[Ahmeket]

I was wondering if there are any ways to find out what operating system a machine runs remotely considering it has the needed ports opened.

[tibbar]

search for nmap

[seppel18]

look at the ports

139,445,3389 Windoze

22,3306 Linux

Look at the banners:

Microsoft/IIS 5.0 = Windows


Apache/1.3.27 (Unix) (Red-Hat/Linux) mod_ssl/2.8.12 OpenSSL/0.9.6b PHP/4.1.2 = Linux

Try X-Scan 3.2 ,works like nmap, but runs on Windows

[deaz]

Nmap 3.81 Usage: nmap [Scan Type(s)] [Options] <host or net list>
Some Common Scan Types ('*' options require root privileges)
* -sS TCP SYN stealth port scan (default if privileged (root))
-sT TCP connect() port scan (default for unprivileged users)
* -sU UDP port scan
-sP ping scan (Find any reachable machines)
* -sF,-sX,-sN Stealth FIN, Xmas, or Null scan (experts only)
-sV Version scan probes open ports determining service & app names/version
-sR RPC scan (use with other scan types)
Some Common Options (none are required, most can be combined):
* -O Use TCP/IP fingerprinting to guess remote operating system
-p <range> ports to scan. Example range: 1-1024,1080,6666,31337
-F Only scans ports listed in nmap-services
-v Verbose. Its use is recommended. Use twice for greater effect.
-P0 Don't ping hosts (needed to scan www.microsoft.com and others)
* -Ddecoy_host1,decoy2[,...] Hide scan using many decoys
-6 scans via IPv6 rather than IPv4
-T <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> General timing policy
-n/-R Never do DNS resolution/Always resolve [default: sometimes resolve]
-oN/-oX/-oG <logfile> Output normal/XML/grepable scan logs to <logfile>
-iL <inputfile> Get targets from file; Use '-' for stdin
* -S <your_IP>/-e <devicename> Specify source address or network interface
--interactive Go into interactive mode (then press h for help)
--win_help Windows-specific features
Example: nmap -v -sS -O www.my.com 192.168.0.0/16 '192.88-90.*.*'
SEE THE MAN PAGE FOR MANY MORE OPTIONS, DESCRIPTIONS, AND EXAMPLES

[Pu$u]

seppel18, on Jun 4 2005, 04:17 PM, said:

look at the ports

22,3306 Linux

<{POST_SNAPBACK}>

3306 is not only for Linux
MySQL can be used on Windows, too.

[Ahmeket]

What if they changed the default daemon ports on linux? As I understand the reason to search for port 22 is to see if sshd is running, but that port can easily be changed.

[Terminal]

windows specific:

139 and 445 open then its windows nt ( xp/2k)

only 139 open and sharing is on ( u can visit \\ip ) then its win98 .

if 139 open and no netbios sharing then it can be any 98/2k/xp

3389 open means windows xp or 2000 server as 2k professional do not have terminal services ..




1025 = windows 2k/xp

dunno much abt 2k3

[TedOb1]

many times you can tell using the ping command.

linux ttl = 64

windows ttl = 128

you must subtract 1 for each hop. for me a ping to yahoo has a time to live of 54 wich says it.s *nix.

[whiskah]

xprobe

Quote

Xprobe2 is a remote active operating system fingerprinting tool which uses advanced techniques, some which where first to be introduced with Xprobe2, such as the usage of statistical analysis ('fuzzy logic') to match between probe response(s) to its signature database and others, in order to provide with accurate results regarding the underlying operating system of a probed element(s).

[seppel18]

Port 5000 = XP ;)