OS Fingerprinting in Ethical Hacking refers to any method used to determine what operating system is running on a remote computer. By analyzing certain protocol flags, options, and data in the packets a device sends onto the network, we can make relatively accurate guesses about the OS that sent those packets.
By pinpointing the exact OS of a host, an attacker can launch a precise attack against a target machine. In a world of buffer overflows, knowing the exact flavor and architecture of an OS could be all the opportunity an attacker needs
OS fingerprinting Techniques
1. Active fingerprinting
2. Passive fingerprinting
Passive fingerprinting is based on sniffer traces from the remote system. Based on the sniffer traces (such as Wireshark) of the packets, you can determine the operating system of the remote host.
- TTL − What the operating system sets the
- Time-To-Live on the outbound packet.
- Window Size − What the operating system sets the Window Size at.
- DF − Does the operating system set the
- Don’t Fragment bit.
- TOS − Does the operating system set the
- Type of Service, and if so, at what.
Tools Used For OS fingerprinting
1. p0f – passive OS fingerprinting
2. Ettercap – passive OS fingerprinting
3. Nmap – active OS fingerprinting
4. XProbe2 – active OS fingerprinting
By analyzing these factors of a packet, you may be able to determine the remote operating system. This system is not 100% accurate and works better for some operating systems than others.
Before attacking a system, it is required that you know what operating system is hosting a website. Once a target OS is known, then it becomes easy to determine which vulnerabilities might be present to exploit the target system.