bits and pieces

primary Fedora and some negligibilit ieshaupt schlich Fedora und ein paar Nebenschlichkeit en

B a nner gra bbing

Post ed on January 8, 2013 by Fabian Af f olt er

For the reconnaissance part or target server enumeration of a security audit banner grabbing is a technique to gain information about computer systems (which are defined in the test scope). As usual there are many ways to do it. Below is a little overview of tools/technique which are available in the Fedora Security Lab and Alpine Security. ne tc at
1 2 3 4 5 6 7 8 9 10 11 $ nc fabian-affolter.ch 80 HEAD / HTTP/1.1 host: localhost HTTP/1.1 302 Found Date: Mon, 07 Jan 2013 22:41:20 GMT Server: Apache X-Powered-By: PHP/4.3.11 Location: ./user/index.php Connection: close Content-Type: text/html

c url
1 2 3 4 5 6 7 8 9 10 $ curl -I http://fabian-affolter.ch HTTP/1.1 200 OK Date: Mon, 07 Jan 2013 22:42:08 GMT Server: Apache Last-Modified: Mon, 10 Sep 2012 11:34:38 GMT ETag: "580005-1270-504dd04e" Accept-Ranges: bytes Content-Length: 4720 Connection: close Content-Type: text/html

or if you only want the server details

1 $ curl -s -I http://fabian-affolter.ch | grep -e "Server: "

banne rgrab bannergrab is a network service banner grabbing tool.

1 2 3 4 5 6 7 8 $ bannergrab fabian-affolter.ch 80 HTTP/1.1 302 Found Date: Mon, 07 Jan 2013 22:49:36 GMT Server: Apache X-Powered-By: PHP/4.3.11 Location: ./user/index.php Connection: close Content-Type: text/html

te l ne t telnet is working similar to netcat. Just less user-friendly

1 2 3 4 5 6 $ telnet fabian-affolter.ch 80 Trying 85.10.192.140... Connected to fabian-affolter.ch. Escape character is '^]'. HEAD / HTTP/1.1 host: localhost

7 8 9 10 11 12 13 14 15 16

HTTP/1.1 302 Found Date: Mon, 07 Jan 2013 22:52:27 GMT Server: Apache X-Powered-By: PHP/4.3.11 Location: ./user/index.php Connection: close Content-Type: text/html Connection closed by foreign host.

nm ap nmap can provides additional features with the help of the Nmap Scripting Engine (NSE). The corresponding script is called banner.
1 2 3 4 5 6 7 8 9 10 11 $ nmap -sV -p 80 --script=banner fabian-affolter.ch Starting Nmap 6.01 ( http://nmap.org ) at 2013-01-08 00:14 CET Nmap scan report for fabian-affolter.ch (85.10.192.140) Host is up (0.030s latency). rDNS record for 85.10.192.140: tux29.hoststar.ch PORT STATE SERVICE VERSION 80/tcp open http Apache httpd Service detection performed. Please report any incorrect results at http://nmap.org/submit/ . Nmap done: 1 IP address (1 host up) scanned in 16.56 seconds

Python If you like to have your own tool, Python with urllib2 will provide a fast way to implement banner grabbing solutions.
1 import urllib2 2 3 u = urllib2.urlopen('http://fabian-affolter.ch') 4 print u.info()

or with a little more comfort

1 2 3 4 5 6 7 import urllib2 target = raw_input("Please enter the domain name: ") u = urllib2.urlopen(target) print '\nURL print 'Server :', u.geturl() :', u.info()['server']

wge t Last but not least, wget. wget is available on many platforms and well-known.
1 wget -q -S fabian-affolter.ch 2 HTTP/1.1 200 OK 3 Date: Mon, 07 Jan 2013 23:43:56 GMT 4 Server: Apache 5 Last-Modified: Mon, 10 Sep 2012 11:34:38 GMT 6 ETag: "580005-1270-504dd04e" 7 Accept-Ranges: bytes 8 Content-Length: 4720 9 Connection: close 10 Content-Type: text/html This ent ry was post ed in Alpine Linux, Fedora, Securit y. Bookmark t he permalink.

bit s a nd pie ce s 2001- 2013