Thursday, September 5, 2013

 FINGERPRINTING A WEB SERVER USING CURL AND NETCAT

Use Kali-Linux and the tools "curl" and "netcat" that are installed by default in Kali-Linux
This will show whether port 80 is open on the web server.  It will show the server brand, ie. Apache, IIS, etc.  I will also show the IP address.  The only thing you need is Kali-Linux open to the command shell and you need to know the target's hostname URL or domain name.  The queries below show first the use of curl and below that is the use of netcat (nc).    I ran curl against my own website, butleritsec.com.  The query shows port 80 is open and connects with curl and netcat.  My website IP is shown as 72.167.131.10 and both curl and netcat show my server to be Apache.  This gives you some useful fingerprinting information.

QUERY USING CURL:
root@kali:~# curl -v www.butleritsec.com

Response:
* About to connect() to www.butleritsec.com port 80 (#0)
*   Trying 72.167.131.10...
* connected
* Connected to www.butleritsec.com (72.167.131.10) port 80 (#0)
> GET / HTTP/1.1
> User-Agent: curl/7.26.0
> Host: www.butleritsec.com
> Accept: */*
>
* additional stuff not fine transfer.c:1037: 0 0
* HTTP 1.1 or later with persistent connection, pipelining supported
< HTTP/1.1 200 OK
< Date: Thu, 05 Sep 2013 19:58:14 GMT
< Server: Apache
< Accept-Ranges: bytes
< Content-Length: 31820
< Content-Type: text/html
<
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

    ********snip-snip-snip***************

QUERY USING NETCAT (nc)

root@kali:~# nc butleritsec.com 80
get / http/1.0
host: butleritsec.com

Response:
HTTP/1.1 301 Moved Permanently
Date: Thu, 05 Sep 2013 20:12:29 GMT
Server: Apache
Location: http://www.butleritsec.com/
Content-Length: 304
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="http://www.butleritsec.com/">here</a>.</p>
<hr>
<address>Apache Server at www.butleritsec.com Port 80</address>
</body></html>
root@kali:~#


Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)