When i was going through the offsec course and took my test.. dare i admit it, but after i was finished i decided to give the rest of the range a indepth scan. Immediately i noticed that there was another BT box on the wire ... how you ask? By looking at the default apache banner.

This is what it looks like every time you fire it up.

root@ph33r:~# nmap -sV 192.168.0.222
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.2.9 ((Ubuntu) PHP/5.2.6-bt0 with Suhosin-Patch)
Service Info: Host: local; OS: Linux
root@ph33r:~#
So it got me thinking, if im out on a pentest and some crafty admin decides to give me a sweep hes going to notice rite away what OS im running. While it might not do much since there is no exploit as of yet ... knowldge is power plain and simple .. and id rather keep that knowldge in my hands.

So lets modify our default banner. These simple lines are all that you need.

sed -i 's/ServerTokens Full/ServerTokens Prod/' /etc/apache2/conf.d/security
sed -i 's/TraceEnable On/TraceEnable Off/' /etc/apache2/conf.d/security
sed -i 's/ServerSignature On/ServerSignature Off/' /etc/apache2/conf.d/security
Now lets look at our banner

root@ph33r:~# nmap -sV 192.168.0.222
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd
Service Info: Host: local; OS: Linux
root@ph33r:~#

While we are at it lets give everyone that logs into our ssh a friendly welcome message.

echo "Can you smell that?" > /etc/motd
echo "Welcome to the vag box!" > /etc/ssh/sshd-banner
echo "Banner /etc/ssh/sshd-banner" >> /etc/ssh/sshd_config
The before

me@lappy:~# ssh root@192.168.0.222
root@192.168.0.222's password:
BackTrack 4 (PwnSauce) Penetration Testing and Auditing Distribution
root@ph33r:~#
The after
me@lappy:~# ssh root@192.168.0.222
Can you smell that?
root@192.168.0.222's password:
Welcome to the vag box!
root@ph33r:~#
While the above is rather harmless to your system the below can quickly bork your sshd. Personally i had had no problems but let this serve as a warning.
YOU CAN SCREW THINGS UP!

Ok so lets ncat into our host on 22 and see what we have.

me@lappy:~# ncat 192.168.0.222 22
SSH-2.0-OpenSSH_5.1p1 Debian-3ubuntu1
Cool no exploits or anything but lets edit it just for fun. First lets make a copy of sshd to work with.

root@ph33r:~# mkdir tmp
root@ph33r:~# cd tmp
root@ph33r:~/tmp# cp /usr/sbin/sshd .
Now let modify it.

root@ph33r:~/tmp# hexedit sshd
Ok a blue window should have popped up, now look at the bottom and notice the commands. We want to use search so press control+w make sure "Search for text string" is in white hit enter. Now type "OpenSSH" hit enter and you will be directed to the exact part you need to modify.

It will look like this, just change everything that is in red to 0 and you will end up with what i have below. If you want to type something else Press TAB and type what you want into the ascii part, just remember there is no backspace.
00053FE0 6E 64 2D 6C 69 6E 65 00 4F 70 65 6E 53 53 48 5F nd-line.OpenSSH_
00053FF0 35 2E 31 70 31 20 44 65 62 69 61 6E 2D 33 75 62 5.1p1 Debian-3ub
00054000 75 6E 74 75 31 00 25 73 2C 20 25 73 0A 00 4B 52 untu1.%s, %s..KR
It should now look like this.

00053FE0 6E 64 2D 6C 69 6E 65 00 4F 70 65 6E 53 53 48 00 nd-line.OpenSSH.
00053FF0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00054000 00 00 00 00 00 00 25 73 2C 20 25 73 0A 00 4B 52 ......%s, %s..KR
When your done hit control+x to save it, and give it a launch, remember it requires the exact path.

root@ph33r:~/tmp# /root/tmp/sshd
root@ph33r:~/tmp# ncat localhost 22
SSH-2.0-OpenSSH
Just make sure you can connect to it and your good to go.
killall sshd
rm /usr/sbin/sshd
mv /root/tmp/sshd /usr/sbin/
Enjoy!