312-50V9 · Question #434
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by
The correct answer is B. Banner grabbing. The engineer used netcat to connect to port 80 and captured the HTTP response headers, which is the definition of banner grabbing.
Question
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output:
HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?
Options
- ACross-site scripting
- BBanner grabbing
- CSQL injection
- DWhois database query
How the community answered
(39 responses)- A3% (1)
- B90% (35)
- C5% (2)
- D3% (1)
Why each option
The engineer used netcat to connect to port 80 and captured the HTTP response headers, which is the definition of banner grabbing.
Cross-site scripting involves injecting malicious client-side scripts into web pages to attack other users, not passively reading server response headers.
Banner grabbing is a reconnaissance technique where an attacker connects to a service and reads the response headers or initial connection banner to identify the software type and version running on the server. The output reveals 'Server: Microsoft-IIS/6', which discloses the web server software and version - exactly the intelligence banner grabbing is designed to collect.
SQL injection involves inserting malicious SQL statements into input fields to manipulate backend database queries, which is unrelated to reading HTTP headers via netcat.
A Whois database query retrieves domain registration and ownership information from a registry, not HTTP response headers from a web server.
Concept tested: Banner grabbing for web server fingerprinting
Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server
Topics
Community Discussion
No community discussion yet for this question.