Target Discovery (still ongoing)

After information gathering, the next step is to discover our target machines. This process is commonly known as Target Discovery.

Why do we need to identify our target machines?

  • To find out which machine in the target network is available. If the target machine is not available, we won’t continue the penetration testing process to save more time.
  • To find the underlying operating system used by the target machine which will help us during the vulnerabilities mapping.

Same like the last post, my target is pentest.id.

TOOLS I’VE USED

  1. nmap
    nmap is a really powerful tool for port scanning and vulnerability mapping. However, in this post, I’m going to use nmap for OS fingerprinting and check for open ports. Type nmap followed by -O command and the hostname to check the remote machine’s operating system.From the picture above, the best-guess OS is Linux 2.4.X or 3.X, Microsoft Windows XP | 7 | 2012. Meanwhile, the open ports are port 80, port 443, port 8080 and port 8443.
  2. ettercap for OS fingerprinting
    1. Type ettercap -C in my terminal for opening ettercap with Curses interface.
    2. Open the menu “Sniff”, and select “Unified sniffing”.
    3. Choose eth0 as the network interface.
    4. Open the menu “Start” and select “Start sniffing”.
    5. Open the menu “View”, and select “Profiles”
    6. Open pentest.id or any other IP address or hostname you want to sniff.
    7. After I open the website, ettercap will output collected passive profiles.
    8. Open the selected profile for more details. In this case, I opened pentest.id. Ettercap shows that pentest.id use Windows NT 4.0 as its operating system.
  3. Since both tools show different OS results, I’ll try to confirm which one is the right one with another tool. So, this post will be updated later when I’ve found the right answer or any other possible OS found. 💛

References

  • Ali, S., Allen, L. & Heriyanto, T. Kali Linux: Assuring security by penetration testing.
  • https://jpcohen.wordpress.com/2008/01/05/passive-os-fingerprinting-pof-with-ettercap/

4 thoughts on “Target Discovery (still ongoing)

  1. I’m just writing to make you know what a beneficial discovery our daughter found checking the blog. She learned a lot of issues, most notably what it is like to have a great coaching character to have a number of people without problems learn chosen impossible things. You actually exceeded our desires. I appreciate you for coming up with the invaluable, dependable, revealing and also fun tips on that topic to Emily.

  2. I’m truly enjoying the design and layout of your site. It’s a very easy on the eyes which makes it much more pleasant for me to come here and visit more often. Did you hire out a designer to create your theme? Fantastic work!

  3. Right here is the perfect blog for anyone who wants to find out about this topic.
    You understand so much its almost tough to argue with you (not that I actually will need to…HaHa).
    You definitely put a new spin on a subject that’s been written about for a long time.
    Great stuff, just wonderful!

Leave a Reply

Your email address will not be published. Required fields are marked *