Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Banner grabbing


Published on

A banner is simply the text that is embedded with a message that is received from a host.
Usually this text includes signatures of applications that issue the message. So, they reveal themselves to us.
For more information about ethical hacking log on to

Published in: Education
  • Be the first to comment

  • Be the first to like this

Banner grabbing

  2. 2. WHAT IS A BANNER?A banner is simply the text that is embedded with amessage that is received from a host.Usually this text includes signatures of applicationsthat issue the message. So, they reveal themselves tous.
  3. 3. What is a Banner Grabbing?Banner Grabbing is a technique usedby hackers to extract informationabout a host. If successful, it canidentify the operating system, webserver and other applications runningon the target host.
  4. 4. Banner grabbing and operating system identification—which can also be defined as fingerprinting the TCP/IPstack—is the fourth step in the CEH scanningmethodology.The process of fingerprinting allows the hacker to identifyparticularly vulnerable or high-value targets on thenetwork. Hackers are looking for the easiest way to gainaccess to a system or network.Banner grabbing is the process of opening a connectionand reading the banner or response sent by theapplication.
  5. 5. Many email, FTP, and web serverswill respond to a telnet connectionwith the name and version of thesoftware.This aids a hacker in fingerprintingthe OS and application software.For example, a Microsoft Exchangeemail server would only beinstalled on a Windows OS.There are two types of OSfingerprinting:1. Active2. Passive
  6. 6. 1. ACTIVE STACK FINGERPRINTINGIs the mostcommon formoffingerprinting. It involves sending data to a system to see how the system responds.
  7. 7. It’s based on the fact that variousoperating system vendors implementthe TCP stack differently, and responseswill differ based on the operatingsystem. The responses are thencompared to a database to determinethe operating system.Active stack fingerprinting is detectable because itrepeatedly attempts to connect with the same targetsystem.
  8. 8. 2.PASSIVE STACK FINGERPRINTING Is stealthier and involves examining network to determine the operating system.It uses sniffing techniques instead of scanningtechniques.Passive stack fingerprinting usually goes undetected byan IDS or other security system but is less accuratethan active fingerprinting.
  9. 9. HOW ITS DONE?It can be done using tools like:Telnet NmapID ServeGet RequestsNetCraft…and many more tools can be used to pull this off.For OS and Web server detection, we can grab abanner of http.
  10. 10. IMPACTHackers grab banners all thetime. Although IPs can belogged, hackers usually hidetheir real IP before grabbing.If they are successful ingrabbing a few banners theycan then use this informationto find applications that areweak or have a security flaw.
  11. 11. IMPACT (cnt..)Attackers then focus onexploits that are targeted tothe services that you arerunning.There are hundreds ofservices that can be queriedfor banners and more thanoften, a few have flaws orare simply old versions.
  12. 12. REMEDYThis techniquereveals criticalinformation thatcan be devastating.To get rid of this,first you need tothoroughly analyzewhat information isleaked.
  13. 13. REMEDY (cnt..)• Set up your services properly.Default settings are alwaysinsecure.•Read the documentation and turnoff all the features that areunnecessary•Turn off services that you dontneed such as telnet.•Hiding File Extensions fromWebPages•Disabling or changing thebanner1