Why was the error sent as a web page?
Using Telnet to Test TCP Services
a. In Part 1, nginx was found to be running and assigned to port 80 TCP. Although a quick Google search revealed that nginx is a lightweight web server, how would an analyst be sure of that? What if an attacker changed the name of a malware program to nginx, just to make it look like the popular web server? Use telnet to connect to the local host on port 80 TCP:
[analyst@secOps ~]$ telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
b. Press a few letters on the keyboard. Any key will work. After a few keys are pressed, press ENTER. Below is the full output, including the Telnet connection establishment and the random keys pressed (fdsafsdaf, this case):
fdsafsdaf
HTTP/1.1 400 Bad Request
Server: nginx/1.10.2
Date: Tue, 28 Feb 2017 20:09:37 GMT
Content-Type: text/html
Content-Length: 173
Connection: close
400 Bad Request
400 Bad Request
nginx/1.10.2
Connection closed by foreign host.
Thanks to the Telnet protocol, a clear text TCP connection was established, by the Telnet client, directly to the nginx server, listening on 127.0.0.1 port 80 TCP. This connection allows us to send data directly to the server. Because nginx is a web server, it does not understand the sequence of random letters sent to it and returns an error in the format of a web page.
Nginx is a web server and as such, only speaks the HTTP protocol.
You might also like to view...
A compact flash card
A) Comes in only one size and type B) Is used in mobile devices as storage C) Requires batteries installed to work D) Is inserted in the motherboard
Answer the following statements true (T) or false (F)
1) The Regex and Match classes are in the System.Text namespace. 2) You can use classes Regex and Match to find patterns in a string. 3) Characters consist of only the capital and lowercase letters. 4) A string is a composition of characters used as one object.