Skip to main content

WEB SERVER FINGERPRINTING USING NETCAT- INFORMATION GATHERING

Hey There!
I just thought about starting a Web Security Testing Series!
So , here it is!
I just started the Series with Information Gathering, so it's a part of Information Gathering that is- "Web Server Fingerprinting"
If you are beginner , it could be good start, because the information gathering is one of most initial stages of Web Security Testing (aka Hacking).
Objective of Information gathering is to get more and more info about victim, so we can select the perfect attack or exploit , that could easily Find a vulnerability and get your way into system!



I'll perform fingerprinting using Netcat Tool, that is pre-installed in Kali Linux, but it's bright side is that you could use it on WINDOWS, It's compiled to Windows Executable File by a non-official authority, so go and get it here!
And If it's not installed on your Linux System, run following command in Terminal!

sudo apt-get install netcat

Netcat is called Swiss Army Knife of Hacking Tools!

Netcat could be used to scan ports just like NMAP, and you can also use Netcat to make connection with any open TCP or UDP Port!

Why Fingerprinting And What it does?

Well, it's part of Information gathering, It's done by sending a particular HTTP request to web server! And, server responds with some text that is also called "BANNER" , so in other words you can say it Banner Grabbing .
Telnet is also used for Banner Grabbing, but right now, we're using Netcat.
It's very important as It helps you determine the Server Version, Operating system, and some other info, that helps in using correct pen-testing method, or say using correct Exploit and Payload against the server! Now, you know, It's very Important!


The Banner is provided by the Server itself! So, in most cases it's NOT illegal!
But take care that you don't perform any illegal task using it, becauseeee!

I WON'T BE RESPONSIBLE FOR ANY TASK PERFORMED BY YOU AFTER READING THIS ARTICLE! 

So, let's get back to fingerprinting!
It's possible only if PORT 80 (http) is open!

Now, I assume, you have NetCat installed!
Run following command to start Fingerprinting!
 

    nc <ip address of web server> 80   
 or
     nc <domain name of server> 80

Now if you can't find IP of domain, just run this command
    
    nslookup <domain name>

And for Windows

    tracert <domain name>

It will get you the IP of Domain!

I ran that command of Netcat  as follows and got this!











 After running "nc <ip or domain> 80 "
There will be a blinking cursor, and you need to type another command there!
That is :     
             HEAD / HTTP/1.0 
 Type this command exactly, even a change in space may change the results!
To understand this command, click here .

Now we got one info that is Server, It's a APACHE SERVER!
If you know the type and version of server, you have found a great information about the server!
But another thing you can see is Bad Request,  it happens due to a wrong request, but most of times, it doesn't makes change, but sometimes, It may get no info for you!
You might have understood the basic of Fingerprinting!
However, this method is not so accurate , as the response could be obfuscated, like follows:


403 HTTP/1.1 Forbidden
Date: Mon, 16 Jun 2003 02:41: 27 GMT
Server: Unknown-Webserver/1.0
Connection: close
Content-Type: text/HTML; charset=iso-8859-1



Now, next part is understanding the Response of Server for a Bad Request or understanding OBFUSCATED Banner Response!


TO UNDERSTAND OBFUSCATION, SEE OUR ANOTHER ARTICLE: 

WHAT IS OBFUSCATION? AND HOW TO OBFUSCATE DIFFERENT PROGRAMMING LANGUAGES!

How you can understand obfuscated response, we need to derive info from the  obfuscated text, we can do it by understanding the ORDERING OF INFORMATION GIVEN BY SERVER , as every server have a different ordering of info! See these examples to understand better!

APACHE RESPONSE ORDER IS:
HTTP/1.1 200 OK
Date: Sun, 15 Jun 2003 17:17: 47 GMT
Server: Apache/1.3.23
Last-Modified: Thu, 27 Feb 2003 03:48: 19 GMT
ETag: 32417-c4-3e5d8a83
Accept-Ranges: bytes
Content-Length: 196
Connection: close
Content-Type: text/HTML

MICROSOFT IIS RESPONSE ORDER IS:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Content-Location: http://iis.example.com/Default.htm
Date: Fri, 01 Jan 1999 20:13: 52 GMT
Content-Type: text/HTML
Accept-Ranges: bytes
Last-Modified: Fri, 01 Jan 1999 20:13: 52 GMT
ETag: W/e0d362a4c335be1: ae1
Content-Length: 133
 

I've just mentioned majorly used servers, for others, you may use google, it's there on google!
So even though response will be obfuscated, you can derive too much information from it, if you know ordering of the response of different servers!
So just mug up these ordering of Info!

I'll soon write next article of this series, but this series won't have article one after another, there might be some other articles in between the series!
SO GO ON, PRACTICE THE SERVER FINGERPRINTING!
AND FINALLY



THANKS FOR READING THE POST!
I'll BE SOON BACK WITH MORE ARTICLES
TILL THEN, FOLLOW MY INSTAGRAM ACCOUNT!
YOU'LL FIND SOME FUNNY CODING/HACKING MEMES!

Comments

Post a Comment

Resources

Popular posts from this blog

WHAT IS OBFUSCATION? AND HOW TO OBFUSCATE DIFFERENT PROGRAMMING LANGUAGES!

OBFUSCATION - A very important part of closed source programming! That helps in security of apps, websites,softwares, etc. We'll mention about obfuscating code of different languages, if we're missing something, that you were expecting, tell in comments, I'll add that one! But first of all,what is obfuscation? Dictionary meaning of obfuscation is , the action of making something obscure, unclear, or unintelligible. It's so similar in programming too, so in programming,   It's simply conversion of a code in a computer language into some secret unreadable, non-understandable code! That could be understood by only compiler or the machine you are running on! Why obfuscation? It's too easy to decompile C# or Java code, and it could allow goons to read all the code of a program, and then he/she may copy it or even harm the organization! So, most of languages have a compiler that converts your raw code into Byte Code , that either converts it into non...

INSTALLING ALL KALI LINUX TOOLS ON OTHER LINUX OS

Whenever it comes to Penetration and Security Testing , KALI LINUX is considered one of best ever penetration testing Operating System. As It have hundreds of security testing tools. However there are some disadvantages of Kali. Like, you can use STEAM OS as your Linux Preference, You may use Ubuntu as beginner, but they don't have those all tools that are present in Kali. So here I want to introduce a tool that can install all Kali Linux tools in your Linux OS (obviously, other then kali) . It's KATOOLIN  , It's a Python-Based Tool , available on GITHUB, CLICK HERE. OR Directly Clone it into your system from terminal by copying following line: git clone https://github.com/LionSec/katoolin.git So now you have Katoolin installed. Next step is to make it executable. Do it by copying following command to your Terminal chmod +x /usr/bin/katoolin usr/bin/katoolin is location where katoolin script is saved. Next, run katoolin by simply typing katoolin in T...

SPY CCTV CAMERAS USING GOOGLE DORKS

Hey Welcome Back, Guys!! My exams are going on so I'm irregular nowadays , I got some time to write the followings. Google Dorks one of most easy, fun and powerful hacking techniques, online. On Internet, Websites are not only to be hacked, Websites are just part of Internet. There are many other products like Refrigerator, CCTV Cameras, Automated Doors, Televisions, Power Plants, etc. that are connected to Internet, and some of them could be accessed through google. So, right now we will be discussing about CCTV Cameras. Following are some Google Keyword Searches that you can simply type in into Google Search Box and find your CCTV live! * inurl:”CgiStart?page=” * inurl:/view.shtml * intitle:”Live View / – AXIS * inurl:view/view.shtml * inurl:ViewerFrame?Mode= * inurl:ViewerFrame?Mode=Refresh * inurl:axis-cgi/jpg * inurl:axis-cgi/mjpg (motion-JPEG) (disconnected) * inurl:view/indexFrame.shtml * inurl:view/index.shtml * inurl:view/view.shtml * liveapplet ...