HPE Community
Operating System - Linux
1819926 Members
3219 Online
109607 Solutions
New Discussion юеВ

find out an OS from the remote machine using nmap

 
'chris'
Super Advisor

тАО12-23-2007 06:48 PM

тАО12-23-2007 06:48 PM

find out an OS from the remote machine using nmap

hi

howto find out an OS from the remote machine using nmap from CLI ?

kind regards
chris
0 Kudos
Reply
13 REPLIES 13
Steven Schweda
Honored Contributor

тАО12-23-2007 07:40 PM

тАО12-23-2007 07:40 PM

Re: find out an OS from the remote machine using nmap

A Google search for "nmap" led directly to:

http://insecure.org/nmap/
http://insecure.org/nmap/docs.html

The Nmap project tries to defy the
stereotype of some open source software
being poorly documented by providing a
comprehensive set of documentation for
installing and using Nmap. [...]

http://insecure.org/nmap/man/


Of course, even the best documentation is of
little value if you don't _read_ it.
0 Kudos
Reply
'chris'
Super Advisor

тАО12-23-2007 08:38 PM

тАО12-23-2007 08:38 PM

Re: find out an OS from the remote machine using nmap

perhaps:

nmap -O [target ip]

but maybe an other program will be needed to encode the fingerprint.
0 Kudos
Reply
'chris'
Super Advisor

тАО12-23-2007 09:01 PM

тАО12-23-2007 09:01 PM

Re: find out an OS from the remote machine using nmap

I mean to read (decode) the fingerprint.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО12-24-2007 01:53 AM

тАО12-24-2007 01:53 AM

Re: find out an OS from the remote machine using nmap

Shalom chris,

Hackers commonly try to use this technique to obtain OS information. Many systems if properly secured will not provide this informaiton. Internet exposed systems should not so easily expose themselves to this query.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
'chris'
Super Advisor

тАО12-25-2007 06:22 PM

тАО12-25-2007 06:22 PM

Re: find out an OS from the remote machine using nmap

sinfp seems to be nice.

# sinfp -i hotmail.com -p 443 -C -V
P1: B11013 F0x12 W16384 O0204ffff M1460
P2: B11013 F0x12 W16384 O0204ffff010303000101080a000000000000000001010402 M1460
P3: B00000 F0 W0 O0 M0
IPv4: Windows NT

*** File [sinfp4-127.0.0.1.anon.pcap] generation done.
*** Please send it to sinfp@gomor.org if you think this is not
*** the good identification, or if it is a new signature.
*** In this last case, please specify `uname -a' (or equivalent)
*** from the target host.
0 Kudos
Reply
'chris'
Super Advisor

тАО12-25-2007 06:34 PM

тАО12-25-2007 06:34 PM

Re: find out an OS from the remote machine using nmap

it's really very interesting that microsft uses on their download server linux:

# sinfp -i download.microsoft.com -p 443 -C -V
P1: B10113 F0x12 W5840 O0204ffff M1460
P2: B10113 F0x12 W5792 O0204ffff0402080affffffff4445414401030300 M1460
P3: B00000 F0 W0 O0 M0
IPv4: Linux 2.4.x, 2.6.x

*** File [sinfp4-127.0.0.1.anon.pcap] generation done.
*** Please send it to sinfp@gomor.org if you think this is not
*** the good identification, or if it is a new signature.
*** In this last case, please specify `uname -a' (or equivalent)
*** from the target host.

