Pentesting 101: Fingerprinting Final
This is the final article in a series on fingerprinting in Pentesting. Start from the beginning here.
WHAT TO DO WITH THE FINGERPRINT
The goal of fingerprinting a network is to find out what operating systems and services are running and potentially find a way into the network through those internet facing systems. For those looking for ways into the network from an external source using vulnerable software, there is a search engine for service and operating system vulnerabilities called the “Exploit Database” or exploit-db. Exploit-db is updated daily and hosts exploit code and general information about vulnerabilities for a particular piece of software or operating system. Using the information, we found about the network services earlier, we can use exploit-db to search for an exploit. Remember, only use exploits against your home lab or networks you have permission.
The tools presented in this article are not the only tools that can scan and fingerprint a network. There are countless others out there. While some are simple and handle a small subset of services, there are others out there which offer whole suites of tools that cost money and try to be a one-stop-shop for fingerprinting, scanning, and vulnerability finding. Many of these tools can be run concurrently as well. If an nmap scan shows there is a web server present, run nikto, gobuster or other tools at the same time. There is an adage in the penetration testing community of “Always Be Enumerating”.
Fingerprinting a network may not always give you the way to accessing a target network. It is a start in creating that larger picture of the target and the systems they operate. These scans yielded a vast amount of network, service, and operating system knowledge that could not be found any other way but through scanning. Fingerprinting helps the penetration tester understand the security posture of the target network. You noticed that there was no easy way access the target network. There are other ways into the network besides technical means and we will discuss them shortly. In the next article we will take a small break from this series to talk about how to use python to craft your own unique port scanner as knowing programming can make you a much more skilled penetration tester.
Hisomeru is a contributing player in the infosec community. In Hisomeru’s more than 15 years of experience, Hisormeru has managed IT security teams, developed custom tools and performed penetration tests. Cyber security is Hisomeru’s passion and Hisomeru has taught many individuals cutting edge penetration testing techniques. Hisomeru’s twitter is: https://twitter.com/Hisomeru