How to obtain hostname lists

[str0ke () milw0rm com]

fabio,

I would think your meaning multiple hostnames out of the blue or ip
addresses that have hostnames?

If you wanted multiple hostnames out of the blue you could use a
dictionary file with just random words while using the whois information.
Such as,

lappytop:~# whois goo

GOO.NET
GOO.COM

A little script and you could have more domains in a list then you could
wish for.

If your meaning an axfr then you can find that on google.

On your second question, (os, httpdver) would mean they would have to scan
for this type of information.  The latest nmap can be your friend.
Multiple codes by multiple authors are everywhere for banner scanners.

Im trying to figure out what exactly you want to do.  If you are wanting
to look for vuln servers then you would probably want to scan large
amounts of ip addresses with a banner scanner.  I don't really know if
this is the place for this kind of question but ill take a chance and
answer it.

Regards,
str0ke

///////// Question ///////
Hi.

I would like to know what techniques can Intruders use to obtain a lists
of hostname and attack them with exploits code?
For example, a huge list like:
www.foo.com
www.bar.com

And so on. Also, they can have a lists with certain criteria in common
(os, httpdver) and do a more selective attack. I want to know how they
can obtain hostnames asnd create a huge database for potencial host
victims?

Thanks in advance.

--__--__--

////////// EOF //////////

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html