banner grabbing - bits and pieces
TRANSCRIPT
-
7/29/2019 Banner Grabbing - Bits and Pieces
1/2
Banner grabbingPosted on January 8, 2013 by Fabian Affolter
For the reconnaissance part or target server enumeration of a security audit banner grabbing is a technique to
gain information about computer systems (which are defined in the test scope). As usual there are many ways
to do it. Below is a little overview of tools/technique which are available in the Fedora Security Lab and Alpine
Security.
netcat
curl
or if you only want the server details
bannergrab
bannergrab is a network service banner grabbing tool.
telnet
telnet is working similar to netcat. Just less user-friendly
bits and piecesprimary Fedora and some negligibilitieshauptschlich Fedora und ein paar Nebenschlichkeiten
123
4567891011
$nc fabian-affolter.ch80HEAD / HTTP/1.1host: localhost
HTTP/1.1302FoundDate: Mon,07Jan201322:41:20GMTServer: ApacheX-Powered-By: PHP/4.3.11Location: ./user/index.phpConnection: closeContent-Type: text/html
123456
78910
$curl -Ihttp://fabian-affolter.chHTTP/1.1200OKDate: Mon,07Jan201322:42:08GMTServer: ApacheLast-Modified: Mon,10Sep201211:34:38GMTETag: "580005-1270-504dd04e"
Accept-Ranges: bytesContent-Length: 4720Connection: closeContent-Type: text/html
1 $curl -s -Ihttp://fabian-affolter.ch | grep -e "Server: "
123
45678
$bannergrab fabian-affolter.ch80HTTP/1.1302FoundDate: Mon,07Jan201322:49:36GMT
Server: ApacheX-Powered-By: PHP/4.3.11Location: ./user/index.phpConnection: closeContent-Type: text/html
123456
$telnet fabian-affolter.ch80Trying85.10.192.140...Connected tofabian-affolter.ch.Escape character is'^]'.HEAD / HTTP/1.1host: localhost
-
7/29/2019 Banner Grabbing - Bits and Pieces
2/2
bits and pieces 2001-2013
nmap
nmap can provides additional features with the help of the Nmap Scripting Engine (NSE). The correspondingscript is called banner.
Python
If you like to have your own tool, Python with urllib2 will provide a fast way to implement banner grabbing
solutions.
or with a little more comfort
wget
Last but not least, wget. wget is available on many platforms and well-known.
This entry was posted in Alpine Linux, Fedora, Security . Bookmark the permalink.
78910111213141516
HTTP/1.1302FoundDate: Mon,07Jan201322:52:27GMTServer: ApacheX-Powered-By: PHP/4.3.11Location: ./user/index.phpConnection: closeContent-Type: text/htmlConnection closed by foreign host.
1234567891011
$nmap -sV -p80 --script=banner fabian-affolter.chStarting Nmap6.01(http://nmap.org ) at 2013-01-08 00:14 CETNmap scan report forfabian-affolter.ch(85.10.192.140)Host isup(0.030slatency).rDNS record for85.10.192.140: tux29.hoststar.chPORT STATE SERVICE VERSION80/tcp open http Apache httpdService detection performed.Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1IP address(1host up)scanned in16.56seconds
1234
import urllib2u = urllib2.urlopen('http://fabian-affolter.ch')printu.info()
1234
567
importurllib2target = raw_input("Please enter the domain name: ")u = urllib2.urlopen(target)
print'\nURL :',u.geturl()print'Server :',u.info()['server']
123456789
10
wget -q -Sfabian-affolter.ch HTTP/1.1200OK Date: Mon,07Jan201323:43:56GMT Server: Apache Last-Modified: Mon,10Sep201211:34:38GMT ETag: "580005-1270-504dd04e" Accept-Ranges: bytes Content-Length: 4720 Connection: close
Content-Type: text/html