All open ports have a service or a daemon running on them. As soon as
you telnet or connect to such open ports, you are greeted with a welcome
message which is known as DAEMON BANNER. A daemon banner contains certain
information about the daemon running on that particular port, operating system
information, or other crucial system information. Many open ports also allow an
attacker to probe further for information which can sometimes be very important
in an attacker’s bid to break into the target system.
the procedure is given below:
goto the netcat directory in command prompt and type the following command
nc -v <target> <port>
nc -v 10.0.0.1 23
That would connect to 10.0.0.1 on port number 23.
It's just like using telnet but has many more feature. this command will give information about the remote server.you can also try different ports.
Probing the FTP Service, Port 21
Most modern servers have stopped using the File Transfer Protocol (FTP)
port and keep port 21 closed. However, some system administrators continue to
use the FTP port as the preferred medium for file transfer. Moreover, many
less-secure servers also allow remote users to connect anonymously as guests.
You can easily connect to the FTP port of a remote host using either a
graphical FTP client or a command line FTP client. As soon as you connect to
the FTP port of a remote host, then a daemon banner welcomes you.
This daemon banner reveals that port 21 runs the FTP server from which
subscribers of MTNLs (an ISP) can upload or download files. Usually FTP daemon
banners are even more informative than this one, broadcasting the names of the
operating system and FTP daemon that is running. Sometimes the login prompt of the
daemon banner provides information about the operating system running on it.
Even if you have an
account with the FTP server you plan to attack, it is always better to use an
anonymous username and false password.
Probing the SMTP
Service, Port 25
The Simple Mail Transfer Protocol or the SMTP service that handles all
outgoing mail-related function runs on ports 25 by default. Even this port can
be probed by an attacker to revel interesting information about the target
system.Sendmail –located on port 25 by default –is the most vulnerable daemon
on earth. It has the highest number of known exploits among all the daemons. A
system running a vulnerable version of sendmail provides an intruder with an
easy loophole to invade the system.Typically; an attacker can use a telnet
client to connect to the SMTP port running on port 25 of the target system.
Daemon Banner Grabbing through telnet command:
type the following command in command prompt:
telnet <target> <port>
ex:
telnet 10.0.0.1 80 then press enter and 'esc' twice.
it will give information about remote server.
but sometime it donot show banner of the server and give error.
for this type the same command i.e.
telnet 10.0.0.1 80 and after that
type
HEAD / HTTP/1.0 (all in upper cae)
it will give the server banner.
Thanks for having such information....
ReplyDeleteWay2sms login