curl --head http://www.microsoft.com/
HTTP/1.1 200 OK
Date: Tue, 15 Feb 2005 19:38:24
GMT
Server:
Microsoft-IIS/6.0
P3p: CP="ALL IND DSP COR ADM CONo
CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY
PRE PUR UNI"
X-Powered-By: ASP.NET
X-Aspnet-Version: 1.1.4322
Cache-Control: public,
max-age=3544
Expires: Tue, 15 Feb 2005
20:37:28 GMT
Last-Modified: Tue, 15 Feb 2005
17:50:48 GMT
Content-Type: text/html
Via: 1.1 host.example.com (XLR 2.3.0.1.8)
Proxy-Connection: keep-alive
Content-Length: 17023
If you do not have curl,
you may connect to the remote Web server directly using telnet and obtain this information
with these steps:
1. telnet Web_server_IP_address 80
2. Type HEAD / HTTP/1.0 and press Enter twice. The Web
server
version will be returned in a line beginning with with "Server:."
(unless it is configured to hide this information):
Example (apache.org):
telnet www.apache.org 80
HEAD / HTTP/1.0
Server: Microsoft-IIS/6.0
In some cases, the Web server version will not be returned with the HEAD
/ HTTP/1.0 command, but it will be returned by pressing Enter a few
times:
HTTP/1.1 400 Bad Request
Server: Microsoft-IIS/4.0
On 03/17/2003, CERT Advisory CA-2003-09 was released regarding a
buffer overflow
in Microsoft IIS 5.0. We were asked to quickly determine the Web server
version
on our Internet-facing servers.
First, I ran nmap to generate a list of IPs to scan within
our
network. For each IP address, I ran netcat to see if port 80
(http)
or 443 (https) was accessible.
for i in `nmap -n -sL your_network | awk '{print $2}' |
tr
-d '()'`
do
nc -v -z -n -w 2 $i 80 2>&1 | grep open
nc -v -z -n -w 2 $i 443 2>&1 | grep open
done
Example output:
(UNKNOWN) [IP_address] 80 (?) open
(UNKNOWN) [IP_address] 443 (?) open
For each of the IP_addresses returned, attempt to determine the Web server version using the methods above.
Back to brandonhutchinson.com.