Hello Guys,
Here I am again with new article. Today I well known you about the Banner Grabbing Techniques which attacker used to gather information about the target Web servers.
There is tried & true manual technique is available for enumerating the banners and application information.
Banner grabbing is a technique used to glean information about a computer system on a network and the services running on its open ports
e.g.
In this exercise we will make a use of "Telnet" connection to various TCP ports on target system & record banner information that is presented.
Demo 1: Banner Grabbing Using Telnet.
1. from your Kali Linux, open a shell & type following commands
root@kali:~ telnet Target_IP 80 (hit enter few times)
2. what web server application running on the target.
3. Repeat the step 1 again for known port numbers to check the services running.
4. record your result.
1. Connect using telnet and type: HEAD / HTTP/1.0
telnet www.test.com 80
Trying 100.100.100.100...
Connected to www.test.com.
Escape character is '^]'.
HEAD / HTTP/1.1
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 1768
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDACBATBQQ=MJOLBPPDBKPCDFREKDMLCEOHF; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Aug 2015 03:42:18 GMT
Connection: close
Connection closed by foreign host.
2. Let's try the option command, I like this: OPTIONS / HTTP/1.0
Trying 100.100.100.100...
Connected to www.test.com.
Escape character is '^]'.
OPTIONS / HTTP/1.1
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST
Server: Microsoft-IIS/7.5
Public: OPTIONS, TRACE, GET, HEAD, POST
X-Powered-By: ASP.NET
Date: Tue, 26 Aug 2015 05:47:39 GMT
Connection: close
Content-Length: 0
Connection closed by foreign host.
Error if I type wrong commands(lower case letters):
Trying 100.100.100.100...
Connected to www.test.com.
Escape character is '^]'.
options / http/1.1 ---- I typed lower case
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 26 Aug 2015 05:50:08 GMT
Connection: close
Content-Length: 311
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request</h2>
<hr><p>HTTP Error 400. The request is badly formed.</p>
</BODY></HTML>
Connection closed by foreign host.
It is basic level of Banner Grabbing without using 3rd Party Tools like netcat, nikto, ssh etc.
More To refer:
Banner Grabbing using Netcat
Active Stack Fingerprinting Using Nmap
Passive Stack Fingerprinting Using Ettercap
FTP Enumeration
SSH Enumeration
SMTP Enumeration Using Telnet
HTTP Enumeration Using Nikto
Here I am again with new article. Today I well known you about the Banner Grabbing Techniques which attacker used to gather information about the target Web servers.
There is tried & true manual technique is available for enumerating the banners and application information.
Banner grabbing is a technique used to glean information about a computer system on a network and the services running on its open ports
e.g.
[root@prober] nc www.targethost.com 80
HEAD / HTTP/1.1
HTTP/1.1 200 OK
Date: Mon, 11 May 2009 22:10:40 EST
Server: Apache/2.0.46 (Unix) (Red Hat/Linux)
Last-Modified: Thu, 16 Apr 2009 11:20:14 PST
ETag: "1986-69b-123a4bc6"
Accept-Ranges: bytes
Content-Length: 1110
Connection: close
Content-Type: text/html
In this exercise we will make a use of "Telnet" connection to various TCP ports on target system & record banner information that is presented.
Demo 1: Banner Grabbing Using Telnet.
1. from your Kali Linux, open a shell & type following commands
root@kali:~ telnet Target_IP 80 (hit enter few times)
2. what web server application running on the target.
3. Repeat the step 1 again for known port numbers to check the services running.
4. record your result.
HTTP Commands for banner grabbing
1. Connect using telnet and type: HEAD / HTTP/1.0
telnet www.test.com 80
Trying 100.100.100.100...
Connected to www.test.com.
Escape character is '^]'.
HEAD / HTTP/1.1
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 1768
Content-Type: text/html
Server: Microsoft-IIS/7.0
Set-Cookie: ASPSESSIONIDACBATBQQ=MJOLBPPDBKPCDFREKDMLCEOHF; path=/
X-Powered-By: ASP.NET
Date: Tue, 06 Aug 2015 03:42:18 GMT
Connection: close
Connection closed by foreign host.
2. Let's try the option command, I like this: OPTIONS / HTTP/1.0
Trying 100.100.100.100...
Connected to www.test.com.
Escape character is '^]'.
OPTIONS / HTTP/1.1
HTTP/1.1 200 OK
Allow: OPTIONS, TRACE, GET, HEAD, POST
Server: Microsoft-IIS/7.5
Public: OPTIONS, TRACE, GET, HEAD, POST
X-Powered-By: ASP.NET
Date: Tue, 26 Aug 2015 05:47:39 GMT
Connection: close
Content-Length: 0
Connection closed by foreign host.
Error if I type wrong commands(lower case letters):
Trying 100.100.100.100...
Connected to www.test.com.
Escape character is '^]'.
options / http/1.1 ---- I typed lower case
HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 26 Aug 2015 05:50:08 GMT
Connection: close
Content-Length: 311
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request</h2>
<hr><p>HTTP Error 400. The request is badly formed.</p>
</BODY></HTML>
Connection closed by foreign host.
It is basic level of Banner Grabbing without using 3rd Party Tools like netcat, nikto, ssh etc.
More To refer:
Banner Grabbing using Netcat
Active Stack Fingerprinting Using Nmap
Passive Stack Fingerprinting Using Ettercap
FTP Enumeration
SSH Enumeration
SMTP Enumeration Using Telnet
HTTP Enumeration Using Nikto
No comments:
Post a Comment