Extracting Web Server Information using Telnet / by R a v e N <===========================================================> http://blacksun.box.sk Welcome to yet another BSRF tutorial. This time, I will teach you most basic command in the HTTP protocol, and how it is possible to extract tons of web server information and other pieces of info using this command only and a telnet client. Okay, you are about to learn what your browser does when you type in, say, blacksun.box.sk. First of all, it connects to blacksun.box.sk on port 80. If there is an answer on the other hand, which means that the port is open (the port is not closed or blocked by any filtering software, such as a firewall) and a TCP session can start, your browser would usually type this: get url HTTP/1.1 (followed by a blank line) url would get replaced by the URL (Universal Resource Locator, or website address) that you requested, with the web server's hostname or IP removed. For example, if you want to get what's on blacksun.box.sk/somepage.html, the URL would be /somepage.html. If you just want to get whatever you're supposed to receive when you enter blacksun.box.sk (usually index.html, index.htm, main.html or main.htm), it would be /. Are you ready to try on your first web experience from a telnet program? Alright, start your favorite telnet application and connect to some website on port 80, and then type: get / HTTP/1.1 For example: let's try www.microsoft.com. Connect to microsoft.com on port 80 and type: get /some-url.html HTTP/1.1 and then hit enter again and you'll probably get something like this: --- cut here --- Server: Microsoft-IIS/5.0 Date: Sun, 02 Apr 2000 17:43:04 GMT Connection: close Content-Length: 3212 Content-Type: text/html
--- cut here ---
So... what do we have here?
Notice the first lines. Hmm... information! Fun!
And guess what? Your probe was not logged, because to microsoft.com you appear merely as a regular web surfer.
Sometimes web servers would give more information, sometimes less, but most of the times you should be able to pull out a bit or two.
And as you should know if you've read our previous tutorials, information gathering is the first step in conducting a successful attack.
The page cannot be found