Re: finding dyndns names for existing IP

[Jimi Thompson <jimit () myrealbox com>]

This should be a simple one. Set your DNS server to the DNS server that 
they are using and run dig or nslookup to do a reverse look up (IP to 
name).  Once you get the name then you can do a forward lookup to get 
the IP.   The downside that you are going to have to find out what DNS 
service they are using to provide name resolution. 

Do they host their own web site?

Do they host anything on their own network (email, etc) that requires 
them to regiser a domain name/

If so, you can consult the "WHOIS" database to find out who their name 
service is.

Short of that, I'd try social engineering the name of the name service.

Jimi

Thomas Kerbl wrote:

> Hello,
>
> I'm searching for a way to find DynDns names to existing IPs. We are 
> working on a pen-test for a customer, who has a dynamic IP that 
> changes every day, and it is hard for us to keep track of their 
> Gateway. We simulate an attacker without intern knowledge, so we 
> cannot simple ask for a dyndns name. Social Engineering would be easy, 
> but I'm locking for a technical way to do it. We already tried obvious 
> names like companyname.dyndns.org and similar DNS names.
>
> To try to summarize the problem:
>
> 1) We assume the company uses the DynDns service (or a similar service).
> 2) We got the actual valid IP through social engineering.
> 3) We want to find the dyndns name of this IP to keep track.
>
> Is there a Database hostet by dyndns (or similar service)  we can 
> consult? Or is there a way to do a reverse lookup on the IP?
>
> thanks a lot for any pointers,
> Thomas Kerbl



---------------------------------------------------------------------------
----------------------------------------------------------------------------