nerdexam
EC-Council

312-50V11 · Question #461

An attacker tries to do banner grabbing on a remote web server and executes the following command. $ nmap -sV host.domain.com -p 80 He gets the following output. scan report for host.domain.com (108.6

The correct answer is B. The hacker successfully completed the banner grabbing.. Using nmap -sV on port 80 constitutes successful banner grabbing because the target web server was identified as Apache httpd from the service response.

Scanning Networks

Question

An attacker tries to do banner grabbing on a remote web server and executes the following command. $ nmap -sV host.domain.com -p 80 He gets the following output. scan report for host.domain.com (108.61.158.211) Host is up (0.032s latency). PORT STATE SERVICE VERSION 80/tcp open http Apache httpd done: 1 IP address (1 host up) scanned in 6.42 seconds What did the hacker accomplish?

Options

  • Anmap can't retrieve the version number of any running remote service.
  • BThe hacker successfully completed the banner grabbing.
  • CThe hacker should've used nmap -O host.domain.com.
  • DThe hacker failed to do banner grabbing as he didn't get the version of the Apache web server.

How the community answered

(20 responses)
  • B
    90% (18)
  • C
    5% (1)
  • D
    5% (1)

Why each option

Using nmap -sV on port 80 constitutes successful banner grabbing because the target web server was identified as Apache httpd from the service response.

Anmap can't retrieve the version number of any running remote service.

nmap -sV is specifically designed for service and version detection by probing open ports and is fully capable of retrieving banner information from running remote services.

BThe hacker successfully completed the banner grabbing.Correct

Banner grabbing is the technique of connecting to a remote service port and capturing the identifying information the service returns, such as software name and version. The nmap -sV flag performs service version detection and the output 'Apache httpd' confirms the web server software was successfully identified. Even though the exact version number was suppressed by the server's configuration, the banner was retrieved and the goal of identifying the running service was accomplished.

CThe hacker should've used nmap -O host.domain.com.

nmap -O is used for OS fingerprinting to identify the remote host's operating system - it is not the correct flag for service banner grabbing or version detection.

DThe hacker failed to do banner grabbing as he didn't get the version of the Apache web server.

Banner grabbing was successful because the service was identified as 'Apache httpd' - the absence of a specific version number means the server suppressed that detail via configuration, not that the banner grab itself failed.

Concept tested: Service banner grabbing using nmap -sV

Source: https://nmap.org/book/man-version-detection.html

Topics

#banner grabbing#nmap#service version detection#HTTP

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice