Hey There!
I just thought about starting a Web Security Testing Series!
So , here it is!
I just started the Series with Information Gathering, so it's a part of Information Gathering that is- "Web Server Fingerprinting"
If you are beginner , it could be good start, because the information gathering is one of most initial stages of Web Security Testing (aka Hacking).
Objective of Information gathering is to get more and more info about victim, so we can select the perfect attack or exploit , that could easily Find a vulnerability and get your way into system!
I'll perform fingerprinting using Netcat Tool, that is pre-installed in Kali Linux, but it's bright side is that you could use it on WINDOWS, It's compiled to Windows Executable File by a non-official authority, so go and get it here!
And If it's not installed on your Linux System, run following command in Terminal!
sudo apt-get install netcat
Netcat is called Swiss Army Knife of Hacking Tools!
Netcat could be used to scan ports just like NMAP, and you can also use Netcat to make connection with any open TCP or UDP Port!
Why Fingerprinting And What it does?
Well, it's part of Information gathering, It's done by sending a particular HTTP request to web server! And, server responds with some text that is also called "BANNER" , so in other words you can say it Banner Grabbing .
Telnet is also used for Banner Grabbing, but right now, we're using Netcat.
It's very important as It helps you determine the Server Version, Operating system, and some other info, that helps in using correct pen-testing method, or say using correct Exploit and Payload against the server! Now, you know, It's very Important!
The Banner is provided by the Server itself! So, in most cases it's NOT illegal!
But take care that you don't perform any illegal task using it, becauseeee!
I WON'T BE RESPONSIBLE FOR ANY TASK PERFORMED BY YOU AFTER READING THIS ARTICLE!
So, let's get back to fingerprinting!
It's possible only if PORT 80 (http) is open!
Now, I assume, you have NetCat installed!
Run following command to start Fingerprinting!
nc <ip address of web server> 80
or
nc <domain name of server> 80
Now if you can't find IP of domain, just run this command
nslookup <domain name>
And for Windows
tracert <domain name>
It will get you the IP of Domain!
I ran that command of Netcat as follows and got this!
After running "nc <ip or domain> 80 "
There will be a blinking cursor, and you need to type another command there!
That is :
HEAD / HTTP/1.0
Type this command exactly, even a change in space may change the results!
To understand this command, click here .
Now we got one info that is Server, It's a APACHE SERVER!
If you know the type and version of server, you have found a great information about the server!
But another thing you can see is Bad Request, it happens due to a wrong request, but most of times, it doesn't makes change, but sometimes, It may get no info for you!
You might have understood the basic of Fingerprinting!
However, this method is not so accurate , as the response could be obfuscated, like follows:
403 HTTP/1.1 Forbidden
Date: Mon, 16 Jun 2003 02:41: 27 GMT
Server: Unknown-Webserver/1.0
Connection: close
Content-Type: text/HTML; charset=iso-8859-1
Now, next part is understanding the Response of Server for a Bad Request or understanding OBFUSCATED Banner Response!
TO UNDERSTAND OBFUSCATION, SEE OUR ANOTHER ARTICLE:
WHAT IS OBFUSCATION? AND HOW TO OBFUSCATE DIFFERENT PROGRAMMING LANGUAGES!
How you can understand obfuscated response, we need to derive info from the obfuscated text, we can do it by understanding the ORDERING OF INFORMATION GIVEN BY SERVER , as every server have a different ordering of info! See these examples to understand better!
Date: Sun, 15 Jun 2003 17:17: 47 GMT
Server: Apache/1.3.23
Last-Modified: Thu, 27 Feb 2003 03:48: 19 GMT
ETag: 32417-c4-3e5d8a83
Accept-Ranges: bytes
Content-Length: 196
Connection: close
Content-Type: text/HTML
Server: Microsoft-IIS/5.0
Content-Location: http://iis.example.com/Default.htm
Date: Fri, 01 Jan 1999 20:13: 52 GMT
Content-Type: text/HTML
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jan 1999 20:13: 52 GMT
ETag: W/e0d362a4c335be1: ae1
Content-Length: 133
I've just mentioned majorly used servers, for others, you may use google, it's there on google!
So even though response will be obfuscated, you can derive too much information from it, if you know ordering of the response of different servers!
So just mug up these ordering of Info!
I'll soon write next article of this series, but this series won't have article one after another, there might be some other articles in between the series!
SO GO ON, PRACTICE THE SERVER FINGERPRINTING!
AND FINALLY
THANKS FOR READING THE POST!
I'll BE SOON BACK WITH MORE ARTICLES
TILL THEN, FOLLOW MY INSTAGRAM ACCOUNT!
YOU'LL FIND SOME FUNNY CODING/HACKING MEMES!
I just thought about starting a Web Security Testing Series!
So , here it is!
I just started the Series with Information Gathering, so it's a part of Information Gathering that is- "Web Server Fingerprinting"
If you are beginner , it could be good start, because the information gathering is one of most initial stages of Web Security Testing (aka Hacking).
