Welcome back Hackrs,
What is OS Fingerprinting?
As I mostly emphasize in my previous articles, reconnaissance techniques are one of the first steps penetration testers practice when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope and identifying weaknesses or the vulnerabilities.
There are many tools available in Kali for Reconnaissance.
However it is important to gather intel before doing anything massive. One of such things is fingerprinting the Operating System and other critical data of the host which we are going to attack!
There are many options to conduct OS Fingerprinting in Kali. One of them is by using ‘xprobe2‘.
Although tools such as nmap and hping2 can do operating system fingerprinting, they are not accurate and reliable as these tools are not built specifically for this purpose.
xprobe2 is an active OS fingerprinting tool, which technically sends probes to the target host and then gauges the OS from the response from the host.
xprobe2 has 16 modules built in and is available by default in Kali distribution!
Access the help page of xprobe2 by typing
Modules in xprobe2
List out the modules in xprobe2 by typing
Syntax goes as:
xprobe2 <target domain or IP>
Now, let’s point xprobe2 at any random device in the network. In my case it’s my 22.214.171.124 by typing
Now, let’s try on any other unknown host, say nationalgeographic.com. It’s as simple as typing
When I run nmap with the syntax:
If you are getting any random text instead of probable OS listing, reinstall the default font in Kali distribution by typing
sudo apt --reinstall install fonts-cantarell