Banner Grabbing Exercise
This exercise complements material in the CompTIA Security+: Get Certified Get Ahead: SY0-401 Study Guide.
This lab shows you one method of grabbing a banner from a server and learn information from it.
Requirements: This exercise assumes you’re running a Windows system and know how to access the command line. If it isn’t enabled, you’ll need to enable Telnet on the system. You can do this on Windows 7 systems via Control Panel -> Programs and Features -> Turn Windows features on or off.
1. Open a command prompt.
2. Type in telnet getcertifiedgetahead.com 80 and press Enter. The system will attempt to connect to the getcertifiedgetahead.com server using the HTTP port of 80.
3. Type in 80 and press Enter. The system will retrieve the HTML banner and includes information such as the following:
<!DOCTYPE HTML PUBLIC “-//IETF//DTD HTML 2.0//EN”>
<title>501 Method Not Implemented</title>
<h1>Method Not Implemented</h1>
<p>GET to /index.html not supported.<br /></p>
<p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p>
<address>Apache/2.2.25 (Unix) mod_ssl/2.2.25 OpenSSL/1.0.0-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/22.214.171.12435 Server at 126.96.36.199 Port 80</address>
Connection to host lost.
3. The HTML code is returning several errors which can be ignored. The real information is at the end. You can see the following information:
- Apache/2.2.25 (Unix) – This is an Apache web server version 2.25 running on a Unix system.
- mod_ssl/2.2.25 – This is an Apache module that provides SSL and TLS support.
- OpenSSL/1.0.0-fips – This is an open source implementation of SSL and TLS protocols using Federal Information Processing Standard (fips)
- mod_auth_passthrough/2.1 – An Apache module that supports other programs to use their own authentication methods.
- mod_bwlimited/1.4 – this identifies a CPanel modules used for monitoring bandwidth.
- FrontPage/188.8.131.5235 – It has a FrontPage extension enabled.
- Server at 184.108.40.206 Port 80 – This shows the IP and port number.