✔️ Knowledge of targets

✔️ Ability to use exploitation tools at their best

✔️ Ability to search for the right public exploit

Testing web servers from external or internal attacks is crucial

Fingerprinting a web server can be done

• manually
• automatic tools
• Fingerprinting a web server means detecting:

🟥Fingerprinting with Netcat

→ Manual Fingerprinting [http]

Netcat aka TCP/IP swiss army knife

Netcat can be both

• server
• client
• How should you use netcat to fingerprint a web server?

Common Issues with Netcat:

• Write the requests in UPPERCASE

• Netcat does not notify you after a successful connection,

  use (-v) for verbose mode

• Netcat does not perform any encryption so you cannot connect to HTTPS sites (port 443)

  The connection drops after you send a request

🔴 Banner Grabbing

→ simply connect to a daemon

→ read the banner it sends back to your client (netcat)

to connect to http server:

# nc <server IP> 80

after connecting, you have to send a valid HTTP request

using HEAD HTTP verb:

this will request the header of a resource

nc [server IP] 80
> HEAD / HTTP/1.0

!! Remember the two empty lines that separate the header and the body of the request !!

🟦 Fingerprinting with OpenSSL