Operating system identification
The operating system opens many services by default after installation, and the services themselves are vulnerable
Operating System Identification Technology
Wide range
Good products are combined with a variety of technologies
TTL start value (minus one per route)
WINDOWS:128 (128----)
Linux/unix:64 (1-64)
Some unix:255
The hijacked gateway can be located by TTL value
Nmap uses a variety of systems to identify operating systems
Nmap 1.1.1.1-o
System service Characteristics
Xprobe2 1.1.1.1
The result is error
Passive Operating system identification
Deployed at the network exit by grasping the packet, or the switch doing the mirror port into the machine by installing the passive identification software to analyze the received packet, through the characteristics of the package to determine
Ids
Packet Capture analysis
Passive scanning
P0F (automatic monitoring and recognition)
Combining ARP address spoofing to identify a full-network OS
SNMP scanning (Simple Network Management Protocol ) (UDP port 161/162)
SNMP (internal information on the server for monitoring the system)
Information on gold mines
is often incorrectly configured
Public/private (configuration can be modified by SNMP on the target host)/manager
MIB Tree
SNMP Management Information Base (MIB)
Tree-shaped Network device management function library
Defines the corresponding system information in the query by the number
such as: 1.3.6.1.1.1.77.1.2.25
Onesixtyone 1.1.1.1 Public
If the scan has no results use the following command to sweep in a dictionary
Onesixtyone-c dict.txt-i Hosts-o my.log-w (hosts for host files)
Onesixtyone-c dict.txt 1.1.1.1-o my.log-w 100
Snmpwalk 1.1.1.1-c public-v 2c
(-V is the SNMP version, V2 used more)
Snmpwalk-c public-v 2c 1.1.1.1.1.3.6.1.4.1.27.1.2.25
(Check the result of the corresponding OID of the target host, this can detect the current system user)
Snmpcheck-t 192.168.1.133
Snmpcheck-t 192.168.1.133-c private-v 2
Snmpcheck-t 192.168.1.133-w
Today in the online learning some infiltration experience, but all written to the paper, want to copy to the computer but no time, had to tomorrow.
This article is from the "Xiao Yu" blog, please be sure to keep this source http://791120766.blog.51cto.com/10836248/1766045
April 20, 2016 Infiltration learning summary