nerdexam
EC-Council

312-50V9 · Question #434

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by

The correct answer is B. Banner grabbing. The engineer used netcat to connect to port 80 and captured the HTTP response headers, which is the definition of banner grabbing.

Enumeration

Question

A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80. The engineer receives this output:

HTTP/1.1 200 OK Server: Microsoft-IIS/6 Expires: Tue, 17 Jan 2011 01:41:33 GMT Date: Mon, 16 Jan 2011 01:41:33 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT ETag: "b0aac0542e25c31:89d" Content-Length: 7369 Which of the following is an example of what the engineer performed?

Options

  • ACross-site scripting
  • BBanner grabbing
  • CSQL injection
  • DWhois database query

How the community answered

(39 responses)
  • A
    3% (1)
  • B
    90% (35)
  • C
    5% (2)
  • D
    3% (1)

Why each option

The engineer used netcat to connect to port 80 and captured the HTTP response headers, which is the definition of banner grabbing.

ACross-site scripting

Cross-site scripting involves injecting malicious client-side scripts into web pages to attack other users, not passively reading server response headers.

BBanner grabbingCorrect

Banner grabbing is a reconnaissance technique where an attacker connects to a service and reads the response headers or initial connection banner to identify the software type and version running on the server. The output reveals 'Server: Microsoft-IIS/6', which discloses the web server software and version - exactly the intelligence banner grabbing is designed to collect.

CSQL injection

SQL injection involves inserting malicious SQL statements into input fields to manipulate backend database queries, which is unrelated to reading HTTP headers via netcat.

DWhois database query

A Whois database query retrieves domain registration and ownership information from a registry, not HTTP response headers from a web server.

Concept tested: Banner grabbing for web server fingerprinting

Source: https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/01-Information_Gathering/02-Fingerprint_Web_Server

Topics

#banner grabbing#netcat#HTTP headers#web server fingerprinting

Community Discussion

No community discussion yet for this question.

Full 312-50V9 Practice