I welcome back to the course and the last lab. We went over different scanning techniques using n map in H Ping three
specifically we ransom since cans some acknowledgement skins with him without Windows firewall enabled.
And then we also won over some Christmas Kansas. Well,
in this lab, we're gonna fingerprint operating system, so we're gonna use to tools and map and p zero f So end map, we're going to be doing active fingerprinting, and then we'll do pass a fingerprinting with P zero f.
So let's go ahead and get started. So I'm using the cyber lab environment here. You can also use your own environment, but again, we're not gonna be covering that in this particular lab.
So in Cyberia, once you log in and you select the ethical Hacker practice Labs, you're gonna select the OS fingerprinting lab.
The next, you're gonna click on the start button to begin the lab at the bottom.
That's gonna bring you this page here, and then the quantities turn on all your virtual machines. So I've already got mine all on here, but to turn him on, you just have your mouse over top of that particular machine and then right up in here where it says power off, there would actually be a turn on option.
Now, for some reason, you click, turn on and it's still not working for you. You could click that refresh button at the very bottom, and it should work for you after that.
So we've already turned on our virtual machines and step number five here. So Step six, we're gonna connect to our Windows 10 desktop, which already done here the P lab win 10
and then we're gonna double click on the V NC of your icon. So let's go ahead and do that. Now
we see it drops a default i p address for our county machine in there for us. We're just gonna click connect,
and it's gonna ask us for a password. So it's gonna be the same password we've been using the cyber lab. So step number nine here. We're gonna enter the password. So Capital P and then a zero there and not a capital O. So capital P
the number zero and then lower case R lower case D,
and then either hit the enter key on your keyboard is click. Okay,
that's gonna launch to Kelly desktop for us.
And you see, I already have the terminal window open, but what you want to do is just double click on Rue Terminal toe. Open that terminal window if it's not already open for you.
All right, so where it Step Number 10 here and again. Already had it open the terminal window. So we don't have to do that.
And the step number 11 We're actually gonna put in our first command here,
so we're gonna type in. I'm gonna move the lab to the left side here.
We're gonna type in n map space Dash Lower Case s capital s so that performs that sin scan for us
than another space. A dash of capital O which enables operating system detection and then our to target machines.
So let's go ahead and type that in.
dash. Lower case s a capital s again for our sin skin
a dash capital o to enable operative scab skinning
another space. And we're gonna put in our target machines. So we have here. We have 1 92.168 dot 0.1 and then we have 1 92.168 dot zero dot ford. Let's go ahead and take those back in here.
So we have 1 92.168 dot 0.1, will put another space, and we put our second target 1 92.168 dot 0.4 and then just press the enter key there.
It's gonna take a moment or so to run here for us.
So again, the benefit here of doing operating system scanning is a fingerprint. Excuse me, as we want to find out what the target machine might be running that helps us figure out what type of vulnerabilities we might be able to use. What kind of exploits might be out there for that particular operating system?
All right, so we see our skin run here.
So we see 1 92 168.0 dot four there. So I'm gonna screw up a little bit so we could see our first target machine.
All right, so here's our scan for 1 92.168 dot 0.1, which is our first target machine.
So take a look at our lab document here.
So we see question number one. So what's the operating system for our first machine? Their first target. 1 92 16801
So let's see. Here we see are open ports. We see the service is running on those ports. So let's look down here.
So now we see that it's gonna show us the type of operating system that it's running. Now you see here that is gonna give us basically several different ones here. But it's telling us what it may or may not be running here, and we also see that it's running.
It is basically giving us information back on these. So it's telling us. Well, here it might be running Windows Server 2012. Also, window seven when the same 70.1. So are your end of things. We would want to look and see if we find any common vulnerabilities for these and then just run some other scans against it, to see if
particularly what type of operative system exactly it is
and see what we can exploit.
So, back in her lab document here, we're just gonna type in that information. Where is gonna type in that? Its windows.
And that has shown us that is 2012
that is seven. And that is 8.1.
All right, so let's take a look at our next machine here the 1 92.168 dot zero. Enough for
Well, go ahead, scroll down to that one.
All rights, right here again, we see are open ports and the service is running on those. But now here we're gonna look here for what's running on it. So we see that it's running Windows 10. And that's correct, because that's our Windows 10 machine.
So we'll go back to our lab document here.
And so Question number two, What's the operating system for one attitude at 168.0 dot four. We see that that one is Windows 10.
So in this video, we just went over a quick operating system fingerprint using end map on a couple of target machines.
The next video over these are P zero f tool to do passive operating system fingerprinting