Understanding Basics: Banner Grabbing

?Banner Grabbing :

?A banner is a text displayed by a host for a particular service when we try to connect with that host using those services (this text usually contains the version and service name). Banner Grabbing is a technique by which penetration testers get information about a service. In simple words, it is a technique to extract a default welcome text displayed by the service running on open?ports.

This technique is used by hackers/pentesters to identify the version and purpose of the running service. With this, an attacker can simply google the name and version of the running service and can get a known vulnerability/exploit on the internet. This is not a big deal for an attacker to get the name/version of a service running on your system.

There are two types of banner grabbing:

• Active banner grabbing is done by initiating a connection between the target and our host(like sending TCP syn packet).
• Passive banner grabbing is done without interacting with the target (using third-party tools/resources like shodan, packet sniffing, etc.).

?Banner Grabbing Techniques:

?

1. Whatweb:

• Command: whatweb <URL>

2. Curl:

• Command: curl -S -s -I

3. Telnet:

• Command : telnet <ip> <port>

4. Netcat:

• Command : nc <ip> <port>

5. Dmitry

• Command : Dmitry -pb <ip>
• -p for performing a TCP scan to the specified host.
• -b for receiving the information given on the port while connecting.

6. Nmap:

• Command : nmap -sV -p(optional)<port> <ip>
• -p for specifying a port.

?7. Wget:

• Command : wget -q -S <url>
• -q for quiet (no output)
• -S for server response

8. Wappalyzer: an addon that displays the technologies used on the web page.

There are very easy and simple ways to prevent software banners to expose the version of the running services:

• Update ! Do not use outdated services.
• In the above examples, there are response headers which were revealing versions of running services like, "X-Powered-by:", "Server:". These are usually default configurations, but for every service, we can change or remove these default values. Which can prevent servers to expose their contents, versions, etc.
• Remove/overwrite the service banners.