Penetration Testing with Kali Linux OffSec
cat /usr/share/nmap/nmap-services
|
|
cat /usr/share/nmap/nmap-services
... finger 79/udp 0.000956 http 80/sctp 0.000000 # www-http | www | World Wide Web HTTP http 80/tcp 0.484143 # World Wide Web HTTP http 80/udp 0.035767 # World Wide Web HTTP hosts2-ns 81/tcp 0.012056 # HOSTS2 Name Server hosts2-ns 81/udp 0.001005 # HOSTS2 Name Server ... Listing 66 - The nmap-services file showing the open frequency of TCP port 80 At this point, we could conduct a more exhaustive scan against individual machines that are service-rich or are otherwise interesting. There are many different ways we can be creative with our scanning to conserve bandwidth or lower our profile, as well as interesting host discovery techniques 264 that are worth further research. We have now scanned hosts that revealed a few services, so we can guess the nature of the target’s operating system. Luckily for us, Nmap is already shipped with an OS Fingerprinting option. OS fingerprinting 265 can be enabled with the -O option. This feature attempts to guess the target’s operating system by inspecting returned packets. This works because operating systems often use slightly different implementations of the TCP/IP stack (such as varying default TTL values 263 (Nmap, 2022), https://nmap.org/book/nmap-services.html 264 (Nmap, 2022), https://nmap.org/book/man-host-discovery.html 265 (Nmap, 2022), https://nmap.org/book/osdetect.html Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 149 and TCP window sizes), and these slight variances create a fingerprint that Nmap can often identify. Nmap will inspect the traffic received from the target machine and attempt to match the fingerprint to a known list. By default, Nmap will display the detected OS only if the retrieved fingerprint is very accurate. Since we want to get a rough idea of the target OS, we include the – osscan-guess option to force Nmap print the guessed result even if is not fully accurate. For example, let’s consider this simple nmap OS fingerprint scan. kali@kali:~$ Yüklə Dostları ilə paylaş:
|