[kakus130908$]

assalam'uallaikum sahabat backtrack, perkenanakan orang cupu membuat thread

dalam melakukan Information Gathering pasti kita tidak luput dari mengetahui sistem operasi apa yang di gunakan oleh "vitcim/target" kita,untuk memudahkan kita dalam mencari tipe serangan yg tepat untuk sistem operasi tersebut,hal ini bisa di sebut os fingerprinting (mungkin hehe,kalau salah mohon dibenarkan),nama toolnya yaitu 'xprobe2'.

cara menggunakanya(mengetahui parameter yg digunakan) kita ketik di terminal seperti ini:

Code:

root@bt:~# xprobe2 --help

Xprobe-ng v.2.1 Copyright (c) 2002-2009 [email protected], [email protected], [email protected]

xprobe2: invalid option -- '-'
usage: xprobe2 [options] target
Options:
          -v                       Be verbose
          -r                       Show route to target(traceroute)
          -p <proto:portnum:state> Specify portnumber, protocol and state.
                                   Example: tcp:23:open, UDP:53:CLOSED
          -c <configfile>          Specify config file to use.
          -h                       Print this help.
          -o <fname>               Use logfile to log everything.
          -t <time_sec>            Set initial receive timeout or roundtrip time.
          -s <send_delay>          Set packsending delay (milseconds).
          -d <debuglv>             Specify debugging level.
          -D <modnum>              Disable module number <modnum>.
          -M <modnum>              Enable module number <modnum>.
          -L                       Display modules.
          -m <numofmatches>        Specify number of matches to print.
          -T <portspec>            Enable TCP portscan for specified port(s).
                                   Example: -T21-23,53,110
          -U <portspec>            Enable UDP portscan for specified port(s).
          -f                       force fixed round-trip time (-t opt).
          -F                       Generate signature (use -o to save to a file).
          -X                       Generate XML output and save it to logfile specified with -o.
          -B                       Options forces TCP handshake module to try to guess open TCP port
          -A                       Perform analysis of sample packets gathered during portscan in
                                   order to detect suspicious traffic (i.e. transparent proxies,
                                   firewalls/NIDSs resetting connections). Use with -T.
root@bt:~#

di atas terlihat jelas parameter2 yang dapat kita gunakan xprobe2.
SS untuk melihat parameter yang dapat kita gunakan

Spoiler! :

cotoh 1 :
disini saya akan ambil contoh pertama yaitu ' -v untuk Be verbose saja' (untuk website yang ingin saya cari tahu yaitu punya temen ane junior.riau18)

Code:

root@bt:~# xprobe2 -v www.juniorriau.com

Xprobe-ng v.2.1 Copyright (c) 2002-2009 [email protected], [email protected], [email protected]

[+] Target is www.juniorriau.com
[+] Loading modules.
[+] Following modules are loaded:
[x]  ping:icmp_ping  -  ICMP echo discovery module
[x]  ping:tcp_ping  -  TCP-based ping discovery module
[x]  ping:udp_ping  -  UDP-based ping discovery module
[x]  infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x]  infogather:portscan  -  TCP and UDP PortScanner
[x]  fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x]  fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x]  fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x]  fingerprint:icmp_info  -  ICMP Information request fingerprinting module
[x]  fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x]  fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x]  fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x]  app:smb  -  SMB fingerprinting module
[x]  app:snmp  -  SNMPv2c fingerprinting module
[x]  app:ftp  -  FTP fingerprinting tests
[x]  app:http  -  HTTP fingerprinting tests
[+] 16 modules registered
[+] Initializing scan engine
[+] Running scan engine
fingerprint:icmp_tstamp has not enough data
Executing ping:icmp_ping
Executing fingerprint:icmp_port_unreach
Executing fingerprint:icmp_echo
fingerprint:tcp_hshake has not enough data
Executing fingerprint:tcp_rst
Executing fingerprint:icmp_amask
Executing fingerprint:icmp_tstamp
Executing fingerprint:icmp_info
app:smb has not enough data
Executing app:snmp
Recv() error: Connection refused
ping:tcp_ping has not enough data
Executing ping:udp_ping
Executing infogather:ttl_calc
Executing infogather:portscan
Executing app:ftp
Executing app:http
[+] Primary Network guess:
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.29" (Guess probability: 95%)
[+] Other guesses:
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.30" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.19" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.28" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.27" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.26" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.25" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.24" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.23" (Guess probability: 95%)
[+] Host 103.28.149.104 Running OS: "Linux Kernel 2.4.22" (Guess probability: 95%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
root@bt:~#

