Task 3: Perform OS Discovery using Unicornscan

 

Task 3: Perform OS Discovery using Unicornscan



Module 03: Scanning Networks
Lab 3: Perform OS Discovery

Task 3: Perform OS Discovery using Unicornscan

Unicornscan is a Linux-based command line-oriented network information-gathering and reconnaissance tool. It is an 
asynchronous TCP and UDP port scanner and banner grabber that enables you to discover open ports, services, TTL values,
 etc. running on the target machine. In Unicornscan, the OS of the target machine can be identified by observing the TTL
 values in the acquired scan result.


sudo su
cd
unicornscan [Target IP Address] -Iv
ttl values acquired after the scan are 128; hence, the OS is possibly Microsoft Windows 
unicornscan [Target IP Address] -Iv
ttl value acquired after the scan is 64; hence, the OS is possibly a Linux-based machine 



Unicornscan is a Linux-based command line-oriented network information-gathering and reconnaissance tool. It is an asynchronous TCP and UDP port scanner and banner grabber that enables you to discover open ports, services, TTL values, etc. running on the target machine. In Unicornscan, the OS of the target machine can be identified by observing the TTL values in the acquired scan result.

Here, we will use the Unicornscan tool to perform OS discovery on the target system.

  1. Click Parrot Security to switch to the Parrot Security machine.

  2. Click the MATE Terminal icon at the top of the Desktop window to open a Terminal window.

    44.jpg

  3. Parrot Terminal window appears. In the terminal window, type sudo su and press Enter to run the programs as a root user.

  4. In the [sudo] password for attacker field, type toor as a password and press Enter.

    The password that you type will not be visible.

  5. Now, type cd and press Enter to jump to the root directory.

    Screenshot

  6. Parrot Terminal window appears. In the terminal window, type unicornscan [Target IP Address] -Iv (here, the target machine is Windows Server 2016 [10.10.10.16]) and press Enter.

    In this command, -I specifies an immediate mode and v specifies a verbose mode.

  7. The scan results appear, displaying the open TCP ports along with the obtained TTL value of 128. As shown in the screenshot, the ttl values acquired after the scan are 128; hence, the OS is possibly Microsoft Windows (Windows 7/8/8.1/10 or Windows Server 2008/12/16).

    Here, the target machine is Windows Server 2016 (10.10.10.16).

    Screenshot

  8. In the Parrot Terminal window, type unicornscan [Target IP Address] -Iv (here, the target machine is Ubuntu [10.10.10.9]) and press Enter.

  9. The scan results appear, displaying the open TCP ports along with a TTL value of 64. As shown in the screenshot, the ttl value acquired after the scan is 64; hence, the OS is possibly a Linux-based machine (Google Linux, Ubuntu, Parrot, or Kali).

    Screenshot

  10. This concludes the demonstration of discovering the OS of the target machine using Unicornscan.

  11. Close all open windows and document all the acquired information.

Comments

Post a Comment

Popular posts from this blog

Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools

Image
Lab 1: Perform S3 Bucket Enumeration using Various S3 Bucket Enumeration Tools Lab Scenario As an ethical hacker, you must try to obtain as much information as possible about the target cloud environment using various enumeration tools. This lab will demonstrate various S3 bucket enumeration tools that can help you in extracting the list of publicly available S3 buckets. Lab Objectives Enumerate S3 buckets using lazys3 Enumerate S3 buckets using S3Scanner Overview of Enumeration Tools Enumeration tools are used to collect detailed information about target systems to exploit them. Information collected by S3 enumeration tools consists of a list of misconfigured S3 buckets that are available publicly. Attackers can exploit these buckets to gain unauthorized access to them. Moreover, they can modify, delete, and exfiltrate the bucket content. Task 1: Enumerate S3 Buckets using lazys3 lazys3 is a Ruby script tool that is used to brute-force AWS S3 buckets using different permutations. This...
Read more

Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools

Image
Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 1: Perform Cryptanalysis using CrypTool CrypTool is a freeware program that enables you to apply and analyze cryptographic mechanisms, and has the typical look and  feel of a modern Windows application. CrypTool includes a multitude of state-of-the-art cryptographic functions and allows you  to both learn and use cryptography within the same environment. CrypTool is a free, open-source e-learning application used in  the implementation and analysis of cryptographic algorithms. Here, we will use the CrypTool tool to perform cryptanalysis. refer to blog  little long --------------------------------------------------------------------------------------------------------------------------------------- Module 20: Cryptography Lab 5: Perform Cryptanalysis using Various Cryptanalysis Tools Task 2: Perform Cryptanalysis us...
Read more

Task 2: Perform OS Discovery using Nmap Script Engine (NSE)

Image
  Task 2: Perform OS Discovery using Nmap Script Engine (NSE) Module 03: Scanning Networks Lab 3: Perform OS Discovery Task 2: Perform OS Discovery using Nmap Script Engine (NSE) open zenmap nmap -A [Target IP Address]   = -A: to perform an aggressive scan. nmap -O [Target IP Address]   = -O: performs the OS discovery. nmap --script smb-os-discovery.nse [Target IP Address]   = --script: specifies the customized script and smb-os-discovery.nse: attempts to determine the OS, computer name, domain, workgroup, and current time over the SMB protocol (ports 445 or 139). end Nmap, along with Nmap Script Engine (NSE), can extract considerable valuable information from the target system. In addition to Nmap commands, NSE provides scripts that reveal all sorts of useful information from the target system. Using NSE, you may obtain information such as OS, computer name, domain name, forest name, NetBIOS computer name, NetBIOS domain name, workgroup, system time o...
Read more