A penetration tester needs to confirm the version number of a client’s web application server.
Which of the following techniques should the penetration tester use?
A . SSL certificate inspection
B . URL spidering
C . Banner grabbing
D . Directory brute forcing
Answer: C
Explanation:
Banner grabbing is a technique used to gather information about a service running on an open port, which often includes the version number of the application or server.
Here’s why banner grabbing is the correct answer:
Banner Grabbing: It involves connecting to a service and reading the welcome banner or response, which typically includes version information. This is a direct method to identify the version number of a web application server.
SSL Certificate Inspection: While it can provide information about the server, it is not reliable for identifying specific application versions.
URL Spidering: This is used for discovering URLs and resources within a web application, not for version identification.
Directory Brute Forcing: This is used to discover hidden directories and files, not for identifying version information.
Reference from Pentest:
Luke HTB: Shows how banner grabbing can be used to identify the versions of services running on a server.
Writeup HTB: Demonstrates the importance of gathering version information through techniques like banner grabbing during enumeration phases.
Conclusion:
Option C, banner grabbing, is the most appropriate technique for confirming the version number of a web application server.
Latest PT0-003 Dumps Valid Version with 131 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund