312-50V10 · Question #33
A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?
The correct answer is A. Banner Grabbing. Banner grabbing is a reconnaissance technique that reads service banners returned by open ports to identify the operating system and software versions running on a target. It is a direct method for OS fingerprinting during the information-gathering phase.
Question
A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?
Options
- ABanner Grabbing
- BIDLE/IPID Scanning
- CSSDP Scanning
- DUDP Scanning
How the community answered
(42 responses)- A88% (37)
- B2% (1)
- C2% (1)
- D7% (3)
Why each option
Banner grabbing is a reconnaissance technique that reads service banners returned by open ports to identify the operating system and software versions running on a target. It is a direct method for OS fingerprinting during the information-gathering phase.
When a client connects to a service such as FTP, SSH, HTTP, or Telnet, many servers respond with a banner that includes the software name, version, and often OS details. An attacker can capture these banners using tools like Netcat or Telnet to infer the underlying OS without sending crafted packets. This passive, service-level fingerprinting is specifically called banner grabbing and is a standard step in active reconnaissance.
IDLE/IPID scanning is a stealthy port scanning technique that uses a zombie host to obscure the attacker's identity and does not directly reveal OS information.
SSDP scanning targets Universal Plug and Play devices on a local network and is used for device discovery, not OS identification.
UDP scanning identifies open UDP ports and available services but does not inherently provide OS identification information.
Concept tested: Banner grabbing for OS fingerprinting reconnaissance
Source: https://owasp.org/www-community/attacks/Banner_Grabbing
Topics
Community Discussion
No community discussion yet for this question.