Banner capturing is a technique used to gather information about services on a remote computer, useful for system administration and ethical hacking. Malicious hackers also use it to find vulnerable hosts. Telnet and proprietary programs can be used to establish a connection and collect banner messages, which can reveal compromising information about services running on a system. Default banners often contain information about the service, such as the version number. Banner capturing can be used for HTTP fingerprinting and inventorying all the different services and systems operating on a host.
Banner capturing is an activity used to determine information about services running on a remote computer. This technique can be useful for administrators in cataloging their systems, and ethical hackers can also use it during penetration testing. Malicious hackers also use banner capturing, as the technique can reveal compromising information about services running on a system. The technique works by using Telnet, or a proprietary program, to establish a connection with a remote machine, after which an incorrect request is sent. This will cause a vulnerable host to respond with a banner message, which could contain information that a hacker could use to further compromise a system.
In a computer networking context, the term banner typically refers to a message that a service broadcasts when another program connects to it. Default banners often consist of information about a service, such as the version number. The banner for a Hypertext Transfer Protocol (HTTP) service will typically display the server software type, version number, last modified, and other similar information. When a program like Telnet is used to intentionally collect this information, it is usually referred to as a banner capture.
A few different types of software, including Telnet and various proprietary programs, can be used to do banner grabbing. Telnet is a type of network protocol used to establish a virtual terminal connection with a remote host. Most operating systems (OSs) ship with the ability to establish Telnet sessions, so this is one of the main ways banner capture is done. Whether using Telnet or another program, banners are acquired by connecting to a host and then sending a request to a port associated with a particular service, such as port 80 for HTTP.
One purpose of banner capture is system administration, in which case it can be useful for HTTP fingerprinting and other tasks. An administrator can also use the technique to perform an inventory on all the different services and systems operating on the host for which they are responsible. It usually establishes a Telnet connection with the host, then queries each port and catalogs the results. White hat hackers can also use the technique during the planning phase of a penetration test.
Malicious hackers also often use banner capture when looking for vulnerable hosts. They typically establish a connection with a host, then poll ports for vulnerable services. Because default banners often include the type and version of server software, services with known exploits can be identified. The hacker can then use those exploits to carry out further attacks.
Protect your devices with Threat Protection by NordVPN
