Around The Globe ATG.WORLD

Visit our sister website :

http://www.atg.world/

This is a social network for enthusiasts just like us. No Junk! Only meaningful conversations with the people who share the same enthusiasm as us.

Around The Globe ATG.WORLD

Visit our sister website :

http://www.atg.world/

This is a social network for enthusiasts just like us. No Junk! Only meaningful conversations with the people who share the same enthusiasm as us.

Monday, August 10, 2009

Banner Grabbing

All open ports have a service or a daemon running on them. As soon as you telnet or connect to such open ports, you are greeted by a welcome message, which is actually known as the daemon banner. A daemon banner contains certain information about the daemon running on that particular port, other system information and sometimes also the message of the day.

If an attacker connects to various ports of the target system, then he will find that each port has a daemon banner waiting, which can reveal juicy pieces of information regarding the target host, including the operating system name, daemon name and version, time and date, etc.

Banner Grabbing is an enumeration technique used to glean information about computer systems on a network and the services running its open ports.

An intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.

Tools commonly used to perform banner grabbing are Telnet, which is included with most operating systems, and Netcat.

For example one could establish a connection to a target host running a web service with netcat, then send a bad html request in order to get information about the service on the host:
  [root@prober] nc www.targethost.com 80
HEAD / HTTP/1.1

HTTP/1.1 200 OK
Date: Mon, 11 May 2009 22:10:40 EST
Server: Apache/2.0.46 (Unix) (Red Hat/Linux)
Last-Modified: Thu, 16 Apr 2009 11:20:14 PST
ETag: "1986-69b-123a4bc6"
Accept-Ranges: bytes
Content-Length: 1110
Connection: close
Content-Type: text/html
The administrator can now catalog this system or an intruder now knows what version of Apache to look for exploits for.

No comments:

Post a Comment