Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how to check for hostnames of wildcard-domains

From: "A. Ramos" <aramosf () unsec net>
Date: Tue, 14 Feb 2006 13:15:50 +0100

Is there a way to distinguish the *.dom.tld-matching from a real
existing A-Record using a ns-lookup alone?


http://www.faqs.org/rfcs/rfc1034.html

A * label appearing in a query name has no special effect, but can be
used to test for wildcards in an authoritative zone; such a query is the
only way to get a response containing RRs with an owner name with * in
it.  The result of such a query should not be cached.

# host -t a "*.unsec.net"
Host *.unsec.net not found: 3(NXDOMAIN)

f# host -t a "*.isgay.com"
*.isgay.com is an alias for isgay.com.
isgay.com has address 66.249.137.17
*.isgay.com is an alias for isgay.com.
*.isgay.com is an alias for isgay.com.
isgay.com mail is handled by 0 isgay.com.


--
A. Ramos  <aka dab>
mailto: <aramosf () unsec net>
http://www.unsec.net 


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: