nerdexam
EC-Council

312-50V10 · Question #33

A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

The correct answer is A. Banner Grabbing. Banner grabbing is a reconnaissance technique that reads service banners returned by open ports to identify the operating system and software versions running on a target. It is a direct method for OS fingerprinting during the information-gathering phase.

Scanning Networks

Question

A hacker named Jack is trying to compromise a bank's computer system. He needs to know the operating system of that computer to launch further attacks. What process would help him?

Options

  • ABanner Grabbing
  • BIDLE/IPID Scanning
  • CSSDP Scanning
  • DUDP Scanning

How the community answered

(42 responses)
  • A
    88% (37)
  • B
    2% (1)
  • C
    2% (1)
  • D
    7% (3)

Why each option

Banner grabbing is a reconnaissance technique that reads service banners returned by open ports to identify the operating system and software versions running on a target. It is a direct method for OS fingerprinting during the information-gathering phase.

ABanner GrabbingCorrect

When a client connects to a service such as FTP, SSH, HTTP, or Telnet, many servers respond with a banner that includes the software name, version, and often OS details. An attacker can capture these banners using tools like Netcat or Telnet to infer the underlying OS without sending crafted packets. This passive, service-level fingerprinting is specifically called banner grabbing and is a standard step in active reconnaissance.

BIDLE/IPID Scanning

IDLE/IPID scanning is a stealthy port scanning technique that uses a zombie host to obscure the attacker's identity and does not directly reveal OS information.

CSSDP Scanning

SSDP scanning targets Universal Plug and Play devices on a local network and is used for device discovery, not OS identification.

DUDP Scanning

UDP scanning identifies open UDP ports and available services but does not inherently provide OS identification information.

Concept tested: Banner grabbing for OS fingerprinting reconnaissance

Source: https://owasp.org/www-community/attacks/Banner_Grabbing

Topics

#banner grabbing#OS fingerprinting#reconnaissance#service detection

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice