Banner Grabber: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) (→netcat) |
(→netcat) |
||
| (12 dazwischenliegende Versionen von 4 Benutzern werden nicht angezeigt) | |||
| Zeile 1: | Zeile 1: | ||
=telnet= | =telnet= | ||
| + | ==Apache== | ||
*telnet 192.168.240.69 80 | *telnet 192.168.240.69 80 | ||
<pre> | <pre> | ||
| Zeile 6: | Zeile 7: | ||
Escape character is '^]'. | Escape character is '^]'. | ||
</pre> | </pre> | ||
| − | *'''GET / HTTP/1.1''' | + | *'''GET / HTTP/1.1''' |
| + | *'''RETURN''' | ||
| + | *'''RETURN''' | ||
<pre> | <pre> | ||
HTTP/1.1 400 Bad Request | HTTP/1.1 400 Bad Request | ||
| Zeile 27: | Zeile 30: | ||
Connection closed by foreign host. | Connection closed by foreign host. | ||
</pre> | </pre> | ||
| + | ;Bannergraber | ||
| + | *echo -e "GET / HTTP/1.1\n\n" | nc opfer.secure.local 80 | grep "^Server:" | awk '{ print $2 }' | ||
| − | =netcat= | + | ==IIS== |
| − | *echo -e "GET / HTTP/1.1\n\n" | nc | + | *telnet 192.168.242.75 80 |
| + | <pre> | ||
| + | Trying 192.168.242.75... | ||
| + | Connected to 192.168.242.75. | ||
| + | Escape character is '^]'. | ||
| + | </pre> | ||
| + | *'''GET / HTTP/1.1''' | ||
| + | *'''RETURN''' | ||
| + | *'''RETURN''' | ||
| + | <pre> | ||
| + | HTTP/1.1 400 Bad Request | ||
| + | Content-Type: text/html; charset=us-ascii | ||
| + | Server: Microsoft-HTTPAPI/2.0 | ||
| + | Date: Tue, 16 Aug 2016 13:02:03 GMT | ||
| + | Connection: close | ||
| + | Content-Length: 334 | ||
| + | |||
| + | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> | ||
| + | <HTML><HEAD><TITLE>Bad Request</TITLE> | ||
| + | <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> | ||
| + | <BODY><h2>Bad Request - Invalid Hostname</h2> | ||
| + | <hr><p>HTTP Error 400. The request hostname is invalid.</p> | ||
| + | </BODY></HTML> | ||
| + | Connection closed by foreign host. | ||
| + | </pre> | ||
| + | |||
| + | =[[netcat]]= | ||
| + | ;http | ||
| + | *echo -e "GET / HTTP/1.1\n\n" | nc 10.0.10.103 80 | grep Server | ||
Server: Apache/2.4.7 (Ubuntu) | Server: Apache/2.4.7 (Ubuntu) | ||
<address>Apache/2.4.7 (Ubuntu) Server at scorpia.xinux.org Port 80</address> | <address>Apache/2.4.7 (Ubuntu) Server at scorpia.xinux.org Port 80</address> | ||
| + | ;ssh | ||
| + | *echo SSH-2.0-OpenSSH_7.6p1 | netcat opfer.secure.local 22 | ||
=Bannergrabbing mit NMAP= | =Bannergrabbing mit NMAP= | ||
| + | *nmap -sV -p 21 --script=banner 10.1.1.1 | ||
| + | <pre> | ||
| + | Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 18:16 CET | ||
| + | Nmap scan report for 10.1.1.1 | ||
| + | Host is up (0.00028s latency). | ||
| + | |||
| + | PORT STATE SERVICE VERSION | ||
| + | 21/tcp open ftp vsftpd 3.0.3 | ||
| + | |_banner: 220 (vsFTPd 3.0.3) | ||
| + | MAC Address: 2A:2F:02:20:DA:5E (Unknown) | ||
| + | Service Info: OS: Unix | ||
| + | </pre> | ||
| + | |||
*http://securityblog.gr/1624/banner-grabbing-with-nmap/ | *http://securityblog.gr/1624/banner-grabbing-with-nmap/ | ||
=Bannergrabbing auf Linux= | =Bannergrabbing auf Linux= | ||
| − | + | Alternativ kann auch das Bannergrabbing-Tool "p0f" verwendet werden, dass jedoch nur für Linux-Systeme zur Verfügung steht | |
| + | *[[p0f]] | ||
| + | |||
| + | =Install= | ||
| + | *apt install p0f | ||
| + | |||
*http://lcamtuf.coredump.cx/p0f3/ | *http://lcamtuf.coredump.cx/p0f3/ | ||
| + | |||
| + | =Lua Skript= | ||
| + | |||
| + | * [[Lua Netzwerk Connect]] | ||
Aktuelle Version vom 13. Mai 2025, 08:22 Uhr
telnet
Apache
- telnet 192.168.240.69 80
Trying 192.168.240.69... Connected to 192.168.240.69. Escape character is '^]'.
- GET / HTTP/1.1
- RETURN
- RETURN
HTTP/1.1 400 Bad Request Date: Mon, 15 Aug 2016 13:02:19 GMT Server: Apache/2.4.7 (Ubuntu) Content-Length: 308 Connection: close Content-Type: text/html; charset=iso-8859-1 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>400 Bad Request</title> </head><body> <h1>Bad Request</h1> <p>Your browser sent a request that this server could not understand.<br /> </p> <hr> <address>Apache/2.4.7 (Ubuntu) Server at scorpia.xinux.org Port 80</address> </body></html> Connection closed by foreign host.
- Bannergraber
- echo -e "GET / HTTP/1.1\n\n" | nc opfer.secure.local 80 | grep "^Server:" | awk '{ print $2 }'
IIS
- telnet 192.168.242.75 80
Trying 192.168.242.75... Connected to 192.168.242.75. Escape character is '^]'.
- GET / HTTP/1.1
- RETURN
- RETURN
HTTP/1.1 400 Bad Request Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 Date: Tue, 16 Aug 2016 13:02:03 GMT Connection: close Content-Length: 334 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN""http://www.w3.org/TR/html4/strict.dtd"> <HTML><HEAD><TITLE>Bad Request</TITLE> <META HTTP-EQUIV="Content-Type" Content="text/html; charset=us-ascii"></HEAD> <BODY><h2>Bad Request - Invalid Hostname</h2> <hr><p>HTTP Error 400. The request hostname is invalid.</p> </BODY></HTML> Connection closed by foreign host.
netcat
- http
- echo -e "GET / HTTP/1.1\n\n" | nc 10.0.10.103 80 | grep Server
Server: Apache/2.4.7 (Ubuntu) <address>Apache/2.4.7 (Ubuntu) Server at scorpia.xinux.org Port 80</address>
- ssh
- echo SSH-2.0-OpenSSH_7.6p1 | netcat opfer.secure.local 22
Bannergrabbing mit NMAP
- nmap -sV -p 21 --script=banner 10.1.1.1
Starting Nmap 7.60 ( https://nmap.org ) at 2017-11-13 18:16 CET Nmap scan report for 10.1.1.1 Host is up (0.00028s latency). PORT STATE SERVICE VERSION 21/tcp open ftp vsftpd 3.0.3 |_banner: 220 (vsFTPd 3.0.3) MAC Address: 2A:2F:02:20:DA:5E (Unknown) Service Info: OS: Unix
Bannergrabbing auf Linux
Alternativ kann auch das Bannergrabbing-Tool "p0f" verwendet werden, dass jedoch nur für Linux-Systeme zur Verfügung steht
Install
- apt install p0f