Banner Grabbing

What is Banner Grabbing?

Banner grabbing is a technique used by hackers and security teams to gain information about a computer system on a network and services running on its open ports. A banner is a text displayed by a host server containing details like software type and version running in a system or server. The welcome screens divulge software version numbers and other system information on network hosts, giving cybercriminals a leg up on attacking the network.

Banner grabbing involves getting software banner information, such as name and version. Hackers can perform banner grabbing manually or automatically using an OSINT tool. Grabbing a banner is one of the essential phases in both offensive and defensive penetration testing environments.

Key Takeaways

Why Use Banner Grabbing?

Popular services like FTP servers, web servers, SSH servers, and other system daemons expose confidential information about software names, versions, and operating systems. As a result, hackers can run a banner grabbing attack against different protocols to discover insecure and vulnerable applications for compromise and exploitation.

There are many services, protocols, and banner types of information you can collect using a banner grabbing technique. You can develop various tactics and tools for the discovery process. Overall, banner grabbing allows an attacker to discover network hosts and running services with their versions on open ports, as well as operating systems. With the application type and version, a hacker or pen-tester can quickly look for known and exploitable vulnerabilities in that version.

An example of banner grabbing is the enumeration of a Microsoft Windows 7 host exploitable by Eternal Blue (CVE-107-0143). The attacker can grab a service banner that displays whether the SMB service with a vulnerable version is running over it or not. If running, then the hacker can easily exploit the Microsoft server directly with the Eternal Blue attack.

Service Ports used During Banner Grabbing

Popular service ports used for banner include:

Hackers use different tools to perform banner grabbing. They leverage these tools to establish a connection to a target web server then send HTTP requests. In the process, the attacker gets a response containing information about the service running on the host.

Examples of banner grabbing tools include:

At the same time, there are different banner grabbing techniques that hackers and security teams can use.

Preventing Banner Grabbing

You can follow these tips to prevent banner grabbing:

George Mutune

I am a cyber security professional with a passion for delivering proactive strategies for day to day operational challenges. I am excited to be working with leading cyber security teams and professionals on projects that involve machine learning & AI solutions to solve the cyberspace menace and cut through inefficiency that plague today's business environments.