Obtaining operating system and service versions using Nmap

So far, we have been able to gather basic details about a target. We can use Nmap to help users determine the operating system, the operating system version, and the service versions of any running applications on a target.

Using the -A operator will initiate an aggressive scan, -O will profile the operating system, and -sV will identify service versions.

Performing an aggressive type of scan can potentially be flagged by an Intrusive Detection System/Intrusive Prevention System (IDS/IPS) or a firewall appliance. Be wary of this, as a big part of penetration testing is being as silent as possible to avoid detection.

Using the nmap -A -O -sV target command on our Metasploitable VM as our target system, we will be able to obtain much more meaningful information about the target.

As you can see in the following snippet, for each port that is open, Nmap has identified a particular service operating on the port, and we were able to retrieve the application service version details as well:

Operating system and service version

Scrolling down a bit more on the output, we can see that, by using the -O parameter, Nmap was able to determine the type of operating system:

Detecting the kernel version

At this point, we have a much better idea of our target, the Metasploitable VM. We know all of the open ports, services, and service versions that are currently running, as well as the operating system.

Nmap is awesome, isn't it? Let's learn how to use Nmap to scan a device that has ICMP disabled.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.191.202.45