Banner Grabbing

00:00

everyone Welcome back to the course. So in the last video, we went over operating system fingerprinting. So you just ran a quick command against a couple of I P addresses and we're able to see that both of them were Windows operating systems.

00:12

Ah, and one of those it was suspecting that it was possibly Windows Server. We again, we already knew that that it was a server and was running Windows operating system on the server. And we, if we have explored a little further, we would have noted that it was Windows Server 2012.

00:29

So in this video, we're gonna talk about banner grabbing, So we're just gonna go through into a quick lab on banner grabbing again. Obama grabbing is this is allowing us to send a command to the target system, And then the hope is that it will kick back some kind of air or other information that will provide us with information about the operating system and the version of whatever software is in use.

00:50

So let's go ahead. To get started, you should be logged into the cyber, a lab environment already, or at least a cyber, a site that we're gonna go to the search box and type and ethical hacker.

01:00

And it should pull up our lab environment for us, which is gonna be this top one here, the certified ethical hacker or CH. Go ahead and click on that and then select this launch button here is gonna take us to another screen here. We're gonna click on the launch item option,

01:12

and now it should launch the lab environment for us. So once it does that, we're gonna be looking for the banner grabbing lab.

01:22

So we see it here. It's gonna be the fifth option down on the left side here. Just go ahead and click on that. You'll see a star button. Just click on that and that'll actually pull up our virtual machines for us.

01:30

Now, we're just gonna turn on all these virtual machines. So that way we do that we just cover our mouths over top of it,

01:36

selected power on option,

01:38

and then it should boot up those machines for us. I'm gonna go ahead and Paul's video because it takes about 10 or 15 seconds to pull those up on and I'll restart the video once all mine have launched for me.

01:49

All right, So all of my virtual machines were booted up again. If yours are not, go ahead. Pause this video, Just wait for them to come back up. It usually only takes about 10 or 15 seconds, and they should all turn green for you, which means that they're all on.

02:01

All right, So the next up in her lab is actually connecting to this. Pete Lab s a 01 machine. So here in step six,

02:08

So let's go and do that. Now we're just gonna click on the name there, and it'll pull up that server for us.

02:13

It might take a second or so, but you'll see a server manager window opening up. Just go ahead, exile that once it opens, we don't need to worry about that for this particular lab.

02:22

And then all we're gonna do here is actually just start the Apache Web service. So you'll see right here instead. Nine. That's what we're trying to do.

02:29

So let's go and do that Now. We're gonna do that by clicking on the X icon. So this orange colored icon that has the X in the centre of it go and click on that.

02:37

Take a second risotto launch up for us here,

02:39

and then we're just gonna make sure we just click start for these bottom three options just to make sure there's no heirs that happened in the lab.

02:46

Yeah, We're just gonna go ahead, men in my set. Now, let's move on with our lab document here.

02:52

So our next step here and step 10 we're just gonna connect to the Windows 10 machine, which is a P lab win 10 machine. So just go ahead and click on that on the far left side here,

03:00

and this one's gonna take a second or so to pull it the desktop for us. You may also see a command prompt window. Open up. Just ignore that and let it close again. It just takes a second or so to close.

03:12

Once it's fully booted up here, we're gonna double click here on Step 11 will double click on the V N c Viewer icon. So it's that warms colored icon on the desktop. That looks like a little tiger's eye.

03:22

So this one right here, So we're just gonna double click on that? It's gonna open up our connection box for us here, you'll see by default, it puts the Cali Lennox machine I p address in there for us.

03:32

So all we have to do is click the connect blood to connect. Now it's gonna promptness for a password. And so the password is here in step 14 it's gonna be the word password. So with a capital P, and then that's actually a zero and not a capital O.

03:46

So let's go ahead and try it. That in there,

03:47

we're gonna type in capital P.

03:50

Lower case A S S W

03:53

the number zero

03:54

lower case R D and then either click the okay button or just press enter on your keyboard that will connect us to the Cali Lennox machine. Now, once it does that, you'll see an air message here. We can ignore that and just either click okay or just click the X to X out of it.

04:10

And then our next step of her lap here in step 16 is double clicking on the route terminal icon. That's just gonna launch a terminal window for us. So if you're following along in your own lab environment, you're just gonna you just want to launch a terminal window inside of Cali, Lennox, and you'll be caught up with where we are.

04:28

All right, so now we're gonna type in this command here. So here in step 17 we're gonna type in What best just gonna run a sin scan against Port 80. We're gonna do aggressive mode. And the goal here is to try to figure out what kind of operating system we may have in use.

04:44

And so aggressive mode especially It is telling us, like, what's the OS and use? What are some other items as well? And we're gonna run it against our server I p address again. Which is the P lab s a 01 machine.

04:54

So let's go ahead and touch this insult to type in and map space. Dash lower Case s Capitol as first

05:00

and map space National case, Ask Capital s.

05:04

We'll put another space there. We're gonna type in the dash. Lower case P space in the number 80 to specify port 80.

05:13

So that peace space 80

05:15

who put in another space never gonna type in the dash capital a And then finally, our i p address there. So dash capital, a

05:24

space and then 1 92.168 dot 0.1. Then just press enter. Any keyboard might take a moment of. So to run this particular scan, you may get that prompt there about Windows Firewall. You could just x out of that or just ignore it, and eventually it will go away.

05:40

And so our skins running there so it might take a moment. So I'm gonna go ahead and pause the video here, and then we'll pick back up when the skin the scan is complete.

05:47

All right, so we see the scan results in the background there. So a couple of questions that will want to answer us. We're looking at those results. Question number one. What's the operating system of our target and then question number two. What service is air running on the open ports? So let's take a look at those. Well, let's start with the operating system question because we see the output right here. So again, it's estimating that

06:08

running some kind of version of windows

06:10

and when it gives us some details here on the OS, it's saying, Hey, it might be Windows Server 2012 may also be window seven could be, you know, Windows 8.1, but in some capacity it's a Windows device. Or at least it's assuming it's a Windows device. Now we know that the device we ran the scan against its appeal AP s a 01

06:29

which is a server which is actually Windows Server 2012

06:31

that it's running there. So we know that that's the correct answer there. But if we were a criminal attack that we probably wouldn't have all that information. But we could see that it's a Windows machine so we could start looking up vulnerabilities for Windows machines and figure out what we can use to attack this particular device.

06:46

All right, so the next thing we want to take a look at and see is what kind of service is are running on the ports? So if we got any response from ports at all, we want to see the service is running on those ports. If you scroll back up here,

06:59

we will see what kind of service is air running. So we see that since we ran it against Port 80 as part of our scan command,

07:05

we only seaport ideas or output. But again, we know that. And if we didn't know that, we could look at the output. But we know that's gonna be Http.

07:15

You'll also notice that it tells us the Apache version here.

07:17

So we see that his version 2.4 point 23 which could allow us to find vulnerabilities for that particular version if that's an outdated version of that particular operator of that particular piece of software.

07:30

So we see we get some good information back on this particular lab

07:34

in the next video we're gonna move into. So in this video would cover banner grabbing. We just ran a couple. We ran that command there to see what kind of output we got back. We wanted specifically wanted to find out what operating system was in use, as well as what surfaces were running on the port again. We specified Port 80. So that's why we got back just Port Etienne. Our results.

07:53

But we were able to see that it's running Apache

07:56

for the A. C D. P. For the Web service is on, and we were able to see the version ing of Apache as well.