-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathCREST Revision (B9 Application Fingerprinting & Evaluating unknown services)
41 lines (26 loc) · 2.63 KB
/
CREST Revision (B9 Application Fingerprinting & Evaluating unknown services)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
• B9: Application Fingerprinting and Evaluating Unknown Services
•
• Learning Objectives:
• Determining server types and network application versions from application banners.
• Evaluation of responsive but unknown network applications.
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Application Fingerprinting is a term used to describe the technique of identifying the version of operating systems,applicaitons adn services running on a host.
Applicaiton fingerpringting has both legitimate and illegitmate uses fore example it can be used by network admins to collect information for managment purposes and it can be used by attackers to identifiy vulnerbale hosts,.
Banner Grabbing - Is a technique used to gain information about a computer system on a network that is runniong the service on a targets system. This type of infomration can be very useful to netwrok admins, intrusion anaylsts and even more so to a malicious hackers,as it can be used to dertiminewheather or not the service is upto date or vulnerable to attack.
nc -nv <ipaddrress ><port number>
Can use telnet or netcat.
Banner grabbing is often one of the first port of calls for an attacker as this type of information enables them to research the aplicaiton and its version to see if there are any unknown vulnerbilitites or applicable exploits that have been published.
**Make sure you know the namp switches for services discovery and OS discovery**
using the nmap nse to obtain useful infomation on services and applicaitons
nmap --script[SCRIPT NAME] [IPADDRR]
nmap --script=ms-sql-info -p 1433 192.168.X.X
smb-os-discovery
http_server_header
snmp_info
ircServerinfo
showSSHversion
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Questions and Answers:
Best describe OS fingerprinting = A technique used in an attempt to identify the operating system installed on a remote host
In a banner grab you see HTTP/1.1 200 OK, what does the 200 code mean ? = Standard response for successful HTTP requests
In a banner grab you see HTTP/1.1 200 OK, what does the 201 code mean ? = The Request has been fullfilled