OS fingerprint method

During Penetration Testing phrase, A pentester will test the Operating System for verification usage. The method can be used for this activity such as Nmap and TTL response where it will provide details of the Operating System to the Pentester.

For Nmap Usage:

For the Pentester to use the command in Nmap, they will need to run it as root privilege access where Nmap requires the root access for the purpose.

The screenshot above an example of the command that need to run for the Operating System enumeration.

The command are sudo nmap -O <ip address> where in my case, the command would look like sudo nmap -O 127.0.0.1

The result of the Operating System enumeration will look like the screenshot above where it shows the Operating System that I’m currently using is Apple darwin (All depends on the target’s machine)

For Time To Live(TTL) usage:

In this method, The pentester will only have to ping the target’s machine and see at the response of TTL of the Ping.

For screenshot above, it show ttl=64 which 64 is referring to Mac OS.

The TTL that you can refer will be shown below based on the Operating System

Operating System TTL
Windows32, 128
Linux64,225
Unix60,64

Author: Wan Ariff

He brings with him working experience in Information Security filed which specializing in Penetration Testing and Digital Forensic. His passion is more to IT Security

Leave a Reply

Your email address will not be published. Required fields are marked *