لطفا منتظر باشید ...
Sample Program–Legerdemain
The following program illustrates the active fingerprinting functionality of the libsf library. Legerdemain is an OS detection utility that attempts to determine the operating system of a remote host. It is fairly straightforward in its usage. Command line options are dumped when no arguments are specified:
tradecraft: ~# legerdemain
Legerdemain 1.0 [remote operating system detection tool]
usage ./legerdemain [options] target
-a dump all guesses
-d dump debugging information
-i device specify a device
-v be verbose
When the verbose or debug switches are specified, Legerdemain enables the debugging options inside libsf. This action results in more messages dumped to the console. The user can specify a device at the command line by using the -i flag or leave it up to libsf to determine a suitable device. The dump all guesses switch causes Legerdemain to display the entire list of OS guesses that it compiled. This action is generally not all that useful, because early guesses are based on limited information and are usually incorrect. A sample invocation of Legerdemain is as follows:
tradecraft: ~# legerdemain -ifxp0 www.securityfocus.com
Legerdemain 1.0 [remote operating system detection tool]
Host: www.securityfocus.com, found open port: 80 and closed port: 1
Performing active fingerprint scan...
205 potential matches (highest score of 51)
Highest scored OS guesses:
Linux 2.1.19 - 2.2.17
Linux 2.2.14
Linux 2.2.19 on a DEC Alpha
Linux kernel 2.2.13
Legerdemain found 205 potential matches, four of which scored the highest. At this writing, chances are that http://www.securityfocus.com is running on a machine with a Linux 2.2.x kernel. Because Legerdemain was not invoked with theverbose switch, we could not see which tests succeeded and which failed. To gather more information about what is going on inside libsf, we start Legerdemain with the verbose switch:
tradecraft: ~# legerdemain -v www.somethingawful.com
Legerdemain 1.0 [remote operating system detection tool]
libsf: verbose mode enabled
Performing active portscan to find open port...
Host: www.somethingawful.com, found open port: 80 and closed port: 1
Performing active fingerprint scan...
LIBSF_ACTIVE_OPTSYN succeeded
LIBSF_ACTIVE_OPTNULL libsf_get_response(): timer expired
LIBSF_ACTIVE_OPTSFUP succeeded
LIBSF_ACTIVE_OPENACK succeeded
LIBSF_ACTIVE_CLOSESYN succeeded
LIBSF_ACTIVE_CLOSEACK succeeded
LIBSF_ACTIVE_CLOSEFPU succeeded
436 potential matches (highest score of 67)
Highest scored OS guesses:
FreeBSD 2.2.1 - 4.1
FreeBSD 3.2-4.0
FreeBSD 4.1.1 - 4.3 (X86)
FreeBSD 4.3 - 4.4PRERELEASE
MS Windows2000 Professional RC1/W2K Advance Server Beta3
Windows Me or Windows 2000 RC1 through final release
Windows Millenium Edition v4.90.3000
Windows NT 5 Beta2 or Beta3
This time, Legerdemain invoked verbosely—which dumps test status to the console. Legerdemain tests successfully with the exception of the second test (a NULL TCP packet with options to an open port). Out of 436 possible matches, FreeBSD and Windows came up as being the best guesses. The reason Legerdemain had difficulty differentiating between the two is that both stacks have similar fingerprinting properties.
