7 hours 6 minutes
Hey, everyone, welcome back to the core. So in this video, we're gonna go over some banner grabbing, just want to show you a quick demo on how we could do some banner grabbing. We're gonna be using Kelly Lennox as well as we're gonna be. The target machine is a medicine voidable to box. So that's something you could download in your own virtual machines. If you decide you wanna practice something like this on your own
first things first, we're gonna make sure that we can actually touch that medicine pliable to box. So we're just gonna do a quick end map command here to that box and see what kinds of,
uh, services are in use.
Alright, So first thing I'm gonna do here after we look at the services is make sure that we have telnet installed on this device, so I'm just gonna do the app get installed. Telnet. So pretty simple here. It might take a minute or so for this to actually installed.
Alright, so we'll clear our screen and then what we're gonna do here is used to tell that command, but we're not gonna do it against Port 23 which is the typical port for tell net. We're gonna do this command against Port 21 to start off here and you'll notice here that we are able to see the version of to FTP in use.
Until now, It's a pretty simple command for us to use to get some information through banner grabbing. So what we'll do here will continue changing things like the port number and again just trying to identify the, uh, the version of the service and use. So we'll do port 22 here for ssh. And you notice here that open ssh
is in use.
so we'll go ahead and clear our screen again. Now, we're gonna do telnet against Port 80 for http.
All right? So if we just type the word help or any word at the terminal, there will then be able to see the information back on Port 80. So you see, here we get information about a potential email address. We also get the log in information for men explicable to box, which again, the user name and password is just MSF admin.
And then, like I said, we see an email there, along with some other output.
Yeah, we'll just clear a screen again. Here.
Next, we're gonna use ah tool called net cats. So we're gonna do that against our same i p address the 10.0 dot two dots seven and we'll do it against port 21 for FTP. Again, you could see that we get the version of secure FTP and use.
And we also use Neck Cat to see what version of openness S H is being used by the target machine. Which again, is that medicine palatable box?
You may ask yourself like Why are we doing this? Why are we even scanning like this and trying different port numbers? The reason is we want to see what version of the services running on that port because then we can identify potential vulnerabilities for that particular service. And again, when we're doing a pen test, we want the easiest route in. We don't want to spend a lot of time trying to figure out things.
If we could get a easy route in to show the client,
that's what we're looking for and you notice we also just used and against port 80 as well. We get similar results back with that medicine, palatable user name and password as well as some additional information on our medicine palatable box.
So now I'm just gonna add a head command here on, we'll be able to pull down the headers. And so, you see, here were able to pull down information on what version of Apache is running and again going back to the aspect of us wanting to identify potential vulnerabilities on this target. We now see the version of Apache,
and we can identify. Are there actual
known vulnerabilities for this particular version of it?
So next we're just gonna use and cat, and then I get command, get request, and we'll go ahead and see what kind information we get back with that. And so again, you see, we get the Apache version information. We also get some additional information on that server. Yeah, well, clear a screen again just to keep it clean.
Next, we're going to use a tool called What Web. So we use a what? Web command.
And then we're gonna put the u R l of our target machine, which is gonna be the http and then the i p address,
and you'll see here again, We're able to see some additional information like that. We see Thea patchy version. We also see PHP and use
and we'll clear a screen again and then use the curl command. So again, we're just using Curl against that same i p address for medicine political box.
And we are on the same network as a menace political box. And that's why we're able to use the 10.0 dot 2.7. Uh, obviously, if it was a if we were external, we'd be using something like 1 92.168 dot 0.1, for example.
So again, you see, we get the same information they're back about Herman explicable box using the Curl command. And now we're gonna use a tool called Dimitri.
And we're just gonna run that against the same menace political box and identify what ports might be open using that tool you'll see here. Some of the ports that we were testing 21 22 are on here along with some of the other common ports.
Right, So we're just gonna run another command with Dimitri adding a B after the r p. We're gonna have to be flag and you'll see we're able to get some additional information about those ports and services running on them. So, for example, here you notice we could get the version of open ssh. As well as FTP that we've seen before in this demonstration,
and this is an easy way for us to get that information right away, as opposed to going through and testing each individual port.