Logo Background

Web Server Recon Using netcat

  • By on August 23, 2008 | No Comments

    The first step in identifying technologies that comprise a Web application is to look at the HTTP header returned by the Web server. In most cases, the HTTP header can accurately identify the front-end Web server being used. A simple HTTP HEAD or GET request can be issued by using a utility such as Netcat to obtain the HTTP header. An HTTP header of a server running Apache looks like this:

    Netcat recon command

    UNIX> nc www.example.com 80

    GET / HTTP/1.0
    HTTP/1.1 200 OK
    Date: Mon, 04 Feb 2001 19:29:37 GMT
    Server: Apache/1.3.19 (Unix)
    Set-Cookie: Apache=192.168.51.1.308631012850977729; path=/; expires=Tue, 04-Feb-02 19:29:37 GMT
    Last-Modified: Mon, 10 Dec 2001 04:48:34 GMT
    ETag: “94b5d-1ef-3c143ea2”
    Accept-Ranges: bytes
    Content-Length: 495
    Connection: close
    Content-Type: text/html

    The Server: field in the HTTP header reveals that it is an Apache 1.3.19 server and that it also supports SSL, mod_perl, and PHP 4.0. Not all Web servers are so verbose in their descriptions of the technologies being used. Even Apache can be configured to return only the bare minimum HTTP headers needed by the Web browser. An HTTP header from another Apache server is:

    UNIX> nc www.example.com 80

    GET / HTTP/1.0
    HTTP/1.1 200 OK
    Date: Mon, 04 Feb 2001 19:12:35 GMT
    Server: Apache/1.3.12 (Unix)
    Connection: close
    Content-Type: text/html

    Here we have no idea about the types of application scripts that are running on this system. We need to observe more distinguishing characteristics in order to narrow the possibilities and identify the technologies present.

    Previous
    Next
    » Running Network Sniffer With ettercap
Leave a Comment