Penetration Testing mailing list archives
Re: how to check for hostnames of wildcard-domains
From: thomas springer <tuevsec () gmx net>
Date: Wed, 15 Feb 2006 12:50:49 +0100
A great hint, thank you. This works, but not always: To stay with isgay: root@tuevsec ~ # dig A "pentestcheck.isgay.com" ; <<>> DiG 9.3.1 <<>> A pentestcheck.isgay.com [comments deleted] ;; QUESTION SECTION: ;pentestcheck.isgay.com. IN A ;; ANSWER SECTION: pentestcheck.isgay.com. 14400 IN CNAME isgay.com. isgay.com. 14400 IN A 66.249.137.17 This works as expected and shows that "pentestcheck.isgay.com" is a cname-alias. Lets go for another one: ; <<>> DiG 9.3.1 <<>> A pentestcheck.serversniff.net ;; QUESTION SECTION: ;pentestcheck.serversniff.net. IN A ;; ANSWER SECTION: pentestcheck.serversniff.net. 1800 IN A 85.214.17.152 Hey - this (nonexistant) Hostname has an A-Record. EVERY hostname.serversniff.net has an A-Record. How can I separate an EXISTING hostname (with a REAL A-Record) from a wildcard-A-Record here? Any more hints? tom A. Ramos wrote:
Is there a way to distinguish the *.dom.tld-matching from a real existing A-Record using a ns-lookup alone?http://www.faqs.org/rfcs/rfc1034.html A * label appearing in a query name has no special effect, but can be used to test for wildcards in an authoritative zone; such a query is the only way to get a response containing RRs with an owner name with * in it. The result of such a query should not be cached. # host -t a "*.unsec.net" Host *.unsec.net not found: 3(NXDOMAIN) f# host -t a "*.isgay.com" *.isgay.com is an alias for isgay.com. isgay.com has address 66.249.137.17 *.isgay.com is an alias for isgay.com. *.isgay.com is an alias for isgay.com. isgay.com mail is handled by 0 isgay.com. -- A. Ramos <aka dab> mailto: <aramosf () unsec net> http://www.unsec.net ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- how to check for hostnames of wildcard-domains thomas springer (Feb 12)
- Re: how to check for hostnames of wildcard-domains A. Ramos (Feb 15)
- Re: how to check for hostnames of wildcard-domains thomas springer (Feb 16)
- <Possible follow-ups>
- RE: how to check for hostnames of wildcard-domains Dario Ciccarone (dciccaro) (Feb 15)
- Re: how to check for hostnames of wildcard-domains A. Ramos (Feb 15)