Nmap Enumeration - Our client wants to know if we can identify which operating system their provided machine is running on. Submit the OS name as the answer

Hey Guys,
I’m a complete newbie, so sorry in advanced if the answers seems to obvious, but I could need a hint into the right direction. Currently I am working on the NETWORK ENUMERATION WITH NMAP module, and I’m stuck literally on the first module.

The Question is: “Our client wants to know if we can identify which operating system their provided machine is running on. Submit the OS name as the answer.”

I tried several commands for example like:
sudo nmap -p 10001 -O -D RND:5 --disable-arp-ping -Pn -e tun0

as the Answer I got Linux, but if I type it into the answer field, I just get an Error (I tried every port and also the -S but this also does not bring me very far)

Already saying thanks in advanced for everyone taking his time to read and answer this :slight_smile:

1 Like

Okay I just found out where my mistake was, for others having problems on this:
search for the services on the ports


hi bro im still stuck on this lab any hint? thx in advance

Could you please explain little more ?

Based on the last result, find out which operating system it belongs to. Submit the name of the operating system as result.

This got me confused because I was more concerned about the NMAP scanning techniques and how to check if a target is alive or not.

So funny we as attackers work on our virtual machines while our targets work on either their Linux, Windows, and other OS

hahaha hahaha… Just crack this and answer the question
Good Luck!

1 Like

if you have finish looking up for ports just try to access the port with different services to login. you will definitely be on the place.

try to find the version of each service

My Answer is Ubuntu
sudo nmap ip -S -A
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
|_http-title: Apache2 Ubuntu Default Page: It works
|_http-server-header: Apache/2.4.18 (Ubuntu)

most of operating system has different time to live, base on the previous result the ttl is 128 ( ```
RCVD (0.0152s) ICMP [ > Echo reply (type=0/code=0) id=13607 seq=0] IP [ttl=128 id=40622 iplen=28 ]): ttl=128 most the case is windows


Hi. My solution involved looking at the open ports of my target system. Then look at the --help info to see what you can add to the nmap command to scan for the OS.

This comman does not work?

god i know the ans , we cant use -O it just return us Linux,not the right one, we should use -sV or -A

In my case, the host was down. Had to rely on ttl from the previous scan

you don’t need to run any command its all about TTL :wink:

Guys i have tried everything from sV to A to TTL to connecting to ports.
My answer still wrong PLS I need another hint

I did, and still got the wrong answer idk what am i doing wrong