UGN Security Forums UGN Security: Knowledge Base Operating Systems Windows & Windows Security Question about hacking (it is worng to hack)

ok you know if you every wanted to break into a website you need to the know the OS the computer is running off of?? i did a little test i picked any web site. opened telnet and connected through port 80 it connected but when i typed something in and press enter it gave me this.

HTTP/1.1 400 Bad Request
Server: Microsoft- IIS/5.0
Date:sat, 09 Mar 2002 00.32.48 GMT
content-type: text/html
content-length: 87

<html><head><title>error</title></head><body>the parameter is incorrect. </body>
</html>
what does this mean??? does this tell me the OS (operating system)?

First off, what does this have to do with the title of this topic? heh, but I will answer your question anyways. You just received a lot of information! First, the server is running Windows, you can tell that because the server is using Microsoft-IIS/5.0 which is a Windows OS. You can probably guess it's using NT/2K because that's what most servers are using. Next, you know that it's running IIS 5.0 now so you can look for exploits for that server software. Also, you can get the timezone of the server, which doesn't really give you anything but it's an extra tid bit of information.

hey they could be elite by installing wine and running iis :x

meaning??

WINE makes it possible to run windows binarys in linux, therefore if one wanted they could run IIS in linux if they felt like it and configured it correctly.

But the chances of that are very slim because IIS isn't the greatest in the first place on windows, so why bother running it on Linux.

You may want to try running a port scan to see if the box has any open mail servers (almost def). Often times (even if the admin is smart), the true nature of the OS can be determined through these arbitrary ports.
ciao tuto

A side note to my last post; even if you can not get direct information the the open port itself, a finger print of sorts, is what specific ports (in all) are open. You can identify many machines by which ports have been enabled.

WINE is a sort of windows emulator. It is real nice. However my doubts that many people would run a server with WINE. It isn't as stable as I wish it would be. Especially for a use as a server, It still has glitches with some games but I like. Yet it is a good idea but slim. Really interesting stuff. Another nice thing is VMWARE and win4lin, win4lin would prob be used more then WINE if was to run a server. Just curious would it tell you (if used WINE) that it is a Win based OS? I would think not, but not sure. However I know it would if win4lin. Thanks.

rofl.. WINE (WINE Is Not an Emulator) heh..

I may be wrong, but if you were running WINE er Win4Lin etc. and you were running IIS I would think that the information that has been received would not reflect IIS. The reason being is that most of those types of programs run in a protected environment. The true OS running would actually be what replies to information requests like that. So my guess would be that if you see that the server has IIS5.0, it's a Winderz box.

My understanding is that you telnet to the port and the system it self is no longer responding, it is now whatever application may be listening at that port. This would be the webserver so it would reply the information. That is why it said bad request, it was the webserving expecting a HTTP command. Also, I am not sure about IIS but I remember reading something where you could just edit the response that apache would give. So if you wanted you could probably do the same with IIS or they atleast can prevent it giving out that information.
Again, I don't know if you can do it with IIS, but I know alot of server software allows you to customize it. So while it won't stop someone from being able to detect your OS, it will atleast stop yourself by being detected in a large portscan that grabs banners.