Difference between revisions of "Banner Grabbing"
Tags: Mobile web edit, Mobile edit |
|||
Line 55: | Line 55: | ||
*{{Security}} | *{{Security}} | ||
*[[Certified Ethical Hacker (CEH) Contents]] | *[[Certified Ethical Hacker (CEH) Contents]] | ||
+ | |||
+ | [[Category:Security]] |
Revision as of 00:03, 6 July 2021
Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. Administrators can use this to take inventory of the systems and services on their network.
Contents
Active banner grabbing
This is the most popular type of banner grabbing, basically the act of sending packets to the remote host and waiting for their response to analyze the data.
Active banner grabbing techniques involve opening a TCP (or similar) connection between an origin host and a remote host. It can be considered active, as your connection will be logged in the remote system. This is the most risky approach to banner grabbing as it’s often detected by some IDS.
Passive banner grabbing
On the other hand, passive banner grabbing enables you to get the same information while avoiding a high level of exposure from the origin connection. Different intermediate software and platforms can be used as a gateway to avoid a direct connection and still allow you to obtain the data you need.
Using 3rd party networks tools or services such as search engines, shodan.io, or sniffing the traffic to capture and analyze packets, can help you determine software versions.
Banner Grabbing Tools
Telnet
One of the most famous is Telnet
telnet IP PORT
Wget
Wget is another great tool that can lead us to the remote banner of any remote or local server'
Example:
wget 192.168.0.15 -q -S
The -q will suppress the normal output, and the -S parameter will print the headers sent by the HTTP server, which also works for FTP servers.
cURL
cURL offers the same features to fetch remote banner information from HTTP servers.
curl -s -I 192.168.0.15 | grep -e "Server: "
Nmap
nmap -sV --version-intensity 5 xxxxxx.com -p 80
The -sV option lets us fetch the software versions, and by adding –version-intensity 5, we can get the maximum number of possible details about the remote running software.
By using the powerful NSE we can also try other scripts that will help us fetch remote banners easily:
nmap -sV --script=banner IP
Netcat
Netcat is the swiss army knife of the hackers. Netcat is used for file (exploit) transfer, finding open ports & remote administration (Bind & Reverse Shells). You can manually connect to any network service like HTTP using netcat. Another utility is to listen on any udp/tcp ports on your machine for any incoming connections.
<nc<IPaddress or FQDN> <port number>
See also
- Security: Security portfolio, Security standards, Hardening, CVE, CWE, Wireless Network Hacking, vulnerability scanner, Security risk assessment, SCA, Application Security Testing, OWASP, Data leak, NIST, SANS, MITRE, Security policy, Access Control attacks, password policy, password cracking, Password manager, MFA, OTP, UTF, Firewall, DoS, Software bugs, MITM, Certified Ethical Hacker (CEH) Contents, Security+ Malware, FIPS, DLP, Network Access Control (NAC), VAPT, SIEM, EDR, SOC, pentest, PTaaS, Clickjacking, MobSF, Janus vulnerability, Back Orifice, Backdoor, CSO, CSPM, PoLP, forensic, encryption, Keylogger, Pwn2Own, CISO, Prototype pollution
- Certified Ethical Hacker (CEH) Contents
Advertising: