Greg
Posts: 18
Nickname: singleton
Registered: Jun, 2003
|
|
Re: Help Please
|
Posted: Sep 29, 2003 6:32 AM
|
|
Well there are a number of possibilites that I can think of. One would be to use a URLConnection and use the getHeaderFields method to get info about the machine but this only works if there is a web server running there.
Short of this I'd suggest connecting to known ports and identifying the os by which are open. Here's a list of known port by os. See below.
-------------------------------------------------------- <|Remote Operating System Detection|> By: Virtual_Mage
One thing that is a valuable skill among hackers is the ability to be able to figure out what operating system a remote computer has installed on it. While there are programs which do this, those programs are not as accurate as the human mind is. Programs such as nmap that claim to do this, only do so by looking at what ports the computer has open, and then use that information to make an educated guess. The purpose of this tutorial is to teach you how to do this without the aid of anything except the program netcat, or telnet if you don't have netcat.
I. The No Brainers
There are a few situations in which it is very easy to determine what OS a computer uses. For example, if the IP address of the computer happens to be in the IP block owned by AOL or MSN, then it probably is not using a *nix style operating system, since AOL does not support UNIX/Linux and MSN doesn't either. Also, a great way to find oit what OS a webserver has is to telnet to port 80 and hit enter a few times, until it give you an error message. The error message will probably say what webserver software the computer is using. If it uses IIS, then you know that it is either Windows NT or 2000, and can safely assume that it is the server version of one of them. However, if it were using Apache, then you might be able to assume that it is using *nix, since Apache comes with *nix, and must be downloaded if a windows user wants to use it.
II. Unique Ports
Some operating systems have ports that they use for various things, that no other operating system uses. This is a brief list of such ports.
Windows Systems: 135 ( end point mapper/ DCOM services ) 139 ( netbios ) 445 ( SMB port; only windows 2000 ) 500 ( IKE/IPSEC ) 1024-1030 ( Windows 2000 RPC services ) 3268 ( Active Directory; Win NT and 2000 only )
*NIX Systems: 139 ( SAMBA ) 513 ( rlogin ) 6000 ( X Windows ) 514 ( rshell ) 517 ( talk ) 901 ( SAMBA swat )
Common Trojans ( since most trojans only run on windows ) 12345 ( netbus ) 31337 ( backorifice ) 27374 ( sub seven )
By checking a remote computer for the the ports above, it's rather easy to get a general idea of what operating system the computer uses. In some cases, you may even be able to figure out exactly which OS just by the open ports.
III. TCP/IP Services
There are several TCP/IP services that both *nix and Windows use, which can be used to help identify the OS. In general, you can assume any computer which has these ports open is a server of some sort.
Telnet (23) Many times you can discern the OS a computer uses simply by telnetting to it. Most *NIX style OS'es will come right out and tell you which OS they are, even the version, when you telnet to them.
SSH (22) It is normally safe to assume that most computers using SSH are *NIX, because *NIX comes with SSH already installed, and Windows does not.
SMTP (25) Sometimes, you can tell what OS a computer is using just by telnetting to port 25 on it and seeing what version of sendmail it uses. Many versions of *NIX use their own version of SMTP, and many times, a corporation will install a third party senndmail server on their computers, rather then the one that comes with it. In that case, it's as simple as checking what OS'es are supported by that particular sendmail software.
FTP (21) This is pretty much the same deal as SMTP.
HTTP (80) Telnet to it to see what webserver software it uses. If it's IIS, then it is without a doubt a Windows computer.
IV. Routers
There may be times that you find some of these ports open, and are wondering what they are, or you know that a network using a router, but you don't know what kind. Well, the below is basically for finding out what kind of router it is.
CISCO Routers: 21 23 79 80 512 513 514 1993 1999 2001 4001 6001 9001 49 (UDP) 67 (UDP) 123 (ntp) 161 (udp)
CISCO Switches: 23 80 7161 123 (UDP) 161 (UDP)
Bay Routers: 21 23 7 (UDP) 9 (UDP) 67 (UDP) 68 (UDP) 69 (UDP) 161 (UDP) 520 (UDP)
Ascend Routers: 23 7 (UDP) 9 (UDP) 161 (UDP) 162 (UDP) 514 (UDP) 520 (UDP)
|
|