Daemon Banner Grabbing

All open ports have a service or a daemon running on them. As soon as you telnet or connect to such open ports, you are greeted with a welcome message which is known as DAEMON BANNER. A daemon banner contains certain information about the daemon running on that particular port, operating system information, or other crucial system information. Many open ports also allow an attacker to probe further for information which can sometimes be very important in an attacker’s bid to break into the target system.

The traditional technique of daemon-banner grabbing is to use the TELNET application to manually connect to the open ports on the target system.However, this technique is very slow and inefficient .Most attackers use a port scanning or enumeration tool that automatically grabs the daemon banner information from a remote host machine .One such tool is the netcat port scanning tool

the procedure is given below:

goto the netcat directory in command prompt and type the following command


nc -v <target> <port>

nc -v  10.0.0.1  23

That would connect to 10.0.0.1 on port number 23.
It's just like using telnet but has many more feature. this command will give information about the remote server.you can also try different ports.

Probing the FTP Service, Port 21                                                                                                      

Most modern servers have stopped using the File Transfer Protocol (FTP) port and keep port 21 closed. However, some system administrators continue to use the FTP port as the preferred medium for file transfer. Moreover, many less-secure servers also allow remote users to connect anonymously as guests. You can easily connect to the FTP port of a remote host using either a graphical FTP client or a command line FTP client. As soon as you connect to the FTP port of a remote host, then a daemon banner welcomes you.

This daemon banner reveals that port 21 runs the FTP server from which subscribers of MTNLs (an ISP) can upload or download files. Usually FTP daemon banners are even more informative than this one, broadcasting the names of the operating system and FTP daemon that is running. Sometimes the login prompt of the daemon banner provides information about the operating system running on it.

Even if you have an account with the FTP server you plan to attack, it is always better to use an anonymous username and false password.

Probing the SMTP Service, Port 25

The Simple Mail Transfer Protocol or the SMTP service that handles all outgoing mail-related function runs on ports 25 by default. Even this port can be probed by an attacker to revel interesting information about the target system.Sendmail –located on port 25 by default –is the most vulnerable daemon on earth. It has the highest number of known exploits among all the daemons. A system running a vulnerable version of sendmail provides an intruder with an easy loophole to invade the system.Typically; an attacker can use a telnet client to connect to the SMTP port running on port 25 of the target system.

 Daemon Banner Grabbing through telnet command:

type the following command in command prompt:

telnet  <target> <port>
ex:
telnet  10.0.0.1 80  then press enter and 'esc' twice.

it will give information about remote server.

but sometime it donot show banner of the server and give error.
for this type the same command i.e.

telnet  10.0.0.1 80  and after that
type  
HEAD / HTTP/1.0 (all in upper cae)

it will give the server banner.