What's the name of the tool you can use to figure out server platform?

MyndFyre · August 29, 2011, 06:48:33 PM

Isn't there a tool you can use to finger a web server to determine what kind of server OS is running? Or does it not need to be behind a firewall? (i.e., it needs more than just the webserver)?

Thanks!

Sidoh · August 29, 2011, 08:09:46 PM

Quote from: MyndFyre on August 29, 2011, 06:48:33 PM
Isn't there a tool you can use to finger a web server to determine what kind of server OS is running? Or does it not need to be behind a firewall? (i.e., it needs more than just the webserver)?

Thanks!

I think nmap is capable of that.

iago · August 29, 2011, 08:30:59 PM

It depends on the configuration. Often, you can just use netcat (or telnet) to connect on 80, and send 'HEAD / HTTP/1.0' (then hit enter twice) and look for the 'Server: ' header. But that doesn't always work.

Alternatively, try nmap -A as root.

Chavo · August 31, 2011, 12:51:42 AM

I generally use nmap, but p0f suits some scenarios better.

MyndFyre · August 31, 2011, 02:40:46 AM

Thanks. A co-worker submitted a configuration change request the other day to remove the "X-Powered-By: ASP.NET" header from our web server. He cited "increased security" as a reason. I was fairly certain that it was a load of balls and thought we should let our security department handle security concerns. :)

Blaze · August 31, 2011, 02:53:03 AM

Quote from: MyndFyre on August 31, 2011, 02:40:46 AM
Thanks. A co-worker submitted a configuration change request the other day to remove the "X-Powered-By: ASP.NET" header from our web server. He cited "increased security" as a reason. I was fairly certain that it was a load of balls and thought we should let our security department handle security concerns. :)

While I understand why you would see this as 'a load of balls', it can help against bad mass-attacks (someone polling a shit ton of servers looking for a specific combination of whatever). It won't do anything against someone attacking you directly, or doing a deep poll (using one of the above tools, etc). While the security risks are marginal, the effort to disable the headers is really small; I would do it. It's also like, 100bytes of bandwidth saved on every request. :D

MyndFyre · August 31, 2011, 03:21:53 AM

Quote from: Blaze on August 31, 2011, 02:53:03 AM
Quote from: MyndFyre on August 31, 2011, 02:40:46 AM
Thanks. A co-worker submitted a configuration change request the other day to remove the "X-Powered-By: ASP.NET" header from our web server. He cited "increased security" as a reason. I was fairly certain that it was a load of balls and thought we should let our security department handle security concerns. :)

While I understand why you would see this as 'a load of balls', it can help against bad mass-attacks (someone polling a shit ton of servers looking for a specific combination of whatever). It won't do anything against someone attacking you directly, or doing a deep poll (using one of the above tools, etc). While the security risks are marginal, the effort to disable the headers is really small; I would do it. It's also like, 100bytes of bandwidth saved on every request. :D

Yet iago's request clearly showed "Server: Microsoft/IIS 7.0" or something like that.

X-Powered-By: ASP.NET presents very little useful information. It shows that the server is running one of four .NET versions on any of at least 3 different versions of Windows Server... Server: Microsoft/IIS 7.0 shows that we're running on Windows 2008.

That said, those hundred bytes could be the difference...

nslay · August 31, 2011, 08:36:47 AM

The original Battle.net servers advertised themselves as Sun Solaris on telnet (port 23, not 6112). However, Yoni and Skywing have always told me that these servers were really Windows-based.

iago · August 31, 2011, 10:02:25 AM

Quote from: MyndFyre on August 31, 2011, 03:21:53 AM
Yet iago's request clearly showed "Server: Microsoft/IIS 7.0" or something like that.

You can usually disable that, too.

I'm not against security by obscurity, necessarily, but as long as you aren't relying on it, it doesn't hurt.

ASP.net is pretty damn obvious if you look at the source, though, unless you use all your own constructs and not their built-in fields, ajax, viewstate, etc etc.

MyndFyre · August 31, 2011, 11:01:47 AM

Quote from: iago on August 31, 2011, 10:02:25 AM
ASP.net is pretty damn obvious if you look at the source, though, unless you use all your own constructs and not their built-in fields, ajax, viewstate, etc etc.

That's not so true anymore with ASP.net MVC. It's gotten rid of all of that other junk like viewstate that gives it away.

iago · August 31, 2011, 11:34:32 AM

Quote from: MyndFyre on August 31, 2011, 11:01:47 AM
Quote from: iago on August 31, 2011, 10:02:25 AM
ASP.net is pretty damn obvious if you look at the source, though, unless you use all your own constructs and not their built-in fields, ajax, viewstate, etc etc.
That's not so true anymore with ASP.net MVC. It's gotten rid of all of that other junk like viewstate that gives it away.

Ah, cool. I haven't been involved in Web stuff much lately.

Clan x86

News:

What's the name of the tool you can use to figure out server platform?

MyndFyre

Sidoh

iago

Chavo

MyndFyre

Blaze

MyndFyre

nslay

iago

MyndFyre

iago