WEBVTT 00:00.740 --> 00:07.460 Operating system and burden addiction, there are some advantage options provided by and apart from 00:07.460 --> 00:10.040 a scanning port scanning, of course. 00:10.040 --> 00:13.730 So these options can help us gain more information about our target. 00:14.270 --> 00:18.200 And one of the most widely used options is operating system identification. 00:19.280 --> 00:23.390 So this kind of help us identifying the operating system running on the target machine. 00:23.930 --> 00:33.110 So our operating system detection scan Ottawa's is here like the world bays like that here. 00:40.890 --> 00:43.200 Excellence interruptus clear. 00:43.740 --> 00:46.450 So anyway, so, uh. 00:47.100 --> 00:49.440 Oops, I'm sorry, your resolution. 00:51.790 --> 00:54.190 There's a two years. 00:56.030 --> 00:57.380 If this configuration. 01:08.690 --> 01:10.520 Not so. 01:17.760 --> 01:26.160 No, we will do the in-app scanning here operating system with an ID scanning kit in order to do that. 01:26.550 --> 01:28.080 We will use up. 01:29.730 --> 01:39.180 Or two operating system for operating system IDs, or we might need a pseudo here, root access or here 01:39.180 --> 01:47.060 and enter your port address of your target to actually enter IP address of your target machine 135 onto 01:47.080 --> 01:47.250 it. 01:49.390 --> 01:51.310 So, uh, now. 01:53.040 --> 01:53.420 Now. 01:55.710 --> 01:56.850 Let's enter here. 01:57.490 --> 01:58.890 Uh, enter password. 02:00.500 --> 02:01.010 And. 02:09.430 --> 02:11.410 Here, what's the problem here? 02:13.120 --> 02:14.050 Incorrect, so. 02:19.570 --> 02:20.100 Yes, actually. 02:20.650 --> 02:30.370 As you can see here, we have Typekit machine is running on Linux here, a Linux 2.0 kind of version 02:30.370 --> 02:39.520 two point six point nine here or two point six point thirty two network distance is one hope because 02:39.520 --> 02:42.920 it's the long address, so it's not calling routing anywhere. 02:42.940 --> 02:44.920 It's just and connecting the article to it. 02:45.610 --> 02:54.700 And then now we will open our Windows machine to make an operating system detection here. 02:55.330 --> 03:03.330 Now I will open the Windows seven machine here, opening the windows here, windows, and let's show 03:03.340 --> 03:04.840 these windows to you. 03:06.520 --> 03:07.000 OK. 03:08.690 --> 03:10.520 So this is our Windows machine. 03:12.490 --> 03:12.850 Yes. 03:14.310 --> 03:15.480 And that started. 03:40.520 --> 03:50.390 Here and now, we will scan all of our addresses to find which, uh, our uh, what is our Windows seven 03:50.600 --> 03:54.170 line address or and map in the SUV? 03:54.590 --> 04:00.590 Well, here's our local, uh, address here and to 55. 04:03.010 --> 04:04.060 Actually, 24. 04:10.620 --> 04:16.410 Scanning ninety point ninety two point ninety one, he's done. 04:17.580 --> 04:28.080 200 a 253 is completed, underwent the scan here, so as you can see here, we have um, we have actually 04:28.620 --> 04:29.760 not is not this. 04:33.450 --> 04:34.310 Metasploit. 05:06.110 --> 05:10.580 So as you can see, this is out Windows machine IP address. 05:10.840 --> 05:14.840 Now we found it inside with, um, two. 05:16.510 --> 05:21.490 True here, as you can see here, uh, poll 53 is opened. 05:23.620 --> 05:30.010 And then now we can do the two acts you can see here, um. 05:31.200 --> 05:37.830 So this is actually not a windows, this is the windows we have when we're playing virtual, uh, networks, 05:38.130 --> 05:40.000 um, the device here. 05:40.560 --> 05:41.610 Uh, so. 05:49.830 --> 05:53.850 Our window of St. Pete is not going to torture for. 06:28.410 --> 06:35.580 So you can see this in network distance of one home Buswell and the other is is this is not an individual 06:35.580 --> 06:35.960 device. 06:35.970 --> 06:37.830 This isn't just a virtual machine. 06:37.830 --> 06:46.260 And because of that, we can be seeing here, um, make a major address, uh, of our, uh, we we have 06:46.260 --> 06:47.100 visual device. 06:48.530 --> 06:55.790 So, um, the other widely used option is motion detection, so aversion detection of different ports 06:55.790 --> 06:56.450 on the target. 06:56.990 --> 06:59.980 So it can be mixed with any of these types of guns. 06:59.990 --> 07:01.880 So actually, we don't need windows anywhere. 07:02.150 --> 07:06.920 Uh, we have and we have operating system for penetration testing here. 07:07.340 --> 07:12.020 So another well used option is, uh, vision connection here. 07:12.350 --> 07:14.030 Uh, which is a. 07:16.010 --> 07:18.800 So what version detection is? 07:18.800 --> 07:23.780 Uh, version detection is an, uh, different, uh, across the different open ports on the target. 07:23.780 --> 07:31.430 And uh, but detection the versions of our open ports so it can be mixed with any of the, uh, scan 07:31.430 --> 07:38.210 types that we have previously to add extra bit information of what visual services are running on the 07:38.210 --> 07:40.070 ports of the target. 07:40.460 --> 07:43.310 Uh, we add like that. 07:43.520 --> 07:54.110 So in map as we enter your IP address, uh, here and your IP address, that IP address and no. 07:55.650 --> 08:05.550 It's running the Virgin Addiction for, um, Typekit machine here, as you can see, we have, um detected 08:05.550 --> 08:13.110 what a virtual audience is using, for example, my squirrel five point point fifty one V.A. Protocol 08:13.170 --> 08:18.150 3.3 Post-career Esquibel, uh, eight point 3.0. 08:18.300 --> 08:24.780 So as you can as you know why we did it, because we can find exploits for these versions, for example, 08:24.780 --> 08:29.600 they can, uh, find exploits about somebody else in the assembly here. 08:30.000 --> 08:35.910 Uh, or we can, uh, find FTP, uh, for example, this version of F2P here. 08:37.470 --> 08:38.970 Exploit here, for example. 08:44.170 --> 08:50.290 As you can see, a better command execution, we have exploited years exploit database we have here 08:50.290 --> 08:57.340 so we can hack this device with these open ports because of that, how we can do it because we did and 08:57.350 --> 09:01.000 the information actually saves detection here. 09:01.010 --> 09:09.700 So in this target machine, we know which ports and which if DP service version is using so we can find 09:09.700 --> 09:12.250 relative exploits to hack these machine.