Scanning Networks - p.3

Lab 2

Banner Grabbing to Determine a Remote Target System using ID Serve

IDS Serve is used to identify the make, model, and version of any website's server sofhrare.

Lab Scenario

111 die previous lab, you learned to use Advanced IP Scanner. This tool can also be used by an attacker to detect vulnerabilities such as buffer overflow, integer flow, SQL injection, and web application 011 a network. If these vulnerabilities are not fixed immediately, attackers can easily exploit them and crack into die network and cause server damage.
Therefore, it is extremely important for penetration testers to be familiar widi banner grabbing techniques to monitor servers to ensure compliance and appropriate security updates. Using this technique you can also locate rogue servers or determine die role of servers within a network. 111 diis lab, you will learn die banner grabbing technique to determine a remote target system using ID Serve.

Lab Objectives

The objective of diis lab is to help students learn to banner grabbing die website and discover applications running 011 diis website.

111 diis lab you will learn to:

■ Identify die domain IP address
■ Identify die domain information

Lab Environment

To perform die lab you need:

■ ID Server is located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Banner Grabbing Tools\ID Serve

■ You can also download the latest version of ID S e rv e from the link http: / / www.grc.com/id/idserve.htm
■ I f you decide to download the la te s t version, then screenshots shown in the lab might differ
■ Double-click idserve to run ID Serve
■ Administrative privileges to run die ID Serve tool
■ Run this tool on Windows Server 2012

Lab Duration

Time: 5 Minutes

Overview of ID Serve

ID Serve can connect to any server port on any domain or IP address, then pull and display die server's greeting message, if any, often identifying die server's make, model, and version, whether it's for FTP, SMTP, POP, NEW’S, or anything else.

Lab Tasks

1. Double-click idserve located at D:\CEH-Tools\CEHv8 Module 03 Scanning Networks\Banner Grabbing Tools\ID Serve
2. 111 die main window of ID Serve show in die following figure, select die Sever Query tab

FIGURE 21: Main window of ID Serve

3. Enter die IP address or URL address in Enter or Copy/paste an Internal server URL or IP address here:

FIGURE 22 Entering die URL for query

4. Click Query The Server; it shows server query processed information

FIGURE 23: Server processed information

Lab Analysis

Document all the IP addresses, their running applications, and die protocols you discovered during die lab.

Questions

1. Examine what protocols ID Serve apprehends.
2. Check if ID Serve supports https (SSL) connections.