DEV Community

powerexploit
powerexploit

Posted on • Updated on

Operating system Detection using TTL value Powershell & Ping!

When I was working on networking & data communication using several scripting & tools, Ping was my first tool in networking. I found an article about operating system detection using TTL(TIME TO Live) & Ping, which jerked my brain. Ping is a networking utility in DCN used to check connectivity between two devices in networking which can be used from the command line of window & terminal of Linux operating systems. and Time TO Live simply means, how long a resolver is supposed to cache the DNS query before the query expires and a new one needs to be done.
Alt Text
As You can see in the above ipv4 header there is one field about Time to live which contains 8 bits, it is a mechanism that limits the lifespan or lifetime of data in a computer or network in ipv4.
Note: For more information about ipv4 TTL visit Wikipedia.

What I Did ?

Alt Text
This diagram shows the different TTL values of operating systems according to their window size(discuss later).
It's time to detect an operating system with TTL values & Ping, So first of all because I was working on a window, the time was to open the power shell(the only reason why I used the window). In step one, I ran the tracert(traceroute in Linux) command to trace the route of IP or domain.
Command: tracert dev.to
Alt Text
Note : Number Of Hops : 10 .
Time was to run ping, Ping operates by sending Internet Control Message Protocol (ICMP) Echo Request packets to the target host and waiting for an ICMP Echo Reply.
Command: ping dev. to
Alt Text
Now TTL value is 54 & Number Of Hops we get 10 By adding TTL value with Hops in number (54+10 = 64), we can conclude that there is a Linux Machine Running Because The first diagram shows that Linux includes 64 TTL.
In the next para I am explaining the power-shell script to detect OS.

Powershell to detect Operating System:

Power-shell has its function & cmdlets that can work as same as ping to get TTL value, so because I wanted to automate the whole Operating system detection process using TTL in a single power-shell module as ping.
In the coding part, I wrote a power-shell module with the PsPing function for Os in which I implemented the test-connection cmdlet of powershell.


To run above module/script I opened up my power-shell terminal:
1. import-module -name 'path of file/name'
2. get-command -module TTLOs.psm1
3. PsPing google.com
Enter fullscreen mode Exit fullscreen mode

Execution:

exploit > import-module -name TTlOs.psm1
exploit > wc F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
 52 130 803 F:\coding_part\powershell_scripting\scripts\TTlOs.psm1
exploit > PsPing google.com
Target is running on Linux Machine according to TTL value 53
Enter fullscreen mode Exit fullscreen mode

Research Paper is also present on my github related to TTL.
so enjoy & support me follow me on github and twitter

Discussion (0)