical haking course. ...I'm form india in mumbai city can you help me
Nice
I'd like to
That you
Translate
to Portuguese.
No caption on video
Cristiano Ronaldo
how to connect to a mysql or sql database on the host server
Need to install TheFuck for easy CLI error correction. Quick too hehehehe
#ITNinja
How come you dont show how to get hackers out off PCs. I have no interest in messing with someone else's PC
I always type namp
You are beautiful!!!!!!!!
That shirt though. I bet she hasn't even played Portal.