Time
2 hours 24 minutes
Difficulty
Beginner
CEU/CPE
3

Video Description

Introduction

The OS Fingerprinting module provides you with the instructions and devices to develop your hands-on skills in the following topics:

  • Identifying operating systems running on remote hosts using Nmap
  • Identifying operating systems running on remote hosts using P0F tool

Lab time: It will take approximately 30 minutes to complete this lab.

Objectives

The following objectives are covered in this lab:

  • Scanning networks

Exercise 1 - OS Fingerprinting

OS fingerprinting can be classified into two types, namely active and passive fingerprinting. Active fingerprinting is the most reliable and accurate when compared to passive fingerprinting technique. However, active fingerprinting cannot be used in highly secured or firewalled environments as it may trigger an alert to the network administrator. On the other hand, passive fingerprinting enables the attackers to anonymously identify the operating system on the target host.

In this exercise, you will use Nmap to perform active OS fingerprinting and P0F tool to perform passive OS fingerprinting

Video Transcription

00:00
everyone welcome back to the course. So in the last video, we wrapped up our lab on scanning. So we went ahead and used and map as well as H paying three. We focused on those for most of our commands as well as we went ahead and modified Windows firewall, which again, essentially all we did was
00:16
go ahead and turn Windows firewall on. So we ran a command before that. And then we run a command after we turned the firewall on to notice any differences at all.
00:24
So if you haven't watched that series of videos yet, go back to those and watch that. And now we're gonna move into module for in this video with our fingerprinting. So we're gonna talk about always fingerprinting. Now, we're not going over a huge indepth fingerprinting because we're primarily focused on scanning. But during our scanning an enumeration phase,
00:40
we want to go ahead in the enumeration portion and talk about operating system fingerprinted. So all that means is we're trying to figure out
00:47
what operating system is in use on our particular target.
00:51
So, for this lab, we're gonna use a cyber lab environment Now again, you can use essentially, for this course, I try to design it where you can use your own virtual machine. But keeping in mind that your I P addresses and some of the commands might be slightly different in your particular set up.
01:04
So let's go ahead and get started here. So we're just gonna search for ethical hacker once we're loved into the cyber website. Which again, if you're watching this course, you should be. And we're gonna choose this certified ethical hacker C E h set of labs here.
01:17
What is gonna click the launch button?
01:19
He's gonna give us another screen here where we cook on the launch item and that'll actually launched the lab environment for us
01:25
and you'll see on the left side here, all the lads would pull up.
01:29
So here we're gonna be looking for the OS fingerprinting lab or the operating system Fingerprinting lab. You'll see it's the force fourth option down here on the left side. So we'll go ahead and click on that. You'll see a start button, click on that and that'll actually launch our lab where we see our virtual machines.
01:45
So now we want to go ahead, turn on all these machines. So the way we do that is just cover your mouths over top of the name section here and you'll see a power on option right there. So just go and click on that, and then click power on on that one. And just make sure you're turning on all these machines. Now it's gonna take a few seconds to pull all of them up. So I'm gonna go ahead and pause a video here, and we use the magic of fast forwarding.
02:04
And once it's complete and booted all the machines up, we'll go ahead.
02:07
Restart the video. Move forward in our lab.
02:10
All right. So yes, you see here we've put it up all our machines. Now again, if you haven't started all your virtual machines, go ahead and pause this video. Make sure you put those up because you will need them as we move forward in the lab.
02:22
So let's go back to our lab document here and again. These step by step guides are all in the supplement of resource is sections. You downloaded all of one shot and those who cover all the lads were doing in this particular course alongside that there's some assessment information inside the supplement of Resource is so make sure you do those assessments to actually fully practice your skills as we've gone through the course.
02:43
So our next step here, we're gonna click on the Windows 10 Machine, which is the P Lab. Win 10 here in step six. So let's go ahead and do that. Now it's gonna launch up that machine for us,
02:51
and it might take a second or so for the desktop to fully come up for us here.
02:54
Once it does that work a double click on the V NC viewer icon. So it's that orange colored icon call. It looks like a little tiger's eye.
03:01
We're gonna double click on that. And then what? We should see if the I p address of our Callie Lennox machine in the box already, and then we'll just click the connect button and enter our password in.
03:12
