nerdexam
EC-Council

312-50V10 · Question #167

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by

The correct answer is B. Banner grabbing. Banner grabbing is a reconnaissance technique where a tester connects to a service port and reads the response headers to identify the software type and version running on the target server.

Footprinting and Reconnaissance

Question

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output:

HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?

Options

  • ACross-site scripting
  • BBanner grabbing
  • CSQL injection
  • DWho is database query

How the community answered

(46 responses)
  • A
    2% (1)
  • B
    89% (41)
  • C
    2% (1)
  • D
    7% (3)

Why each option

Banner grabbing is a reconnaissance technique where a tester connects to a service port and reads the response headers to identify the software type and version running on the target server.

ACross-site scripting

Cross-site scripting is an active attack that injects malicious client-side scripts into pages viewed by other users, requiring crafted malicious input rather than simply reading a server response header.

BBanner grabbingCorrect

The engineer used netcat to connect to port 80 and read the raw HTTP response, which disclosed the server type (Microsoft-IIS/6) and version directly in the Server header. Banner grabbing is a passive information-gathering technique that fingerprints target services without sending malicious payloads, helping attackers identify potentially vulnerable software versions.

CSQL injection

SQL injection manipulates database queries by inserting malicious SQL syntax into application input fields, which was not performed here since the engineer only made a basic port connection and read the HTTP response.

DWho is database query

A WHOIS query retrieves domain registration and ownership data from a registrar's database, whereas the engineer connected directly to the server's TCP port and read the service response banner.

Concept tested: Banner grabbing for web server fingerprinting

Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server

Topics

#banner grabbing#netcat#HTTP headers#server fingerprinting

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice