yjh123
asked on
Finding verion of OS and httpd
If I know a machine's IP, open ports such as 23, 79, 80, 110
Is there anyway to find the machine's OS version and httpd's version legally?
Of course I don't have an account on that machine.
Is it considered hacking?
Any advice will be greatly appreciated.
Thanks.
Is there anyway to find the machine's OS version and httpd's version legally?
Of course I don't have an account on that machine.
Is it considered hacking?
Any advice will be greatly appreciated.
Thanks.
Ahhhhh....info from a port scan....I remember those days.....vaguely illicit doings
To answer your second question first, the legality of any of the actions I am going to give you is entirely dependent upon the
sysadmin. Odds are that nothing will happen. However there are a number of people I know personally who widely
prosecute (prosecute meaning chase, not prosecute meaning legal action) anyone who even looks at their machine the wrong
way. The worst I could possibly see happening to you is that your account with your ISP is terminated, and you get a nasty email from
the person who's machine's door you knocked on.
So, here's what you do. I'm only answering this because I used to figure out what OS various corporations ran out of curiosity. I'm not
liable if you use this for the Dark Side. That being said, off we go...
To find the OS:
1) Telnet in to the machine on port 23. If you're lucky, it'll print out the OS.
For Example:
Redhat 5.0 (Hurricane)
Linux 2.0.32 on an Intel
In that case, there you go. Then, instantly log off and hope the guy doesn't go after anyone who telnets in (they really
shouldn't...that's just ridiculous )
2) You can tell what type of OS a lot of times by what kind of services they're running. If port 139 is open, the odds get better its a
WIndows machine. If port 514 is open, it's a lot more likely that it's a Unix machine. None of these are absolutes though. Note that a
strobe or other portscan IS considered an attack by many and will be prosecuted. I police that on my machine. I have a lot of
security options enabled, and if someone portscans me, I nail them. Be forewarned.
3) If port 25 is open, telnet into that. If it gives you a message with "Sendmail 8.8.7" in it, its a UNIX machine. If it says "Exchange
Server", it's probably NT.
To find out the httpd server version, try visiting the website. A lot of educational servers display prominently their web server of
choice. Or, try accessing a web page that you know does not exist. Some servers give you non-generic 404 responses that can
display their httpd version. Or email their webmaster and ask. If you are genuinely curious, there's no harm in asking, is there?
I firmly believe there's no harm in looking around....of course, emailing the administrator can't hurt either. The worst thing they'll say is
"No, I won't tell you", in which case you can then go try the above things. On the other hand, if they tell you, you've saved yourself the
time, trouble, and potential litigation. I always tell people what systems we run if asked (Sun UltraSparc 1 with Solaris 2.5.1, P133 with
Slackware 2.0.33, p233 with Windows NT 4 <NT bites the big one>). Good luck, and please don't do anything improper with this. I'd
feel guilty.
Best Wishes,
Matthew Zito
To answer your second question first, the legality of any of the actions I am going to give you is entirely dependent upon the
sysadmin. Odds are that nothing will happen. However there are a number of people I know personally who widely
prosecute (prosecute meaning chase, not prosecute meaning legal action) anyone who even looks at their machine the wrong
way. The worst I could possibly see happening to you is that your account with your ISP is terminated, and you get a nasty email from
the person who's machine's door you knocked on.
So, here's what you do. I'm only answering this because I used to figure out what OS various corporations ran out of curiosity. I'm not
liable if you use this for the Dark Side. That being said, off we go...
To find the OS:
1) Telnet in to the machine on port 23. If you're lucky, it'll print out the OS.
For Example:
Redhat 5.0 (Hurricane)
Linux 2.0.32 on an Intel
In that case, there you go. Then, instantly log off and hope the guy doesn't go after anyone who telnets in (they really
shouldn't...that's just ridiculous )
2) You can tell what type of OS a lot of times by what kind of services they're running. If port 139 is open, the odds get better its a
WIndows machine. If port 514 is open, it's a lot more likely that it's a Unix machine. None of these are absolutes though. Note that a
strobe or other portscan IS considered an attack by many and will be prosecuted. I police that on my machine. I have a lot of
security options enabled, and if someone portscans me, I nail them. Be forewarned.
3) If port 25 is open, telnet into that. If it gives you a message with "Sendmail 8.8.7" in it, its a UNIX machine. If it says "Exchange
Server", it's probably NT.
To find out the httpd server version, try visiting the website. A lot of educational servers display prominently their web server of
choice. Or, try accessing a web page that you know does not exist. Some servers give you non-generic 404 responses that can
display their httpd version. Or email their webmaster and ask. If you are genuinely curious, there's no harm in asking, is there?
I firmly believe there's no harm in looking around....of course, emailing the administrator can't hurt either. The worst thing they'll say is
"No, I won't tell you", in which case you can then go try the above things. On the other hand, if they tell you, you've saved yourself the
time, trouble, and potential litigation. I always tell people what systems we run if asked (Sun UltraSparc 1 with Solaris 2.5.1, P133 with
Slackware 2.0.33, p233 with Windows NT 4 <NT bites the big one>). Good luck, and please don't do anything improper with this. I'd
feel guilty.
Best Wishes,
Matthew Zito
ASKER
I heard that there is a way to find httpd version by telneting
into port 80. Anyone knows?
into port 80. Anyone knows?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
port 80 may tell you the httpd version.