By performing web server foot printing, you’ll gather valuable system-level data like account details, OS, software versions, server names, and database schema details. Use Telnet utility so as to footprint an internet server and gather information like server name, server type, operating systems, applications running, and so on. Use footprinting tools like Netcraft, ID Serve and httprecon, then on to perform web server foot printing, Web server foot printing tools like Netcraft, ID Serve, and httprecon can extract information from the target server. allow us to check out the features and the sort of information these tools are able to collect from the target web server foot printing .
Web Server Footprinting Tools
Netcat is a networking utility that reads and writes data across network connections, using the TCP/IP protocol. It is a reliable “back-end” tool used directly or driven by other programs and scripts. It is also a network debugging and exploration tool.
– Outbound and inbound connections, TCP or UDP, to or from any ports
– Tunneling mode, which allows special tunneling such as UDP to TCP, with the possibility of specifying all network parameters (source port/interface, listening port/interface), and the remote host allowed to connect to the tunnel
– Built-in port-scanning capabilities with randomizer
– Usage options, such as buffered send-mode (one line every N seconds) and hexdump (to stderr or to a specified file) of transmitted and received data
– Optional RFC854 telnet codes parser and responder
– Discussed below are commands used to perform banner grabbing (e.g., moviescope.com) to gather information (e.g., server type, and version).
Telnet may be a network protocol. it’s widely used on the web or LANs. it’s a client?server protocol. It provides the login sessions for a user on the web . the single terminal attached to other computer emulates with Telnet. the first security
problems with Telnet are the following:
– It doesn’t encrypt any data sent through the connection.
– It lacks an authentication scheme.
Telnet helps the user to perform banner-grabbing attack. It probes HTTP servers to determine the Server field within the HTTP response header, For instance, to enumerate a host running on http (TOP 80), follow the procedure given below:
- Type GET / HTTP/ 0 and press Enter twice.
The HTTP server responds with the information (see the screenshot in the slide).
Netcraft determines the OS of the queried host by looking in detail at the network characteristics of the HTTP response received from the web site . Netcraft identifies vulnerabilities within the web server via indirect methods: fingerprinting the OS, the software installed, and therefore the configuration of that software gives enough Information to determine whether the server may be vulnerable to an exploit.
httprecon may be a tool for advanced web server fingerprinting. This tool performs banner grabbing attacks, status code enumeration, and header ordering analysis on the target web server. This tool provides accurate web server fingerprinting information.
httprecon performs the following header analysis test cases on the target web server:
– legitimate GET request for an existing resource
– very long GET request (>1024 bytes in URI)
– common GET request for a non-existing resource
– common HEAD request for an existing resource
– allowed method enumeration with OPTIONS
– usually not permitted http method DELETE
– not defined http method TEST
– non-existing protocol version HTTP/9.8
– GET request including attack patterns (e.g., : ../ and %%)
ID Serve is a simple Internet server identification utility, Following is a list of its capabilities:
– HTTP Server Identification: ID Serve can identify the make, model, and version of a website’s server software. ID Serve sends this information within the preamble of replies to web queries, but the knowledge isn’t visible to the user.
– Non-HTTP Server Identification: Most non-HTTP (non-web) Internet servers (e.g., FTP, SMTP, POP, and NEWS) are required to transmit a line containing a numeric status code and a human-readable greeting to any connecting client. Therefore, ID Serve also can connect with non-web servers to receive and report the server’s greeting message. This generally reveals the server’s make, model, version, and other potentially useful information.
– Reverse DNS Lookup: When ID Serve users enter a site’s or server’s name or URL, the appliance will use DNS to work out the IP address for that domain, However, sometimes it’s useful to travel within the other direction to determinethe domain nameassociated with a known IP address. This process, referred to as reverse DNS lookup, is also built into ID Serve. ID Serve will attempt to determine the associated domain name or any entered IP address.
Following are some of the additional footprinting tools:
- Recon-ng (https://bitbucket.org)
- Uniscan (https://sourceforge.net)
- SpiderFoot (https://spiderfoot.net)
- httprint (http://www.net-square.com)
- Nmap (https://nmap.org)
- ScanLine (https://www.mcafee.com)
- X probe (https://sourceforge.net)
- P0F (https://github.com)
- Bannergrab (https://sourceforge.net)
- Disco (http://www.altmode.com)
- NetworkMiner (http://www.netresec.com)
Enumerating Web Server Information Using Nmap Source:
Nmap along with Nmap Scripting Engine can extract lot of valuable information from the target web server. In addition to Nmap commands, Nmap Scripting Engine (NSE) provides scripts that reveals all sorts of useful information to an attacker from the target web server.
An attacker uses the following Nmap commands and NSE scripts to extract information:
Discover virtual domains with hostmap
$nmap –script hostmap <host>
Detect a vulnerable server that uses the TRACE method
nmap –script http-trace -p80 localhost
Harvest email accounts with http-google-email
$nmap –script http-google-email <host>
Enumerate users with http-userdir-enum
nmap -0.0 –script http-userdir -enum localhost
Detect HTTP TRACE
$nmap -p80 –script http-trace <host>
Enumerate common web applications
$nmap –script http-enum –p80 <host>
$nmap -p80 –script http-robots.txt <hosit>
Below are some of the additional Nmap commands used to extract information:
– nmap sV -O -p target IP address 4
– nmap -sV –script=http-enum target IP address
– nmap target IP address -p 80 –script = http-frontpage-login
– nmap –script http-passwd –script-args http-passwd.root =/target IP address
Website mirroring copies a whole website and its content onto the local drive. The mirrored website reveals the complete profile of the site’s directory structure, file structure, external links, images, web pages, and so on. With a mirrored target website, an attacker can easily trace out the website’s directories and gain valuable information. An attacker who copies the web site doesn’t got to be online to travel through the target website. The attacker can trace out the web site at any time. The attacker can gain valuable information by searching the comments and other items within the HTML source code of downloaded sites . There are many website mirroring tools available to repeat a target website onto a local drive, like HTTrack, WebCopier Pro, Website Ripper Copier, GNU Wget, and so on.
HTTrack is an offline browser utility. It downloads a Website from the Internet to a local directory, building all directories recursively, getting HTfv1L, images, and other files from the server. HTTrack arranges the original site’s relative link-structure. Simply open a page of the “mirrored” website in a browser, browse the site from link to link, as if viewing it online.
Following are some of the additional website mirroring tools:
– WebCopier Pro (http://www.maximumsoft.com)
– Website Ripper Copier (http://www.tensons.com)
– GNU Wget (https://www.gnu.org)
– Getleft (https://sourceforge.net)
– OfflineDownloader (http://www.offlinedownloader.com)
– WebRipper (http://visualwebripper.com)
– SurfOffline (http://surfoffline.com)
– Portable Offline Browser (http://www.metaproducts.com)
– Backstreet Browser (http://www.spadixbd.com)
– Offline Explorer Enterprise (http://www.metaproducts.com)
– Teleport Pro (http://www.tenmax.com)
– Hooeey Webprint (http://www.hooeeywebprint.com)
– Visual SEO Studio (https://visual-seo.com)
This Blog Article is posted by
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com