Banners
Last updated
Analysis and Exploration of Vulnerabilities
Last updated
Banners are textual or binary snippets provided to clients.
Immediately on connection, or after some request.
Most protocols are too chatty and will send some banners to help clients.
Impact: an attacker may gain knowledge about the software running.
Attackers can search for valid vulnerabilities.
Greatly narrows down the work to an attacker.
Exploitation: connect to the server and/or send a probe.
Multiple probes can be sent to test the system.
Banner grabbing – the technique of systematically probing entities for their banners.
Vulnerable protocols: FTP, IMAP, HTTP, SSH, TELNET, LDAP, RTMP, MySQL...
Restrict banners (if possible).
Fake banners (if possible).
Limit the verbosity in the banners (if possible).
