Certified Ethical Hacker (CEH v10) — Question 88
A Security Engineer at a medium-sized accounting firm has been tasked with discovering how much information can be obtained from the firm's public facing web servers. The engineer decides to start by using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK -
Server: Microsoft-IIS/6 -
Expires: Tue, 17 Jan 2011 01:41:33 GMT
Date: Mon, 16 Jan 2011 01:41:33 GMT
Content-Type: text/html -
Accept-Ranges: bytes -
Last-Modified: Wed, 28 Dec 2010 15:32:21 GMT
ETag: "b0aac0542e25c31:89d"
Content-Length: 7369 -
Which of the following is an example of what the engineer performed?
Answer options
- A. Cross-site scripting
- B. Banner grabbing
- C. SQL injection
- D. Who is database query
Correct answer: B
Explanation
The correct answer is B, as banner grabbing refers to the technique of retrieving information about a service running on a server, which is exactly what the engineer did by examining the HTTP headers. Option A, Cross-site scripting, involves injecting scripts into web pages, which is not relevant here. Option C, SQL injection, pertains to manipulating SQL queries, and option D, Who is database query, is about domain information retrieval, neither of which apply to the engineer's actions.