Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anonymous Zonetransfer (AXFR) exploatation

From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 18 Mar 2008 19:48:12 +0000
On 18/03/2008, Radu Oprisan <radu () securesystems ro> wrote:

LordDoskias wrote:
 >>
 >>
 > The best thing that I can think if to use the information obtained
 > from the zone transfer. Perhaps some "private" hosts will come up that
 > you can look into? To my mind AXFR transfers should be considered as
 > part of the  reconnaissance stage of a pen-test.

Actually, they were, a long time ago.


Hmmm.. of course, everybody should know not to allow AXFR, but in
practice you will find a lot of systems which do.

(Murphy's law implies that if a misconfiguration is possible, it
exists somewhere on the internet. I got a complaint to abuse@ once
because we were "attacking" someone's domain controller on port 123.
Turns out he had promoted it to a stratum 1 NTP server and was seeing
a standard ntpd exchange being dropped by his firewall. Nothing
surprises me any more.)

cheers,
 Jamie
-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: