Banner grabbing is a technique used to gather information about a network service or application running on a system. The "banner" refers to a message that a service (such as a web server, FTP server, or SMTP server) sends when a connection is established. This message often contains details about the service, such as the software version, operating system, and other relevant information.
If you refer the 1st attached image, I ran an NMAP command for two different devices. I used inbuilt NMAP in Rapid7 scanner. The command ran was 'nmap -sV -p 22 XXX.XXX.XXX.XXX'.
In the first case, NMAP was not able to enumerate service version while in second case it did. The result you see in the first case is because of lack of proper keyword(s) in target device's response to NMAP's version detection probe.
Why do you think the response lacked proper details? There are several reasons but, in this case, it was a customized Linux OS. Since not many ports were open and the scan was unauthenticated, NMAP was not able to identify underlying OS as well, and hence, Rapid7 didn't report a single vulnerability in the scan result. On top of that, Rapid7 didn't even report the asset as alive despite ping (ICMP) to the target device being successful.
How did I know that the ping was successful?
1. I checked the scan data (3rd image). You can see 'DOWNLOAD SCAN DATA' button in the 2nd image. Use it.
2. I ran a ping test from Rapid7 scanner to the target device.
So, whether in personal life or professional life, do not assume, analyze and investigate before reaching to conclusions😄.
Please refer the below URLs for more details related to banner grabbing:
https://www.recordedfuture.com/threat-intelligence-101/tools-and-techniques/banner-grabbing
No comments:
Post a Comment