19th December 2024

Getting Information from the Operating System or Services on it – Banner Grabbing in Penetration Tests

When a connection is made to a system or service, the target system sends a response to this connection request. This message gives some clues about that service/application. During penetration tests, this information is tried to be obtained from the operating system of the target system or the services on it.
With Banner Grabbing, version information of services such as HTTP, FTP, Telnet, SSH, SMTP, SNMP etc. can be obtained. This information can be used for purposes such as abuse in later stages. Banner Grabbing can be performed with various methods. You can see these methods below.

Banner Grabbing with Netcat

You can get information about HTTP service provided with Netcat tool as follows.

root@omer:~# nc -v www.vatanbilgisayar.com 80
Banner Grabbing with Netcat
Banner Grabbing with Netcat

 

Banner Grabbing with Telnet

You can get information about the HTTP service provided with the Telnet tool as follows. For this purpose, methods such as GET / HEAD can be given.

root@omer:~# telnet www.haberturk.com 80

 

Banner Grabbing with Telnet
Banner Grabbing with Telnet

 

FTP service

You can obtain information about the FTP service in a similar way with the Telnet tool.

root@omer:~# telnet ftp.iop.org 21
FTP service
FTP service

 

HTTP Banner Grabbing with Nikto

You can get information about the HTTP service provided with the Nikto tool as follows.

root@omer:~# nikto -h www.ulusoy.com.tr
HTTP Banner Grabbing with Nikto
HTTP Banner Grabbing with Nikto

 

Banner Grabbing with Nmap

You can get information about the HTTP service provided with the “banner” script of the Nmap tool as follows.

root@omer:~# nmap -sS -sV -p 80 -n -Pn www.migros.com.tr --script banner
Banner Grabbing with Nmap
Banner Grabbing with Nmap

 

HTTP Banner Grabbing with cURL

You can get information about the HTTP service provided with the cURL tool as follows.

root@omer:~# curl -vX -k haberturk.com
HTTP Banner Grabbing with cURL
HTTP Banner Grabbing with cURL

 

LEARN MORE  What is BitLocker? How is it used?

Banner Grabbing with Metasploit

You can get information about the SSH service provided with the Metasploit ssh_version module as follows.

msf > use scanner/ssh/ssh_version
msf auxiliary(ssh_version) > show options
msf auxiliary(ssh_version) > set RHOSTS 100.100.200.7
msf auxiliary(ssh_version) > run
Banner Grabbing with Metasploit
Banner Grabbing with Metasploit

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *