OS Fingerprinting

OS Fingerprinting :- OS Fingerprinting refers to detection of target computer's operating system.
Since, different operating system responds differently to the same kind of ICMP message, it is very important for an attacker to determine the exact operating system running on target system.
Also attacker can carry out attacks by taking over the vulnerabilities/bugs found in that particular operating system.
There are four areas that we will look at to determine the operating system (however there are other signatures that can be used). These signatures are:

1) TTL - What the operating system sets the Time To Live on the outbound packet.
2) Window Size - What the operating system sets the Window Size at.
3) DF - Does the operating system set the Don't Fragment bit.
4) TOS - Does the operating system set the Type of Service, and if so, at what.

There are two different types of OS Fingerprinting technique -

ICMP Scanning

ICMP scanning procedure is used to know whether a host is alive or not.During most scans using ICMP an ICMP_ECHO datagram is sent to the remote computer to determine whether it has an active IP or not. If all is well the computer that sent the ICMP_ECHO packet will recieve and ICMP_ECHO_REPLY packet which means that the host computer is p and alive. If no response is recieved it usually means that the host computer is down or an administrator is filtering the reply from the host

this scanning can be done using ping request. Ping is great to use if you aren't planning on scanning a large amount of host 

just open the command prompt and type the following command:

ping <target address> 

Daemon Banner Grabbing

All open ports have a service or a daemon running on them. As soon as you telnet or connect to such open ports, you are greeted with a welcome message which is known as DAEMON BANNER. A daemon banner contains certain information about the daemon running on that particular port, operating system information, or other crucial system information. Many open ports also allow an attacker to probe further for information which can sometimes be very important in an attacker’s bid to break into the target system.

The traditional technique of daemon-banner grabbing is to use the TELNET application to manually connect to the open ports on the target system.However, this technique is very slow and inefficient .Most attackers use a port scanning or enumeration tool that automatically grabs the daemon banner information from a remote host machine .One such tool is the netcat port scanning tool

the procedure is given below:

goto the netcat directory in command prompt and type the following command

WHOIS

This is a very small tutorial about Whois serach tool

It is a tool which is usefull for finding all information about a particular website such as it's  admin information,registered day,IP address and how many other sites are hosted on this server

A very good website for testing this is

http://www.domaintools.com/

It is widely used by all security researchers

Traceroute

traceroute is a computer network diagnostic tool for displaying the route (path) of the packets across an Internet Protocol(IP) network to reach it;s destination address.It shows you the route over the network between two systems, listing all the intermediate routers a connection must pass through to get to its destination.

The traceroute program is available on most computers which support networking, including most Unix systems, Mac OS X, and Windows 95 and later.
On a Unix system, including Mac OS X, run a traceroute at the command line like this:
traceroute server.name

How to know passwords stored in web browsers

It is Quite Dangerous to save your password in Internet Explorer, Mozilla FireFox, Google Chrome, or even in Messengers.
Whenever you select “Remember my Password” option, then your Passwords are Automatically saved into your Computer, for further use.
The saved Passwords can be retrieved quite easily.
It is more dangerous when you are using public computers. In that case anyone can easily extract your password and misuse it.

Here is the Tip on how to Extract Saved Passwords:-

External VS Internal IP Addresses

In simpler terms:-
An external address is like a telephone number that anyone can phone.
It has to be unique (and should be allocated to you).
(Imagine if two people had the same phone number for completely different houses - who would get the call - similar problem would occur with computers with the same external number).
Using that IP address (telephone number) any other computer connected to the web can talk to you (any phone on the phone exchange can phone you), unless you limit them in some way (firewalls etc - a bit like call barring).

An internal address is more like an extension number within an office.

Hiding IP address

IP address is short for Internet Protocol (IP) address.
An IP address is an identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination.

The Format of an IP Address

The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.

There are two types of IP address
(for IPv4)   172.16.254.1
(for IPv6)   2001:db8:0:1234:0:567:8:1

Reasons for hiding IP address:

Enumerating Remote Systems

Getting start with Hacking: Enumerating Remote systems

Many of the beginners in the field of hacking start to hack or crack without having pre-hacking tips which often leads them to the wrong direction. Its better to work on a specific target before attacking. Lets start with the session, and then continue till expertise.

Firstly, keep in mind, these following points if you want to hack a Remote Computer System:

Vulnerability + Exploit = Hacking

MAC ADDRESS AND MAC SPOOFING

MAC Address
A Media Access Control address (MAC address) is a unique identifier assigned to network interfaces for communications on the physical network segment
MAC addresses are most often assigned by the manufacturer of a network interface card (NIC) and are stored in its hardware, the card's read-only memory, or some other firmware mechanism. If assigned by the manufacturer, a MAC address usually encodes the manufacturer's registered identification number and may be referred to as the burned-in address. It may also be known as an Ethernet hardware address (EHA), hardware address or physical address
MAC addresses are 12-digit hexadecimal numbers (48 bits in length). By convention, MAC addresses are usually written in one of the following two formats:
MM:MM:MM:SS:SS:SS
MM-MM-MM-SS-SS-SS
The first half of a MAC address contains the ID number of the adapter manufacturer. These IDs are regulated by an Internet standards body (see sidebar). The second half of a MAC address represents the serial number assigned to the adapter by the manufacturer. In the example,

How to find the Remote Computer's MAC Address

Every device on a TCP/IP network has a unique number assigned to it called the MAC (Media Access Control) address. The MAC address is used by the network hardware such as routers, switches, etc. to send traffic from one device to another device on your network.

Your computer uses a service called ARP (Address Resolution Protocol) to resolve and track the TCP/IP and MAC address of the remote devices that you're communicating with. This information is handy for doing semi-low level network troubleshooting. It can also be used for granting or denying permissions to a network segment or device on that network.

To determine the MAC address of a remote device: