telnet

Apache

• telnet 192.168.240.69 80

Trying 192.168.240.69...
Connected to 192.168.240.69.
Escape character is '^]'.

• GET / HTTP/1.1
• RETURN
• RETURN

HTTP/1.1 400 Bad Request
Date: Mon, 15 Aug 2016 13:02:19 GMT
Server: Apache/2.4.7 (Ubuntu)
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
</p>
<hr>
<address>Apache/2.4.7 (Ubuntu) Server at scorpia.xinux.org Port 80</address>
</body></html>
Connection closed by foreign host.

IIS

• telnet 192.168.242.75 80

Trying 192.168.242.75...
Connected to 192.168.242.75.
Escape character is '^]'.

• GET / HTTP/1.1
• RETURN
• RETURN

HTTP/1.1 400 Bad Request
Content-Type: text/html; charset=us-ascii
Server: Microsoft-HTTPAPI/2.0
Date: Tue, 16 Aug 2016 13:02:03 GMT
Connection: close
Content-Length: 334

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>Bad Request</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD>
<BODY><h2>Bad Request - Invalid Hostname</h2>
<hr><p>HTTP Error 400. The request hostname is invalid.</p>
</BODY></HTML>
Connection closed by foreign host.

netcat

• echo -e "GET / HTTP/1.1\n\n" | nc 192.168.240.69 80 | grep Server

Server: Apache/2.4.7 (Ubuntu)
<address>Apache/2.4.7 (Ubuntu) Server at scorpia.xinux.org Port 80</address>

Bannergrabbing mit NMAP

• http://securityblog.gr/1624/banner-grabbing-with-nmap/

Bannergrabbing auf Linux

Alternativ kann auch das Bannergrabbing-Tool "p0f" verwendet werden, dass jedoch nur für Linux-Systeme zur Verfügung steht

• p0f

Install

• apt install p0f

• http://lcamtuf.coredump.cx/p0f3/