Penetration Testing mailing list archives
RE: how to check for hostnames of wildcard-domains
From: "Dario Ciccarone (dciccaro)" <dciccaro () cisco com>
Date: Tue, 14 Feb 2006 09:01:56 -0500
The obvious answer (which is probably wrong - considering its obviousness) would be to do an A query for every name you're interested in (ftp.domain.tld, www.domain.tld, etc), and finally a couple more queries (both, if really paranoid): one for random_name.domain.tld, another for random_name.random_subdomain.domain.tld. Check the answers you got for those two queries against any answer you got before. What are the chances of ftp.domain.tld address == ghd63448211abdyctc.domain.tld == djkdfye653323fhj.sddscll33hdhfg.domain.tld ?
-----Original Message----- From: thomas springer [mailto:tuevsec () gmx net] Sent: Sunday, February 12, 2006 2:32 PM To: pen-test () securityfocus com Subject: how to check for hostnames of wildcard-domains I'm stumbling more and more over domains that have a A-Record for *.domain.tld set in their zonefile - with the effect that every ns-lookup for an A-Record on this domain returns an ip, even if the hostname is not really existing. You might check for the wildcard with a simple "dig *.domain.tld A +short". Is there a way to distinguish the *.dom.tld-matching from a real existing A-Record using a ns-lookup alone? tom -------------------------------------------------------------- ---------------- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------- -----------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- how to check for hostnames of wildcard-domains thomas springer (Feb 12)
- Re: how to check for hostnames of wildcard-domains A. Ramos (Feb 15)
- Re: how to check for hostnames of wildcard-domains thomas springer (Feb 16)
- <Possible follow-ups>
- RE: how to check for hostnames of wildcard-domains Dario Ciccarone (dciccaro) (Feb 15)
- Re: how to check for hostnames of wildcard-domains A. Ramos (Feb 15)