Re: Several Domains

[ArcSighter <arcsighter () gmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ahmed Zaki wrote:
> Thanks for your reply . 
>
> Apparently its my fault I should have made my question clearer. 
>
> Your target is Company X . The ip of the mail server turned to be
> xxx.xxx.xxx.xxx and that when used to do a reverse DNS lookup gave
> mail.companyx.com , mail.companyx-fs.com, mail.companyx.com.fs ,
> mail.companyxfs.com . As a pentester how would you go about identifying the
> actual domain name that is being used internally . 
>
> I am not asking for networking FACTS here,  I am rather asking the
> pentesters out there about their past experiences thus I identify myself as
> a noob.
>
> I hope this is clearer .

The actual domain name that is being used internally? It depends of what
status you're in the pentest. If, as usual, you're outside the DMZ or
LAN, it won't be possible by just digging into dns records, because in a
 non-stupid configuration, the external dns won't be authoritative on
the LAN zone, in fact, it will contain no clue about this LAN at all;
its records would be only the servers at the DMZ and the forwarders
info. You could try zone transfer or others against that nameserver but
you won't get any possitive results, I think. You have to get INTO the
internal network, if what you're interested is the PDC/BDC names.
Actually, do you known Paterva?



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFJQm/6H+KgkfcIQ8cRAqUDAJwI5u8YxsWnobaiItyS/KZBPgjmrgCeNVkQ
rql4BOGPe/sq9tm4ygZszTI=
=v7ou
-----END PGP SIGNATURE-----

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now

www.cenzic.com/landing/trends-report
------------------------------------------------------------------------