Time
23 hours 21 minutes
Difficulty
Intermediate
CEU/CPE
14

Video Transcription

00:01
Hi. Welcome back to the course and the last video. We want overusing and map to perform active operating system fingerprinting. So we had to Target Machine's on. We found out that both of those happen to be running Windows operating systems
00:14
and this video we're gonna talk about out of tool called p zero f. So this allows us to do some passive operating system finger pretty.
00:21
So let's go ahead and get started.
00:23
So we should still have our cyber lab opens. We're gonna actually connect to
00:27
the server. Soapy lab s a 01 So let's go ahead and click on that, and I'm already connected to a here.
00:33
Now, if you get that server management window, open the server manager window. Glenn, just close that out.
00:39
Our next step here is the scroll to the bottom and click on our little example Icon here, this little orange icon,
00:46
we'll cook out and get that going.
00:48
So what that's gonna do is that's gonna enable Apache Web service is the Apache Web service is gonna be running with a D V W way, which stands for *** vulnerable level application.
00:58
I'm just gonna be running on port number 80. So
01:00
here it is. It's started to be enabled here, So let's now move on to our next step of her lab.
01:04
So Step number four were kicked neck back to our Windows 10 machine,
01:08
and then we're gonna connect in tow. Are Callie Desktop?
01:12
So let's do that. Now click on our Windows 10 machine.
01:15
We have our Kelly desktop here, so I'm just gonna open the route terminal. So remember, we double click on it. Open it up,
01:23
and it should open. There we go.
01:26
All right,
01:27
so now that we've opened it were to type this command here, so we're gonna type p zero f so p lower case, zero lower case F
01:37
A space dash, lower case p Another space, a dash. Lower case I space and then e t h. Zero.
01:47
So what we're doing here is the dash. Lower case P is putting the listening interface into promiscuous mood. So basically, it's going to send everything
01:55
and then the dash lower case. I actually lets us listen on the specified interface. What's that happens to be The Ethernet zero interface
02:04
are so let's go ahead and type that commanded here,
02:06
So p lower case
02:08
the number zero lower case F
02:10
space dash, lower case P space test. Lower case I space. And then finally, our Ethernet
02:19
interface. So lower case e th in the number zero.
02:23
So we're gonna go ahead and press enter here.
02:24
Now, this is gonna just kind of hang tight in the background. Our next step is the double click on this fire Fox, E s R.
02:30
Right inside of our Callie desktop. So good. And double click on that.
02:36
It's going to open it up for us.
02:38
What? Let's doing that. We're gonna take a look back on our lab document here. So we see Step number seven is opening Firefox. CSR. I'm gonna double click out again. Doesn't look like it's opening. There we go.
02:51
And the step number eight is just typing this i p address into the address bar.
02:54
So let's go ahead and do that. Now
02:58
we're gonna type in here 1 92.168 dot 0.1
03:04
and then just press the enter key there.
03:07
All right, so that's running there. We're gonna maximize our terminal window again in Cali.
03:13
Might take a second to pull up here But you'll see now that we're actually getting a scan done. You see, we got some responses here,
03:17
so let's take a look back at her lab document.
03:21
All right, so we see that it is capturing some packets and stuff like that.
03:24
And so do you. Do we see any signage, knowledge, mint packets? And then also, do we see any operating systems listed? So I do see some operating systems right off the bat here with Apache stuff like that. So let's keep going back up here.
03:40
We're just gonna see if we notice any signal. Acknowledgment packages. Also, we do see, here we have another operating system, Windows seven or eight, that it might be running here.
03:50
And if you check right here, we do. See, we have a set acknowledgement packets. So let's go back to our lab document.
03:55
So do we see sin at packets? Yes, we do.
04:00
And we see operating systems listed. You will? Yes. You know, right there. We do see that we have Windows seven or eight.
04:05
So we're not just gonna put 78
04:09
Let's just scroll around here a little bit. Just screw around on your end there and see if you notice any other ones at all.
04:14
I'm just gonna come back up here. So I do also noticed something. When it's there,
04:17
we'll see if we notice anything else at all.
04:19
Now, since we're running this against some machines here in the environment, we should only see Windows Analytics. We see Windows seven or eight again.
04:29
Yeah, well, keeps growing up. We see Lennox again. So we're just gonna go with those ones there. So we're gonna come back to our lab document and then just type in linen.
04:38
So what the benefit of this tool has done is it's allowed us to see the operating systems for our target machine, so we don't get an exact science, right? So it says Window seven or Windows eight, based on the properties that it's recognizing. However, that does allow us to know that. Okay, the running windows.
04:55
And what kind of vulnerabilities do I know of for window seven or Windows eight or Windows 8.1.
05:00
And the same thing with Lennox, you know? So here's a version of lyrics they're running on, and so,
05:06
you know, it doesn't tell me what particular aversion doesn't tell me Abou Do or Debian or anything like that ex husband minutes. However it does show me that is the running lyrics. And maybe I know some vulnerabilities for that or some, you know, zero days that I can use to exploit that. So the benefit here of operating system fingerprinting is to basically allow you
05:26
to see
05:27
simple vulnerabilities that you might be able to take advantage on the target machine.
05:31
So in this video, we went over the tool p zero f, but we did some passive and active. There's gonna be some passive fingerprinting with that tool. We're able to see that we can find some limits and some Windows operating systems on our target machines
05:46
and the next lab we're gonna jump into mapping networks.

Up Next

Penetration Testing and Ethical Hacking

Do you like breaking things or figuring out how things work? Join thousands of professionals who’ve entered the information security field by taking this class. Taking this ethical hacking course will give you the skills needed to become a professional penetration tester and prepare you for industry certifications, like the CEH.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor