How can I detect the remote operating system?
Is it possible to detect the operating system type remotely from another system using any tools like
nmapwithout admin privileges? What are the other alternatives for achieving this?
More details please? You can use nmap to scan the target os and it will make a good guess.... php scripts can also do it using $_SESSION[HTTP_USER_AGENT] but they would have to visit the page.
Here is a link that explains how nmap can perform OS detection and the appropriate command syntax. https://nmap.org/book/man-os-detection.html
No OS detection is performed when not using root user, no traceroute either. Yes you will be able to perform -A scan, but only with service discovery, just as you would with -sV flag.
sudo nmap -O <target>
Or if they block your ping probes you can do:
sudo nmap -O <target> -Pn
Sometimes you still get fake results and you should try doing an aggressive scan (can be detected and blocked by the firewall).
sudo nmap -A <target>
OP asks explicitly for methods that work without admin privileges. I don't know why OP does, but this does not answer the question.
If I use "sudo nmap -O
" or "sudo nmap -A " it prompts for password. My intention to find the OS type without using admin privileges and any passwords.
You could use use the -T4 option together with the -A. No sudo is required (Tested on Ubuntu).
$ nmap -T4 -A 192.168.0.0/24
Would return for instance:
Nmap scan report for 192.168.0.95 Host is up (0.00060s latency). Not shown: 996 closed ports PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.9p1 Debian 5ubuntu1 (protocol 2.0) | ssh-hostkey: 1024 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (DSA) |_2048 00:00:00:00:00:00:00:00:00:00:00:00:00:00:00:6c (RSA) 80/tcp open http nginx 1.1.19 |_http-title: 403 Forbidden |_http-methods: No Allow or Public header in OPTIONS response (status code 405) 111/tcp open rpcbind | rpcinfo: | program version port/proto service | 100000 2,3,4 111/tcp rpcbind | 100000 2,3,4 111/udp rpcbind | 100003 2,3,4 2049/tcp nfs | 100003 2,3,4 2049/udp nfs | 100005 1,2,3 46448/tcp mountd | 100005 1,2,3 52408/udp mountd | 100021 1,3,4 35394/udp nlockmgr | 100021 1,3,4 57150/tcp nlockmgr | 100024 1 49363/tcp status | 100024 1 51515/udp status | 100227 2,3 2049/tcp nfs_acl |_ 100227 2,3 2049/udp nfs_acl 2049/tcp open nfs (nfs V2-4) 2-4 (rpc #100003) Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
The -A tells nmap to perform OS checking and version checking. The -T4 is for the speed template, these templates are what tells nmap how quickly to perform the scan. The speed template ranges from 0 for slow and stealthy to 5 for fast and obvious.