Wade Stich

Banner Grabbing With Telnet

From telnet, we can use a simple method called banner grabbing to enumerate the service that might
be running on a target machine. For this example, well be enumerating a host running HTTP (tcp 80).

1) Open the run command by pressing the windows key + r, then type cmd and press enter

2) You should then be greeted by the command prompt, from there, type telnet (host address) (port number) and press enter. Note: In this case, the http server is listening on the local machine and is listening on the default port number.

3) Next, you will be greeted by a blank screen with a blinking cursor, this is normal. Type HEAD / HTTP/1.0 followed by the enter key. 4) The HTTP server will respond with the following, the text in the red area is the server version.

5) Now that we have determined the version IIS that is running on the web server, lets search for any known vulnerabilities. Head over to http://www.securityfocus.com/bid , and under the Vendor menu select Microsoft, under Title select IIS, under version, select 5.0. Here we will see a list of possible vulnerabilities for that specific version of Microsofts IIS 5.0

Summary
In this tutorial we learned how find the version information of an HTTP server using telnet, and where to find a listing of known vulnerabilities. This is a very simplified method of enumeration and should not be relied upon as the host may have modified banner information.