Objective of Information gathering is to get more and more info about victim, so we can select the perfect attack or exploit , that could easily Find a vulnerability and get your way into system!
I'll perform fingerprinting using Netcat Tool, that is pre-installed in Kali Linux, but it's bright side is that you could use it on WINDOWS, It's compiled to Windows Executable File by a non-official authority, so go and get it here!
And If it's not installed on your Linux System, run following command in Terminal!
sudo apt-get install netcat
Netcat is called Swiss Army Knife of Hacking Tools!
Netcat could be used to scan ports just like NMAP, and you can also use Netcat to make connection with any open TCP or UDP Port!
Why Fingerprinting And What it does?
Well, it's part of Information gathering, It's done by sending a particular HTTP request to web server! And, server responds with some text that is also called "BANNER" , so in other words you can say it Banner Grabbing .
Telnet is also used for Banner Grabbing, but right now, we're using Netcat.
It's very important as It helps you determine the Server Version, Operating system, and some other info, that helps in using correct pen-testing method, or say using correct Exploit and Payload against the server! Now, you know, It's very Important!
The Banner is provided by the Server itself! So, in most cases it's NOT illegal!
But take care that you don't perform any illegal task using it, becauseeee!
I WON'T BE RESPONSIBLE FOR ANY TASK PERFORMED BY YOU AFTER READING THIS ARTICLE!
So, let's get back to fingerprinting!
It's possible only if PORT 80 (http) is open!
Now, I assume, you have NetCat installed!
Run following command to start Fingerprinting!
nc <ip address of web server> 80
or
nc <domain name of server> 80
Now if you can't find IP of domain, just run this command
nslookup <domain name>
And for Windows
tracert <domain name>
It will get you the IP of Domain!
I ran that command of Netcat as follows and got this!
After running "nc <ip or domain> 80 "
There will be a blinking cursor, and you need to type another command there!
That is :
HEAD / HTTP/1.0
Type this command exactly, even a change in space may change the results!
To understand this command, click here .
Now we got one info that is Server, It's a APACHE SERVER!
If you know the type and version of server, you have found a great information about the server!
But another thing you can see is Bad Request, it happens due to a wrong request, but most of times, it doesn't makes change, but sometimes, It may get no info for you!
You might have understood the basic of Fingerprinting!
However, this method is not so accurate , as the response could be obfuscated, like follows:
403 HTTP/1.1 Forbidden
Date: Mon, 16 Jun 2003 02:41: 27 GMT
Server: Unknown-Webserver/1.0
Connection: close
Content-Type: text/HTML; charset=iso-8859-1
Now, next part is understanding the Response of Server for a Bad Request or understanding OBFUSCATED Banner Response!
TO UNDERSTAND OBFUSCATION, SEE OUR ANOTHER ARTICLE:
WHAT IS OBFUSCATION? AND HOW TO OBFUSCATE DIFFERENT PROGRAMMING LANGUAGES!
How you can understand obfuscated response, we need to derive info from the obfuscated text, we can do it by understanding the ORDERING OF INFORMATION GIVEN BY SERVER , as every server have a different ordering of info! See these examples to understand better!
APACHE RESPONSE ORDER IS:
HTTP/1.1 200 OKDate: Sun, 15 Jun 2003 17:17: 47 GMT
Server: Apache/1.3.23
Last-Modified: Thu, 27 Feb 2003 03:48: 19 GMT
ETag: 32417-c4-3e5d8a83
Accept-Ranges: bytes
Content-Length: 196
Connection: close
Content-Type: text/HTML
MICROSOFT IIS RESPONSE ORDER IS:
HTTP/1.1 200 OKServer: Microsoft-IIS/5.0
Content-Location: http://iis.example.com/Default.htm
Date: Fri, 01 Jan 1999 20:13: 52 GMT
Content-Type: text/HTML
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jan 1999 20:13: 52 GMT
ETag: W/e0d362a4c335be1: ae1
Content-Length: 133
I've just mentioned majorly used servers, for others, you may use google, it's there on google!
So even though response will be obfuscated, you can derive too much information from it, if you know ordering of the response of different servers!
So just mug up these ordering of Info!
I'll soon write next article of this series, but this series won't have article one after another, there might be some other articles in between the series!
SO GO ON, PRACTICE THE SERVER FINGERPRINTING!
AND FINALLY
THANKS FOR READING THE POST!
I'll BE SOON BACK WITH MORE ARTICLES
TILL THEN, FOLLOW MY INSTAGRAM ACCOUNT!
YOU'LL FIND SOME FUNNY CODING/HACKING MEMES!
That was a stunning opinion, thank you for this great guidance
ReplyDeleteLeadership Training In Chennai
Leadership Online Courses
Best Online Leadership Courses
Excellent Blog, I like your blog and It is very informative. Thank you
ReplyDeleteData Science
Machine Learning
ReplyDeleteyou have written an excellent blog.. keep sharing your knowledge...
resources of cloud computing
google cloud resources