oke dan hasilnya bisa kita ternyata mengguunakan Linux Kernel 2.4.*
SS contoh 1:

Spoiler! :

contoh 2 :
sekarang saya akan mencoba menggunakan parameter '-r Show route to target(traceroute) ' untuk melihat jalur terjal yang harus di lewati paket data untuk sampai tujuan.

Code:

root@bt:~# xprobe2 -v -r www.kaskus.co.id

Xprobe-ng v.2.1 Copyright (c) 2002-2009 [email protected], [email protected], [email protected]

[+] Target is www.kaskus.co.id
[+] Loading modules.
[+] Following modules are loaded:
[x]  ping:icmp_ping  -  ICMP echo discovery module
[x]  ping:tcp_ping  -  TCP-based ping discovery module
[x]  ping:udp_ping  -  UDP-based ping discovery module
[x]  infogather:ttl_calc  -  TCP and UDP based TTL distance calculation
[x]  infogather:portscan  -  TCP and UDP PortScanner
[x]  fingerprint:icmp_echo  -  ICMP Echo request fingerprinting module
[x]  fingerprint:icmp_tstamp  -  ICMP Timestamp request fingerprinting module
[x]  fingerprint:icmp_amask  -  ICMP Address mask request fingerprinting module
[x]  fingerprint:icmp_info  -  ICMP Information request fingerprinting module
[x]  fingerprint:icmp_port_unreach  -  ICMP port unreachable fingerprinting module
[x]  fingerprint:tcp_hshake  -  TCP Handshake fingerprinting module
[x]  fingerprint:tcp_rst  -  TCP RST fingerprinting module
[x]  app:smb  -  SMB fingerprinting module
[x]  app:snmp  -  SNMPv2c fingerprinting module
[x]  app:ftp  -  FTP fingerprinting tests
[x]  app:http  -  HTTP fingerprinting tests
[+] 16 modules registered
[+] Initializing scan engine
[+] Running scan engine
fingerprint:icmp_tstamp has not enough data
Executing ping:icmp_ping
Executing fingerprint:icmp_port_unreach
Executing fingerprint:icmp_echo
fingerprint:tcp_hshake has not enough data
Executing fingerprint:tcp_rst
Executing fingerprint:icmp_amask
Executing fingerprint:icmp_tstamp
Executing fingerprint:icmp_info
app:smb has not enough data
Executing app:snmp
Recv() error: No route to host
ping:tcp_ping has not enough data
Executing ping:udp_ping
Executing infogather:ttl_calc
[infogather:ttl_calc] Showing route to 112.78.131.2:
[x]   0 hop: 192.168.1.1 [192.168.1.1]
[x]   1 hop: *
[x]   1 hop: 10.10.224.1 [10.10.224.1]
[x]   2 hop: *
[x]   2 hop: be8-cg03-pe04.fast.net.id [202.73.96.25]
[infogather:ttl_calc] Failed to reach target
Executing infogather:portscan
Executing app:ftp
Executing app:http
[+] Primary Network guess:
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM F.08.01 EEPROM F.08.05" (Guess probability: 93%)
[+] Other guesses:
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM G.07.19 EEPROM G.08.03" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM A.03.17 EEPROM A.04.09" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "Foundry Networks IronWare Version 03.0.01eTc1" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM G.07.02 EEPROM G.08.04" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM G.07.02 EEPROM G.07.20" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM G.07.19 EEPROM G.08.04" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM A.05.03 EEPROM A.05.05" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM G.07.19 EEPROM G.07.20" (Guess probability: 93%)
[+] Host 112.78.131.2 Running OS: "HP JetDirect ROM G.05.34 EEPROM G.05.35" (Guess probability: 93%)
[+] Cleaning up scan engine
[+] Modules deinitialized
[+] Execution completed.
root@bt:~#

nah disini menunjukan Sistem Operasi yang digunakan 'HP JetDirect ROM' dan di tunjukan jalur yang di lalui

[infogather:ttl_calc] Showing route to 112.78.131.2:
[x] 0 hop: 192.168.1.1 [192.168.1.1]
[x] 1 hop: *
[x] 1 hop: 10.10.224.1 [10.10.224.1]
[x] 2 hop: *
[x] 2 hop: be8-cg03-pe04.fast.net.id [202.73.96.25]
[infogather:ttl_calc] Failed to reach target
SS untuk contoh 2

Spoiler! :

saya bingung dengan Sistem Operasi apa itu ''HP JetDirect ROM",saya bertanya dengan om zee,beliau bilang itu adalah Sistem Operasi DOS.

kekurangan dari tools ini adalah sudah tidak terupdate lagi atau udah uzur,tapi untuk tools lainya masih banyak kok yang dapat digunakan ex:nmap, disini saya cuma ambil cotoh pengguunaan salah satu tools yang ada di backtrack aja.

ohh iya ini daftar yang di support oleh xprobe2 :

Code:

AIX 5.1
AIX 4.3.3
Apple Mac OS X 10.2.0
Apple Mac OS X 10.2.1
Apple Mac OS X 10.2.2
Apple Mac OS X 10.2.3
Apple Mac OS X 10.2.4
Apple Mac OS X 10.2.5
Apple Mac OS X 10.2.6
Apple Mac OS X 10.2.7
Apple Mac OS X 10.2.8
Apple Mac OS X 10.3.0
Apple Mac OS X 10.3.1
Apple Mac OS X 10.3.2
Apple Mac OS X 10.3.3
Apple Mac OS X 10.3.4
Apple Mac OS X 10.3.5
Apple Mac OS X 10.3.6
Apple Mac OS X 10.3.7
Apple Mac OS X 10.3.8
Apple Mac OS X 10.3.9
Apple Mac OS X 10.4.0
Apple Mac OS X 10.4.1
Apple Mac OS X 10.5
Cisco IOS 12.3
Cisco IOS 12.2
Cisco IOS 12.0
Cisco IOS 11.3
Cisco IOS 11.2
Cisco IOS 11.1
Foundry Networks IronWare Version 03.0.01eTc1
Foundry Networks IronWare Version 07.5.04T53
Foundry Networks IronWare Version 07.5.05KT53
Foundry Networks IronWare 07.6.01BT51
Foundry Networks IronWare 07.6.04aT51
Foundry Networks IronWare 07.7.01eT53
FreeBSD 5.4
FreeBSD 5.3
FreeBSD 5.2.1
FreeBSD 5.2
FreeBSD 5.1
FreeBSD 5.0
FreeBSD 4.11
FreeBSD 4.10
FreeBSD 4.9
FreeBSD 4.8
FreeBSD 4.7
FreeBSD 4.6.2
FreeBSD 4.6
FreeBSD 4.5
FreeBSD 4.4
FreeBSD 4.3
FreeBSD 4.2
FreeBSD 4.1.1
FreeBSD 4.0
FreeBSD 3.5.1
FreeBSD 3.4
FreeBSD 3.3
FreeBSD 3.2
FreeBSD 3.1
FreeBSD 2.2.8
FreeBSD 2.2.7
HP UX 11.0x
HP UX 11.0
HP JetDirect ROM A.03.17 EEPROM A.04.09
HP JetDirect ROM A.05.03 EEPROM A.05.05
HP JetDirect ROM F.08.01 EEPROM F.08.05
HP JetDirect ROM F.08.08 EEPROM F.08.05
HP JetDirect ROM F.08.08 EEPROM F.08.20
HP JetDirect ROM G.05.34 EEPROM G.05.35
HP JetDirect ROM G.06.00 EEPROM G.06.00
HP JetDirect ROM G.07.02 EEPROM G.07.17
HP JetDirect ROM G.07.02 EEPROM G.07.20
HP JetDirect ROM G.07.02 EEPROM G.08.04
HP JetDirect ROM G.07.19 EEPROM G.07.20
HP JetDirect ROM G.07.19 EEPROM G.08.03
HP JetDirect ROM G.07.19 EEPROM G.08.04
HP JetDirect ROM G.08.08 EEPROM G.08.04
HP JetDirect ROM G.08.21 EEPROM G.08.21
HP JetDirect ROM H.07.15 EEPROM H.08.20
HP JetDirect ROM L.20.07 EEPROM L.20.24
HP JetDirect ROM R.22.01 EEPROM L.24.08
Linux Kernel 2.6.11
Linux Kernel 2.6.10
Linux Kernel 2.6.9
Linux Kernel 2.6.8
Linux Kernel 2.6.7
Linux Kernel 2.6.6
Linux Kernel 2.6.5
Linux Kernel 2.6.4
Linux Kernel 2.6.3
Linux Kernel 2.6.2
Linux Kernel 2.6.1
Linux Kernel 2.6.0
Linux Kernel 2.4.30
Linux Kernel 2.4.29
Linux Kernel 2.4.28
Linux Kernel 2.4.27
Linux Kernel 2.4.26
Linux Kernel 2.4.25
