Performing banner grabbing

 

Exercise 1 - Performing Banner Grabbing

Banners are text-based welcome screens from remote hosts that display system information. Banner grabbing enables you to retrieve information about a computer system on a network and capture banners of open ports. You can perform banner grabbing using tools such as telnet, Netcat, and Nmap.

In this exercise, you will grab banners served by the DVWA application running on port 80 on PLABSA01device. You will use telnet, Netcat and Nmap to perform this technique.

Please refer to your course material or use your preferred search engine to research this topic in more detail.

Task 1 - Enable HTTP Web Service on PLABSA01

In this task, you will enable the HTTP web service on port 80 on the PLABSA01 device. To do this, perform the following steps:

Step 1

Ensure you have powered on the required devices and connect to PLABSA01.

Close the Server Manager window.

Click the XAMPP application icon from the taskbar.

The XAMP Control Panel v3.2.2 opens.

The Apache web service with Damn Vulnerable Web Application (DVWA) running on port 80 is enabled.

Figure 1.1 Screenshot of PLABSA01: XAMPP application is started.

Step 2

Connect to PLABWIN10.

Open Internet Explorer from the taskbar.

To access the DVWA application on PLABSA01, type the following URL in the address bar and press Enter:

http://192.168.0.1/dvwa/login.php

DVWA login page opens.

Figure 1.2 Screenshot of PLABWIN10: DVWA application running on PLABSA01 is accessed, and the DVWA login page is displayed.

Minimize Internet Explorer.

Task 2 - Perform Banner Grabbing using Telnet

In this task, you will use telnet to grab banners served by the DVWA application. Before performing this task, connect to PLABKALI01.

Step 1

Ensure you have powered on the required devices and connect to PLABKALI01.

Type Root in the Username field.

Figure 1.3 Screenshot of PLABKALI01: Typing root into the username field on the login screen.

When prompted, type the following password in the Password field:

Passw0rd

Click Sign In.

Figure 1.4 Screenshot of PLABKALI01: Entering the password in the Password text box and then clicking Sign In.

Step 4

From the PLABKALI01 device, double-click the Root Terminal icon on the left taskbar to open a root terminal window.

The root terminal window opens.

Figure 1.5 Screenshot of PLABKALI01: The Root Terminal icon on the desktop is clicked, and the root terminal window is opened.

Step 5

Establish a remote connection with port 80 on 192.168.0.1 using Telnet.

Type the following command at the root terminal:

telnet 192.168.0.1 80

Press Enter.

Connection to 192.168.0.1 is established.

Figure 1.6 Screenshot of PLABKALI01: The telnet command is executed on 192.168.0.1 port 80, and the connection is established.

Step 6

To grab the banners served by the DVWA application, type the following command at the root terminal and press Enter:

GET /dvwa/ HTTP/1.1

Then, type the following switch:

Host: 192.168.0.1

Press Enter.

The given command specifies the following switches:

1. GET = To obtain data from the web server
2. HTTP = Protocol to connect with
3. Host = IP address/domain name of the remote host

The command has successfully grabbed the banners served by the web server. Notice the server field in the output specifies the name of the web server, which is in this case, Apache.

Figure 1.7 Screenshot of PLABKALI01: The GET command is executed to grab the banner served by the DVWA web server.

Task 3 - Perform Banner Grabbing using Netcat

Netcat (often abbreviated to nc) is a computer networking utility for reading and writing from and to network connections using Transmission Control Protocol (TCP) or User Datagram Protocol (UDP). Netcat can be used for port scanning, transferring files and port listening.

In this task, you will perform banner grabbing using Netcat. To do this, perform the following steps:

Step 1

Type the following command at the root terminal of Kali Linux and press Enter:

nc 192.168.0.1 80

Figure 1.8 Screenshot of PLABKALI01: The nc command is executed to listen on port 80 on 192.168.0.1 device.

Step 2

To grab the banner served by the DVWA application, type the following command and press Enter:

GET /dvwa/ HTTP/1.1

Then, type the following switch:

Host: 192.168.0.1

Press Enter.

Alert: Please be aware you may have to type this command in twice for the command to display the results.

The command has successfully grabbed the banners served by the web server. Notice the server field in the output that specifies the name of the web server, which is in this case, Apache.

Figure 1.9 Screenshot of PLABKALI01: The GET command is executed to grab the banner served by the DVWA web server

Task 4 - Perform Banner Grabbing using Nmap

In this task, you will grab the banner served by the DVWA application using Nmap. To do this, perform the following steps:

Step 1

Type the following command at the root terminal and press Enter:

nmap -sS -p 80 -A 192.168.0.1

The given command uses the following switches:

1. -sS = SYN Scan
2. -p = Port Number
3. -A = Aggressive mode

Notice the output displays information about the operating system of the target system and the services running on open ports.

Figure 1.10 Screenshot of PLABKALI01: The Nmap command is executed to grab the banner served by the DVWA web server on port 80.

Shutdown all virtual machines used in this lab, by using the power functions located in the Tools bar before proceeding to the next module. Alternatively, you can log out of the lab platform.