nmap: Detectar el sistema operativo instalado en una máquina | Algo de Linux

viernes, 17 de marzo de 2017

nmap: Detectar el sistema operativo instalado en una máquina

En versiones recientes de nmap, podemos utilizar el parámetro -A para tratar de detectar el sistema operativo instalado en una máquina. Por ejemplo:
# nmap -v -A 192.168.101.16

Starting Nmap 6.47 ( http://nmap.org ) at 2017-03-17 10:53 CET
NSE: Loaded 118 scripts for scanning.
NSE: Script Pre-scanning.
Initiating ARP Ping Scan at 10:53
Scanning 192.168.101.16 [1 port]
Completed ARP Ping Scan at 10:53, 0.22s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 10:53
Completed Parallel DNS resolution of 1 host. at 10:53, 5.50s elapsed
Initiating SYN Stealth Scan at 10:53
Scanning 192.168.101.16 [1000 ports]
Discovered open port 22/tcp on 192.168.101.16
Discovered open port 135/tcp on 192.168.101.16
Completed SYN Stealth Scan at 10:53, 19.44s elapsed (1000 total ports)
Initiating Service scan at 10:53
Scanning 2 services on 192.168.101.16
Completed Service scan at 10:53, 6.01s elapsed (2 services on 1 host)
Initiating OS detection (try #1) against 192.168.101.16
Retrying OS detection (try #2) against 192.168.101.16
NSE: Script scanning 192.168.101.16.
Initiating NSE at 10:54
Completed NSE at 10:54, 4.05s elapsed
Nmap scan report for 192.168.101.16
Host is up (0.00052s latency).
Not shown: 998 filtered ports
PORT    STATE SERVICE VERSION
22/tcp  open  ssh     OpenSSH 7.4 (protocol 2.0)
|_ssh-hostkey: ERROR: Script execution failed (use -d to debug)
135/tcp open  msrpc   Microsoft Windows RPC
MAC Address: 50:65:F3:2D:38:BB (Unknown)
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: general purpose|router|firewall
Running (JUST GUESSING): FreeBSD 6.X (93%), Juniper JUNOS 9.X|10.X|12.X (87%), m0n0wall FreeBSD (87%), Netasq embedded (87%)
OS CPE: cpe:/o:freebsd:freebsd:6.2 cpe:/o:juniper:junos:9 cpe:/o:m0n0wall:freebsd cpe:/o:juniper:junos:10 cpe:/o:juniper:junos:12 cpe:/h:netasq:u70
Aggressive OS guesses: FreeBSD 6.2-RELEASE (93%), Juniper Networks JUNOS 9.0R2.10 (87%), m0n0wall 1.3b11 - 1.3b15 FreeBSD-based firewall (87%), Juniper SRX100-series or SRX200-series firewall (JUNOS 10.4 - 12.1) (87%), Netasq U70 firewall (87%), FreeBSD 6.3-RELEASE (86%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 1.977 days (since Wed Mar 15 11:26:54 2017)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=259 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows

TRACEROUTE
HOP RTT     ADDRESS
1   0.52 ms 192.168.101.16

NSE: Script Post-scanning.
Read data files from: /usr/bin/../share/nmap
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 40.27 seconds
           Raw packets sent: 3108 (141.968KB) | Rcvd: 42 (2.128KB)
En este caso, como podemos comprobar, el sistema operativo de la máquina detectada es Windows: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows Publicado por primera vez en http://enavas.blogspot.com.es