Linux Kernel 2.4.24
Linux Kernel 2.4.23
Linux Kernel 2.4.22
Linux Kernel 2.4.21
Linux Kernel 2.4.20
Linux Kernel 2.4.19
Linux Kernel 2.4.18
Linux Kernel 2.4.17
Linux Kernel 2.4.16
Linux Kernel 2.4.15
Linux Kernel 2.4.14
Linux Kernel 2.4.13
Linux Kernel 2.4.12
Linux Kernel 2.4.11
Linux Kernel 2.4.10
Linux Kernel 2.4.9
Linux Kernel 2.4.8
Linux Kernel 2.4.7
Linux Kernel 2.4.6
Linux Kernel 2.4.5
Linux Kernel 2.4.4 (I)
Linux Kernel 2.4.4
Linux Kernel 2.4.3
Linux Kernel 2.4.2
Linux Kernel 2.4.1
Linux Kernel 2.4.0
Linux Kernel 2.2.26
Linux Kernel 2.2.25
Linux Kernel 2.2.24
Linux Kernel 2.2.23
Linux Kernel 2.2.22
Linux Kernel 2.2.21
Linux Kernel 2.2.20
Linux Kernel 2.2.19
Linux Kernel 2.2.18
Linux Kernel 2.2.17
Linux Kernel 2.2.16
Linux Kernel 2.2.15
Linux Kernel 2.2.14
Linux Kernel 2.2.13
Linux Kernel 2.2.12
Linux Kernel 2.2.11
Linux Kernel 2.2.10
Linux Kernel 2.2.9
Linux Kernel 2.2.8
Linux Kernel 2.2.7
Linux Kernel 2.2.6
Linux Kernel 2.2.5
Linux Kernel 2.2.4
Linux Kernel 2.2.3
Linux Kernel 2.2.2
Linux Kernel 2.2.1
Linux Kernel 2.2.0
Linux Kernel 2.0.36
Linux Kernel 2.0.34
Linux Kernel 2.0.30
Microsoft Windows 2003 Server Enterprise Edition
Microsoft Windows 2003 Server Standard Edition
Microsoft Windows XP SP2
Microsoft Windows XP SP1
Microsoft Windows XP
Microsoft Windows 2000 Server Service Pack 4
Microsoft Windows 2000 Server Service Pack 3
Microsoft Windows 2000 Server Service Pack 2
Microsoft Windows 2000 Server Service Pack 1
Microsoft Windows 2000 Server
Microsoft Windows 2000 Workstation SP4
Microsoft Windows 2000 Workstation SP3
Microsoft Windows 2000 Workstation SP2
Microsoft Windows 2000 Workstation SP1
Microsoft Windows 2000 Workstation
Microsoft Windows Millennium Edition (ME)
Microsoft Windows NT 4 Server Service Pack 6a
Microsoft Windows NT 4 Server Service Pack 5
Microsoft Windows NT 4 Server Service Pack 4
Microsoft Windows NT 4 Server Service Pack 3
Microsoft Windows NT 4 Server Service Pack 2
Microsoft Windows NT 4 Server Service Pack 1
Microsoft Windows NT 4 Server
Microsoft Windows NT 4 Workstation Service Pack 6a
Microsoft Windows NT 4 Workstation Service Pack 5
Microsoft Windows NT 4 Workstation Service Pack 4
Microsoft Windows NT 4 Workstation Service Pack 3
Microsoft Windows NT 4 Workstation Service Pack 2
Microsoft Windows NT 4 Workstation Service Pack 1
Microsoft Windows NT 4 Workstation
Microsoft Windows 98 Second Edition (SE)
Microsoft Windows 98
Microsoft Windows 95
NetBSD 2.0
NetBSD 1.6.2
NetBSD 1.6.1
NetBSD 1.6
NetBSD 1.5.3
NetBSD 1.5.2
NetBSD 1.5.1
NetBSD 1.5
NetBSD 1.4.3
NetBSD 1.4.2
NetBSD 1.4.1
NetBSD 1.4
NetBSD 1.3.3
NetBSD 1.3.2
NetBSD 1.3.1
NetBSD 1.3
OpenBSD 3.7
OpenBSD 3.6
OpenBSD 3.5
OpenBSD 3.4
OpenBSD 3.3
OpenBSD 3.2
OpenBSD 3.1
OpenBSD 3.0
OpenBSD 2.9
OpenBSD 2.8
OpenBSD 2.7
OpenBSD 2.6
OpenBSD 2.5
OpenBSD 2.4
Sun Solaris 10 (SunOS 5.10)
Sun Solaris 9 (SunOS 5.9)
Sun Solaris 8 (SunOS 2.8)
Sun Solaris 7 (SunOS 2.7)
Sun Solaris 6 (SunOS 2.6)
Sun Solaris 2.5.1
Linux 2.6.*

