this is a simple howto faking banner service, Service banner often contain a lot of information like the real software running, etc. Knowing this (service banner), make our machine be more vurnerable with exploit, because it contain version number, real sofware running, etc. Keep it mind that this won’t make your machine/server more secure against exploit when you run vurnerable service. This article only aims to fake the banner and in this way, fool the script-kiddies. However, your system still be vurnerable to an exploit, if you run a vurnerable service. If a script-kiddies runs his exploit, even if he sees you don’t send out the right banner, you can still be attacked. So, always keep your system up-to-date, see this as an way to decrease the amount of attacks on your system, not as a way to be invulnerable.
let’s start changing the service banner. In this case, i will explain how to change SSH Service Banner.
Current SSH Banner = SSH-2.0-OpenSSH_x.x (default from freebsd)
Wanted SSH Banner = SSH-2.0-just_look_at_me be_with_you_forever
hmmmm….. how?? it’s so simple. just follow this step
open version.h located in /usr/src/crypto/openssh/ then edit these line :
#define SSH_VERSION (ssh_version_get())
#define SSH_RELEASE (ssh_version_get())
#define SSH_VERSION_BASE “just_look_at_me”
#define SSH_VERSION_ADDENDUM “be_with_you_forever”
save version.h and then, go to /usr/src/secure/lib/libssh . Recompile the ssh and restart your ssh service.
make obj && make depend && make && make install
wanna see the changes??? just telnet to your ssh server, or maybe you can use nmap.
tested in FreeBSD 6.0-stable, Freebsd 6.2-Release, and Freebsd 6.3-PRERELEASE, and it works 🙂
And, how about in APACHE web server? ohhohoh, just use additional module called mod security, additional cool module in apache. how? read my last article in friendster blog 🙂
oks, time to sleep now………… byee