Getting a Website's PHP Version

 mod_ssl/2.2.23Another simple task that gives out some nice information is using Telnet or PuTTy. I prefer using PuTTy sicne it supports multiple protocols and Windows 7 doesn't come with Telnet installed (as far as I know). Connect to the web server and request a page that is not there, I just like the 404 error, but whatever floats your boat.

Once you open the connection request a page that isn't there, or a page that may not be there. I typed GET /index.php HTTP/1.1\r\n

As you can see in the image above we have a few nice pieces of information about the remote web server such as it's versions of software it's running.

•  Apache/2.2.23 (Unix)
•  PHP/5.3.18

We can also see some of the modules installed:

• mod_ssl/2.2.23
• OpenSSL/0.9.8e-fips-rhel5
• mod_auth_passthrough/2.1
• mod_bwlimited/1.4
• FrontPage/5.0.2.2635

Packet Capture Forensics with WireShark

WireShark is a network protocol analyzer. This software allows you to monitor and capture and analyze network traffic. I will show you some easy simple tips and tricks for filtering through tons of data to get what your looking for. With all of this raw dump data it can be a very daunting task of filtering the data to get the best results.

Always remember to put it in order, you can do that by making sure the start time is at the top. Simply click the Time column to sort the data by time.

Another thing to do would be to filter the data by the appropriate protocol. The box at the top that says "Filter:" you can start typing the protocol you wish to filter and it may find it for you, click the Apply button on the right and your new filtered data should appear.

If you are looking for a specific string in your data you can search the bytes. In the top menu of WireShark select Edit then Find Packet. Or you can use the shortcut keys Ctfl+F. In the popup box select string from the radio buttons and type your string in the box.