312-50V10 · Question #167
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by
The correct answer is B. Banner grabbing. Banner grabbing is a reconnaissance technique where a tester connects to a service port and reads the response headers to identify the software type and version running on the target server.
Question
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output:
HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?
Options
- ACross-site scripting
- BBanner grabbing
- CSQL injection
- DWho is database query
How the community answered
(46 responses)- A2% (1)
- B89% (41)
- C2% (1)
- D7% (3)
Why each option
Banner grabbing is a reconnaissance technique where a tester connects to a service port and reads the response headers to identify the software type and version running on the target server.
Cross-site scripting is an active attack that injects malicious client-side scripts into pages viewed by other users, requiring crafted malicious input rather than simply reading a server response header.
The engineer used netcat to connect to port 80 and read the raw HTTP response, which disclosed the server type (Microsoft-IIS/6) and version directly in the Server header. Banner grabbing is a passive information-gathering technique that fingerprints target services without sending malicious payloads, helping attackers identify potentially vulnerable software versions.
SQL injection manipulates database queries by inserting malicious SQL syntax into application input fields, which was not performed here since the engineer only made a basic port connection and read the HTTP response.
A WHOIS query retrieves domain registration and ownership data from a registrar's database, whereas the engineer connected directly to the server's TCP port and read the service response banner.
Concept tested: Banner grabbing for web server fingerprinting
Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server
Topics
Community Discussion
No community discussion yet for this question.