trimakasih :
junior.riau18
zee eichel

sebagian sumber yang antum ambil :
http://www.question-defense.com/2012/03/...ng-xprobe2

oke deh itu aja yang dapat saya bagi,kurang lebihnya mohon maaf,sekian.
wassalamuallaikum.

[Junior Riau]

mantap tutornya, jelas,
nice share, +1 dari ane, cek kulkas

[Al - Ayyubi]

thnk's om share ilmunya
lugas banget penjelasannya

[xsan-lahci]

eaaaa om kakus mulai menggila lag

[iKONspirasi]

wah kereen, mirip nmap tapi sayang udh ga di develop lg ya?

mari kita pake web junior buat testing

[Clound_Carbelius]

Nice Share Om .....
+1 dari gw
keren juga om target nya

[Junior Riau]

wah kereen, mirip nmap tapi sayang udh ga di develop lg ya?

mari kita pake web junior buat testing

Nice Share Om .....
+1 dari gw
keren juga om target nya

aseeem daaah wkwkkww silahkan, kalau ada bug report pleeasee :p

cari gih vulnernya
udah mau mampus ane patchingnya :/

[kakus130908$]

wkwkwk itu bagus om junior,jadi kan di pentest bareng2 misalnya ada bug tinggal di report ke ente

makasih cendolnya

[Clound_Carbelius]

wah kereen, mirip nmap tapi sayang udh ga di develop lg ya?

mari kita pake web junior buat testing

Nice Share Om .....
+1 dari gw
keren juga om target nya

aseeem daaah wkwkkww silahkan, kalau ada bug report pleeasee :p

cari gih vulnernya
udah mau mampus ane patchingnya :/

wkwkwkwkkw.....
gak ikut-ikutan ah gw

[kakus130908$]

wah kereen, mirip nmap tapi sayang udh ga di develop lg ya?

mari kita pake web junior buat testing

iya om sayang sekali sudah tidak di kembangkan

takut ah ama webnya om juni :-?