Re: probing operating sytem
- From: Ertugrul Soeylemez <never@xxxxxxxxxxxxxx>
- Date: Thu, 23 Nov 2006 20:12:04 +0100
"poncenby" <buzzinfly@xxxxxx> (06-11-21 14:19:53):
I'd be suprised if there were not tools already out there for this
but, with a simple bit of scripting you could use fdisk to find out
the filesystem type and using mount, ls and grep you should be able
to get a good idea of the OS in use. You could even use a hashing
algorithm to check file versions and hence work out what OS version
is in use.
Would that be any use to you?
I'm using a few of the sleuthkit tools but I'm not that keen on having
to mount basically every partition node under /dev. Just hoping
someone knew of a tool that already has the OS identification
functionality that works on /dev block devices/dd images etc etc.
You will be searching forever. Script it yourself, it's easy. Just
mount the partition with '-t auto', and check some files' hash values,
as Bogwitch already suggested. An appropriate shell script should not
exceed 15 lines. You will find the '-c' option to 'sha1sum'
However, this is not a security related problem.