Service Banner Faking in FreeBSD

this is a simple howto faking banner service, Service banner often contain a lot of information like the real software running, etc. Knowing this (service banner), make our machine be more vurnerable with exploit, because it contain version number, real sofware running, etc. Keep it mind that this won’t make your machine/server more secure against exploit when you run vurnerable service. This article only aims to fake the banner and in this way, fool the script-kiddies. However, your system still be vurnerable to an exploit, if you run a vurnerable service. If a script-kiddies runs his exploit, even if he sees you don’t send out the right banner, you can still be attacked. So, always keep your system up-to-date, see this as an way to decrease the amount of attacks on your system, not as a way to be invulnerable.

let’s start changing the service banner. In this case, i will explain how to change SSH Service Banner.

Current SSH Banner = SSH-2.0-OpenSSH_x.x (default from freebsd)

Wanted SSH Banner = SSH-2.0-just_look_at_me be_with_you_forever

hmmmm….. how?? it’s so simple. just follow this step

open version.h located in /usr/src/crypto/openssh/ then edit these line :

#define SSH_VERSION (ssh_version_get())
#define SSH_RELEASE (ssh_version_get())
#define SSH_VERSION_BASE “just_look_at_me”
#define SSH_VERSION_ADDENDUM “be_with_you_forever”

save version.h and then, go to /usr/src/secure/lib/libssh . Recompile the ssh and restart your ssh service.

make obj && make depend && make && make install

/etc/rc.d/ssh restart

wanna see the changes??? just telnet to your ssh server, or maybe you can use nmap.

simple?? yeahhh…..

tested in FreeBSD 6.0-stable, Freebsd 6.2-Release, and Freebsd 6.3-PRERELEASE, and it works 🙂

And, how about in APACHE web server? ohhohoh, just use additional module called mod security, additional cool module in apache. how? read my last article in friendster blog 🙂

oks, time to sleep now………… byee


3 responses to “Service Banner Faking in FreeBSD

  1. Pingback: Determining a version of SSH from penetration testing? | DL-UAT

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s