So let's go ahead and do that now. So we're just gonna double click on this icon here. You'll see. It does have the I P. Address of the Cali Lennox machine in there for us, So all we have to do is cut the connect button.
03:22
And now we just need to put in our password, which is the word password. So Capital P and then lower case A s s w. And then we're actually gonna do the number zero and not a capital over lower case O, and then a lower case R ready to finish out. So capital P
03:37
lower case A s s w again, the number zero
03:42
and then lower case R D. Once you've taught that in either click three okay, button or it is pressed, enter into keyboard. Now that will actually pull apart. Can Callie Lennox desktop for us?
03:52
You'll see this little air message here. We don't worry about that for our lab. Just click on the okay button that'll close that out.
03:58
And then if we go back to our lab document here, our next step is here on step 10. We're just gonna double click on that route terminal icon, and that'll launch a terminal window for us. Now again, if you're using your own set up, you have this open a regular terminal window and you'll wanna just e i p addresses for your particular network and whatever you're using on your side.
04:16
So we'll double click the route Terminal icon for those using the cyber relapse. And that will launch a terminal window for us.
04:23
It might take a second or so. There we go.
04:25
All right, so now everyone should be in the same spot. We're just gonna type in this command here, So n map all over. Case space dash lower. Case s capital s. So we're best get is performing a sin. Scan their space a dash Oto, check our operating system. So again for this lab, we're just checking our operating system. We're not checking
04:44
anything else. We could do a dash
04:46
capital A and that would allow us to check other items as well. But here we're just gonna be checking the operating system itself,
04:53
and then we're gonna run it against a couple of I P addresses here,
04:56
and we'll see what kind of output we get back. So are two questions we're gonna try to answer here at the end. One operating system is in use for both of these I p addresses.
05:04
All right, so let's go intact. This commanding here, we're gonna start off by just typing in and map space. Dash lower case s capital s
05:13
so n map again, All over Case a space, a dash lower case s and a capital s
05:19
We're gonna put another space and then a dash in a capital O.
05:24
So you'll see here the capital o, And then we're just gonna put in our i P addresses here. So the 102.168 dot 0.1 and dot for
05:32
So let's go ahead and do that now,
05:34
So we're gonna put a space than one attitude at 168.0 dot one
05:40
as face and then one of the 2.168 dot 0.4.
05:45
All right, So once you've typed those in distress it enter key on your keyboard, take my take a moment. So to go ahead and run the scan, I'm gonna pause the video. And once it puts, the output will start back up again.
05:56
All right, so we see that we've got our output now. Now, if you haven't gotten your armpit yet from running the scandal and policies video and just wait until you get your output and if it's taking for a long time, just double check your command. Make sure you typed everything incorrectly. It should only take about 10 seconds or so at kind of the max.
06:13
All right, so let's go back to our lab document. We have a couple of questions. As I mentioned, we want to figure out the operating system and used basically for each i p address. So let's take a look at our results and we'll see what we got.
06:23
All right, so we can answer the last question right now. Since we're right at this portion of the screen, we see it. We got 100 to 168.0 dot four,
06:30
and if we look here, we see that it's estimating that it's running Windows 10. So Microsoft Windows 10
06:35
send machine I p address. So we're good on that one there.
06:40
And if we scroll back up here just a little bit, you'll see that we have our output for the other I p addresses. Well,
06:47
so come up during us a little bit more, and you'll see that for this particular I p address or 102.168 dot 0.1.
06:56
This one right here, you'll see that our estimated operating system and use is something related to Windows. Now, it wasn't specific, right? So if we see her, we and maybe Windows Server 2012 and maybe window seven, etcetera, etcetera. So just keep in mind that issuing that it's likely a Windows machine,
07:15
but it doesn't knows for sure what the operating system is.
07:18
Now we know that this I p addresses we've learned throughout much of this course this I p address happens to be for this server right here. The P Lab s a a one. So in the likely event that we figured out, it's a Windows machine and we know already from our our personal knowledge that it's a Windows server machine.
07:36
This is more than likely the operating system that's in use. And yes, it actually is he
07:42
operating system that's been used on that particular device.
07:45
All right, so this lab we just went ahead and did OS fingerprint. We check to see what operating system was running on these particular target machines. And the next video, we're gonna go over banner grabbing

Up Next

Scanning, Enumeration, and Vulnerabilities

This course covers basic scanning, enumeration, and vulnerability scanning as part of a penetration test.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor