There is a simple way of finding out what version of ASP.NET applications a web server is currently using. By observing the response from the target server after submitting the request to the /trace.axd or /approot/trace.axd, noted that the version is leaked in the response header:
user@machine [501]$ telnet {target} {port/normally 80 for web server}
Trying x.x.x.x…
Connected to x.x.x.x.
Escape character is ‘^]’.
HEAD /trace.axd HTTP/1.0HTTP/1.1 403 Forbidden
Connection: close
Date: Sun, 06 Apr 2008 04:08:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 2062Connection closed by foreign host.
ps: ASP.NET provides trace functionality which aids debugging process and allows diagnostic information about a single request for an ASP.NET page to be viewed. Debug statements can be directly written in the code without having to remove them from the application when it is deployed to production servers.
