OS fingerprinting with Metasploit
OS fingerprinting is the process of determining the operating system running by a host. Port 445 is used by SMB protocol for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. Most usage of SMB involves computers running Microsoft Windows. To check if port 445 is open,
use auxiliary/scanner/portscan/syn |
hit enter
set RHOSTS 192.168.1.5 |
hit enter
set PORTS 445 |
hit enter
run
|
hit enter
If port 445 is open then we are going to use smb_version module. Type
use scanner/smb/smb_version |
hit enter
set RHOSTS 192.168.1.5 |
(assuming that your target machine has IP address 192.168.1.5)
hit enter
Type
run
|
hit enter to get your results:
msf auxiliary(smb_version) > run [*] 192.168.1.5:445 is running Windows XP Service Pack 2 (language: English) (name:JOHN) (domain:MYDOMAIN) [*] Scanned 1 of 1 hosts (100% complete) [*] Auxiliary module execution completed |
Voila! A Windows XP SP2 machine with lots of vulnerabilities. Execute the command hosts
again to see that Metasploit has updated database according to our new discovery.
This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.
