Doing ASP.Net hunting these days can be considered my introduction. The idea is very simple, the main purpose is to identify the Banner returned by the remote host and determine the remote host server. This may not be accurate because qualified administrators may modify the banner.
The code is as follows (found from my web hunt, using VB.Net)
Dim swWriter As StreamWriter
'Used to transmit data to the network infrastructure data flow
Dim nsStream As NetworkStream
'Create a network-based data flow for sending data
Dim tcpClient2 As TcpClient
'Through it, a TCP connection request is made to the remote host
Dim sHostName As String
Dim srRead As StreamReader
'Read data from the network infrastructure data stream
'HTTP service hunt
If TcpConnect(ZSIP, 80) = "CG" Then
OppHTTP.Text = "HTTP service has been started! Service software type: unknown"
Try
'tcpClient = New TcpClient(IPAddress, Port)
tcpClient2 = New TcpClient(ZSIP.ToString(), 80)
tcpClient2.ReceiveTimeout = 1000000
tcpClient2.SendTimeout = 1000000
'Make a TCP connection request for port 8000 of the remote host
nsStream = tcpClient2.GetStream()
'Apply and obtain the network basic data flow for transmitting data
swWriter = New StreamWriter(nsStream)
swWriter.WriteLine("Get /index.htm HTTP/1.1")
swWriter.WriteLine("Host:" & IP.Text)
swWriter.WriteLine("Accept:*/*")
swWriter.WriteLine("Referer:")
swWriter.WriteLine()
'Refresh the data in the current data stream
swWriter.Flush()
srRead = New StreamReader(nsStream, Encoding.Default)
'Initialize the StreamReader instance with the obtained network basic data stream
Dim L As Integer = 0
Do While Not srRead.Peek = -1 And L < 20
StrHttp = StrHttp & srRead.ReadLine()
L = L + 1
Loop
If InStr(StrHttp, "IIS") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: IIS version unknown"
SystemFW = "WindowsNT/2000/XP/2003"
End If
If InStr(StrHttp, "Apache") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache version unknown"
End If
If InStr(StrHttp, "Netscape-Enterprise") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Netscape-Enterprise version unknown"
End If
If InStr(StrHttp, "Microsoft-IIS/5.0") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: IIS 5.0"
SystemFW = "Windows2000"
End If
If InStr(StrHttp, "Microsoft-IIS/5.1") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: IIS 5.1"
SystemFW = "Windows2000/XP"
End If
If InStr(StrHttp, "Microsoft-IIS/6.0") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: IIS 6.0"
SystemFW = "Windows2003"
End If
If InStr(StrHttp, "Apache/2") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 2.x"
End If
If InStr(StrHttp, "Apache/2.0.54") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 2.0.54"
End If
If InStr(StrHttp, "Apache/2.0.52") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 2.0.52"
End If
If InStr(StrHttp, "Apache/2.1.6") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 2.1.6"
End If
If InStr(StrHttp, "Apache/1.3.2") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 1.3.x"
End If
If InStr(StrHttp, "Apache/1.3.20") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 1.3.20"
End If
If InStr(StrHttp, "Apache/1.3.23") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 1.3.23"
End If
If InStr(StrHttp, "Apache/1.3.26") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 1.3.26"
End If
If InStr(StrHttp, "Apache/1.3.27") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 1.3.27"
End If
If InStr(StrHttp, "Apache/1.3.33") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Apache 1.3.33"
End If
If InStr(StrHttp, "Netscape-Enterprise/4.1") > 0 Then
OppHTTP.Text = "HTTP service has been started! Service software type: Netscape-Enterprise 4.1"
End If
If InStr(StrHttp, "Unix") > 0 Then
SystemFW = "Unix/Linux-like system"
End If
Catch
End Try
is extracted, some variables are not defined. You can figure it out yourself.
ZSIP: the real IP analyzed