# ssh download.microsoft.com
The authenticity of host 'download.microsoft.com (195.49.93.202)' can't be established.
DSA key fingerprint is ee:33:bd:ac:7b:6e:bd:0b:60:6e:49:20:56:cb:00:d3.
Are you sure you want to continue connecting (yes/no)?
0 Kudos
Reply
'chris'
Super Advisor

тАО12-25-2007 08:45 PM

тАО12-25-2007 08:45 PM

Re: find out an OS from the remote machine using nmap

microsft download website it's outsourced at Akamai but anaway on linux.
0 Kudos
Reply
Jeeshan
Honored Contributor

тАО12-25-2007 10:46 PM

тАО12-25-2007 10:46 PM

Re: find out an OS from the remote machine using nmap

HI chris

Run this command in linux to find out OS from CLI

#nmap -sT -O
a warrior never quits
0 Kudos
Reply
'chris'
Super Advisor

тАО12-25-2007 11:31 PM

тАО12-25-2007 11:31 PM

Re: find out an OS from the remote machine using nmap

thanks, but the nmap output is often a fingerprint:


OS:SCAN(V=4.20%D=12/26%OT=1%CT=23%CU=38968%PV=N%DS=8%G=Y%TM=477201E0%P=i386
OS:-portbld-freebsd6.2)SEQ(SP=105%GCD=1%ISR=107%TS=U)OPS(O1=M5B4%O2=M578%O3
OS:=M280%O4=M218%O5=M218%O6=M109)WIN(W1=2000%W2=2000%W3=2000%W4=2000%W5=200
OS:0%W6=2000)ECN(R=Y%DF=N%T=47%W=2000%O=M5B4%CC=S%Q=RU)T1(R=Y%DF=N%T=47%S=O
OS:%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=Y%DF=N%T=47%W=2000%S=O%A=S+%F=ASF%O=M109%
OS:RD=0%Q=)T3(R=Y%DF=N%T=47%W=2000%S=O%A=O%F=ASF%O=M109%RD=0%Q=)T3(R=Y%DF=N
OS:%T=47%W=2000%S=O%A=S+%F=ASF%O=M109%RD=0%Q=)T4(R=N)T5(R=Y%DF=Y%T=40%W=0%S
OS:=Z%A=S+%F=AR%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=O%F=AR%O=%RD=0%Q=)T5(
OS:R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)T6(R=N)T7(R=N)U1(R=Y%DF=N%T=4
OS:0%TOS=0%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=BD9D%RUL=G%RUD=G)IE(R=N)


knows someone howto read or decode nmap fingerprint using for example p0f ?
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО12-31-2007 02:32 AM

тАО12-31-2007 02:32 AM

Re: find out an OS from the remote machine using nmap

that's because either the host you tried to scan has an OS that is not included yet in the 'database' of nmap,
or there were not enough ways to contact the host to get enough info to determine the correct OS.

what needs to be done in these cases is that you have to find out another way, and report it to the nmap developers. they will then add this fingerprint to the next release of nmap so it can be recognized from then on.
0 Kudos
Reply
Anshumali
Esteemed Contributor

тАО01-01-2008 02:02 AM

тАО01-01-2008 02:02 AM

Re: find out an OS from the remote machine using nmap

Agree with SEP..
All: I doubt a single thing...if everyone starts putting the OS fingerprint at the development site and they keep on including it in next releases...somewhere it is defeating the purpose of securing your OS from possible attacks.

Dreams are not which you see while sleeping, Dreams are which doesnt allow you to sleep while you are chasing for them!!
0 Kudos
Reply
dirk dierickx
Honored Contributor

тАО01-08-2008 12:02 AM

тАО01-08-2008 12:02 AM

Re: find out an OS from the remote machine using nmap

security through obscurity doesn't work.

also, it's a tool, can be used for good or bad. if you like to highlight the bad usage that is _your_ way of looking at it.

it is a usefull tool if used for good, and that is where _i_ would like to put the highlight on.

a knife can be used for good or for bad, but for me, a knife is a useful good tool. i'm sure there are people who think knifes are all bad.

if your security measures consist on other parties not knowing which OS you're running, i think you have big problems.
0 Kudos
Reply
'chris'
Super Advisor

тАО01-08-2008 04:46 PM

тАО01-08-2008 04:46 PM

Re: find out an OS from the remote machine using nmap

my problem is why I should know that is:
I must programming some ftp and sftp scripts to transfer files to the remote server.
some of those partners server are outsourced.
sometimes is very difficult to find out the responsible administrator or they are to busy or due to the security reasons they don't want so quickly answer my questions.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.