When attempting to find services, and or the version information on a given port, banner grabbing is the most effective method you can use. Utilizing telnet you point the service at a port and let it go to work. This document describes how to do this.
Give The Server The Finger
Finger is an old utility for finding information about users. Unfortunately if remote locations are running the, finger daemon, what can happen is you, too can unearth information in regard to what users are on the remote box.
This can be run in one of 3 ways. You can use a dictionary attack type approach. In this approach you can hunt down every name imaginable under the sun, and load it into a program to help generate a shell script. We will create a windows, and Linux utility that will help in this case to sort you out user names. This way, no one can hide if the service / daemon is running, or open. Figure 1.0 demonstrates the information that can be extrapolated from servers utilizing the finger daemon.
This process as well as all HTTP mapping or source view web sites operate by downloading the web site on a local box and then reviewing the code or how it works off-line. This document helps you understand the process with teleport pro. Although it's an older tool, and may not be used anymore. It's still worth the mention.
SMTP User Isolation
Again, the administrators fall victim to the finger pointing game. However, it shouldn't be only the administrators whom get the majority of the blame. In the security landscape, especially said for the given fact that – if you have an information security division use it! SMTP has it's own issues where it serves up information. As we've seen from banner grabbing, this section deals specifically with the extraction of user names, and verifying who and what is on the target.
So how do we do this? Where do we look? Let us show you ;-)