OS fingerprinting with Metasploit

OS fingerprinting is the process of determining the operating system running by a host. Port 445 is used by SMB protocol for providing shared access to files, printers, serial ports, and miscellaneous communications between nodes on a network. Most usage of SMB involves computers running Microsoft Windows. To check if port 445 is open,

use auxiliary/scanner/portscan/syn

hit enter

set RHOSTS 192.168.1.5

hit enter

set PORTS 445

hit enter

run

hit enter

If port 445 is open then we are going to use smb_version module. Type

use scanner/smb/smb_version

hit enter

set RHOSTS 192.168.1.5

(assuming that your target machine has IP address 192.168.1.5)
hit enter

Type

run

hit enter to get your results:

msf auxiliary(smb_version) > run 
[*] 192.168.1.5:445 is running Windows XP Service Pack 2 (language: English) (name:JOHN) 
(domain:MYDOMAIN)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Voila! A Windows XP SP2 machine with lots of vulnerabilities. Execute the command hosts
again to see that Metasploit has updated database according to our new discovery.

 
This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.

%d bloggers like this: