After information gathering, the next step is to discover our target machines. This process is commonly known as Target Discovery.
Why do we need to identify our target machines?
- To find out which machine in the target network is available. If the target machine is not available, we won’t continue the penetration testing process to save more time.
- To find the underlying operating system used by the target machine which will help us during the vulnerabilities mapping.
Same like the last post, my target is pentest.id.
TOOLS I’VE USED
nmap is a really powerful tool for port scanning and vulnerability mapping. However, in this post, I’m going to use nmap for OS fingerprinting and check for open ports. Type nmap followed by -O command and the hostname to check the remote machine’s operating system.From the picture above, the best-guess OS is Linux 2.4.X or 3.X, Microsoft Windows XP | 7 | 2012. Meanwhile, the open ports are port 80, port 443, port 8080 and port 8443.
- ettercap for OS fingerprinting
- Type ettercap -C in my terminal for opening ettercap with Curses interface.
- Open the menu “Sniff”, and select “Unified sniffing”.
- Choose eth0 as the network interface.
- Open the menu “Start” and select “Start sniffing”.
- Open the menu “View”, and select “Profiles”
- Open pentest.id or any other IP address or hostname you want to sniff.
- After I open the website, ettercap will output collected passive profiles.
- Open the selected profile for more details. In this case, I opened pentest.id. Ettercap shows that pentest.id use Windows NT 4.0 as its operating system.
- Since both tools show different OS results, I’ll try to confirm which one is the right one with another tool. So, this post will be updated later when I’ve found the right answer or any other possible OS found. 💛
- Ali, S., Allen, L. & Heriyanto, T. Kali Linux: Assuring security by penetration testing.