Re: how to check for hostnames of wildcard-domains

[thomas springer <tuevsec () gmx net>]

A great hint, thank you. This works, but not always:
To stay with isgay:
root@tuevsec ~ # dig A "pentestcheck.isgay.com"
; <<>> DiG 9.3.1 <<>> A pentestcheck.isgay.com
[comments deleted]
;; QUESTION SECTION:
;pentestcheck.isgay.com.                IN      A

;; ANSWER SECTION:
pentestcheck.isgay.com. 14400   IN      CNAME   isgay.com.
isgay.com.              14400   IN      A       66.249.137.17

This works as expected and shows that "pentestcheck.isgay.com" is a
cname-alias. Lets go for another one:

; <<>> DiG 9.3.1 <<>> A pentestcheck.serversniff.net
;; QUESTION SECTION:
;pentestcheck.serversniff.net.  IN      A

;; ANSWER SECTION:
pentestcheck.serversniff.net. 1800 IN   A       85.214.17.152

Hey - this (nonexistant) Hostname has an A-Record. EVERY
hostname.serversniff.net has an A-Record.
How can I separate an EXISTING hostname (with a REAL A-Record) from a
wildcard-A-Record here?

Any more hints?

tom

A. Ramos wrote:

> > Is there a way to distinguish the *.dom.tld-matching from a real
> > existing A-Record using a ns-lookup alone?
> >    
>
> http://www.faqs.org/rfcs/rfc1034.html
>
> A * label appearing in a query name has no special effect, but can be
> used to test for wildcards in an authoritative zone; such a query is the
> only way to get a response containing RRs with an owner name with * in
> it.  The result of such a query should not be cached.
>
> # host -t a "*.unsec.net"
> Host *.unsec.net not found: 3(NXDOMAIN)
>
> f# host -t a "*.isgay.com"
> *.isgay.com is an alias for isgay.com.
> isgay.com has address 66.249.137.17
> *.isgay.com is an alias for isgay.com.
> *.isgay.com is an alias for isgay.com.
> isgay.com mail is handled by 0 isgay.com.
>
>
> --
> A. Ramos  <aka dab>
> mailto: <aramosf () unsec net>
> http://www.unsec.net 
>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner: 
>
> Hackers are concentrating their efforts on attacking applications on your 
> website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
> futile against web application hacking. Check your website for vulnerabilities 
> to SQL injection, Cross site scripting and other web attacks before hackers do! 
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
>
>  


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------