Web server fingerprinting is one of the critical task for a penetration tester. By knowing the version and type of a running web server allows testers to determine known vulnerabilities and the appropriate exploits to use during testing. Geting the information about the types and version of the services that uses in the web server helps to find known vuln and exploites for that services during the test. A peneration tester will store information related to how each type of web server responds to specific commands. The tester can send these commands to the web server, analyze the response, and compare it to the database of known signatures.
Example
$ nc 202.41.76.251 80
HEAD / HTTP/1.0
HTTP/1.1 200 OK
Date: Mon, 16 Jun 2003 02:53:29 GMT
Server: Apache/1.3.3 (Unix) (Red Hat/Linux)
Last-Modified: Wed, 07 Oct 1998 11:18:14 GMT
ETag: "1813-49b-361b4df6"
Accept-Ranges: bytes
Content-Length: 1179
Connection: close
Content-Type: text/html
By analyzing the response the tester will know the server type. This gives an idea to the tester on how to attack.
Impact
A tester can find any possible vulnerabilities in the application and can exploit that vulnerability to attack the system.
Mitigation / Precaution
- Make sure to hide the web server. Atleast make sure to hide the version number
