A Security Engineer at a medium-sized accounting firm has been tasked with discovering how
much information can be obtained from the firm’s public facing web servers. The engineer decides
to start by using netcat to port 80.
The engineer receives this output:
HTTP/1.1 200 OK
Server: Microsoft-IIS/6
Expires: Tue, 17 Jan 2011 01:41:33 GMT
DatE. Mon, 16 Jan 2011 01:41:33 GMT
Content-TypE. text/html
Accept-Ranges: bytes
Last-ModifieD. Wed, 28 Dec 2010 15:32:21 GMT
ETaG. “b0aac0542e25c31:89d”
Content-Length: 7369
Which of the following is an example of what the engineer performed?
A.
Cross-site scripting
B.
Banner grabbing
C.
SQL injection
D.
Whois database query