Monday, August 6, 2007

To know which OS the IP address is running on

Hmmm..Ready for the next trick
Lets find out what is the OS name and version of the running IP Address

You can tell what OS a box is running in a few ways.
The easiest way to find this info is to use the "nmap" utility from
http://download.insecure.org/nmap/dist/nmap-4.20-setup.exe
(Windows Version)

For Other OS versions visit their site
insecure.org/nmap/download.html

Sample Output of nmap tool (On Unix)

bash# nmap -O tux.mydomains.com

Starting nmap V. 2.54BETA26 ( www.insecure.org/nmap/ )
Adding open port 22/tcp
Adding open port 1024/tcp
Adding open port 25/tcp
Adding open port 80/tcp
Adding open port 110/tcp
Adding open port 993/tcp
Adding open port 6002/tcp
Adding open port 5902/tcp
Adding open port 111/tcp
Adding open port 443/tcp
Adding open port 21/tcp
Adding open port 995/tcp
Adding open port 23/tcp
Adding open port 143/tcp
Adding open port 139/tcp
Adding open port 515/tcp

21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
80/tcp open http
110/tcp open pop-3
111/tcp open sunrpc
139/tcp open netbios-ssn
143/tcp open imap2
443/tcp open https
515/tcp open printer
993/tcp open imaps
995/tcp open pop3s
1024/tcp open kdm
5902/tcp open vnc-2
6002/tcp open X11:2

Remote operating system guess: Linux Kernel 2.4.0 - 2.4.5 (X86)Uptime 9.033 days (since Fri Jan 25 14:55:20 2002)

Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds

Notice the part in red indicate the likely OS.

Another Simple Method

Telnetting to the host and observing the intro may give you some info:

C:> telnet 10.17.1.3
Red Hat Linux release 7.1 (Seawolf)
Kernel 2.4.2-2 on an i686
login:

If they only have port 80 open you can telnet to that port and hit enter twice and observe the headers:

bash# telnet orangutan.mydomains.com 80
Trying 192.168.28.32...
Connected to orangutan.mydomains.com.
Escape character is '^]'.


HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/5.0
Date: Sun, 03 Feb 2002 20:51:47 GMT
Content-Type: text/html
Content-Length: 87

The parameter is incorrect.
Connection closed by foreign host.

This technique is know as "banner grabbing".

Posted by Rohit Jain at 1:39 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)