Penetration Testing mailing list archives

Re: Banner Grabbing

From: "Jamie Riden" <jamesr () europe com>
Date: Fri, 22 Dec 2006 17:49:21 +1300

On 22/12/06, Pravin Jayakumar <pravinjay () gmail com> wrote:

Jamie,

"telnet victim.example.com <port>' will often get you a banner"

This will give the type of web application u r using and not the OS, if am
right


True - however the OS 'banner' is not usually exposed via services so
you need to infer from individual services and maybe stuff like
p0f/nmap.

Or is there some special sense to "OS banner grabbing" which I'm missing?

cheers,
Jamie
--
Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com
NZ Honeynet project - http://www.nz-honeynet.org/

Current thread:

PCI Compliance (Vulnerability Scans) 09sparky (Dec 16)
- RE: PCI Compliance (Vulnerability Scans) Erin Carroll (Dec 16)
- <Possible follow-ups>
- Re: RE: PCI Compliance (Vulnerability Scans) 09sparky (Dec 17)
  - Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 17)
    - Re: PCI Compliance (Vulnerability Scans) Vivek Chudgar (Dec 19)
    - Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 19)
    - Re: PCI Compliance (Vulnerability Scans) bf (Dec 21)
    - Re: PCI Compliance (Vulnerability Scans) David M. Zendzian (Dec 21)
    - Banner Grabbing Michael J Condon (Dec 21)
    - Message not available
    - Re: Banner Grabbing Jamie Riden (Dec 21)
    - Message not available
    - Re: Banner Grabbing Jamie Riden (Dec 21)
    - Re: Banner Grabbing Dan Catalin Vasile (Dec 22)
    - Re: Banner Grabbing sami ghourabi (Dec 22)
    - Message not available
    - Re: Banner Grabbing sami ghourabi (Dec 26)
    - Re: Banner Grabbing Vikas Singhal (Dec 28)
    - Re: Banner Grabbing Eric Kollmann (Dec 29)