Penetration Testing mailing list archives
Re: anonymous Zonetransfer (AXFR) exploatation
From: xx yy <thenucker2004 () yahoo com>
Date: Wed, 19 Mar 2008 02:21:37 -0700 (PDT)
I never heard of laws that forbids you to get DNS content from a server. Maybe I am late with the news, but as long as it is only an information disclosure it shouldnt be less legal than a port scan. But back to the topic I successfully extracted information using AXFR and I am thinking of a poisoning, but again there is a lack of good documentation on this areas or maybe lack of interest. I have found this as a good reading about AXFR and poisoning http://cr.yp.to/djbdns/axfr-notes.html#poison ----- Original Message ---- From: Radu Oprisan <radu () securesystems ro> To: Jason Thompson <securitux () gmail com> Cc: LordDoskias <lorddoskias () gmail com>; xx yy <thenucker2004 () yahoo com>; pen-test () securityfocus com Sent: Wednesday, March 19, 2008 2:52:45 AM Subject: Re: anonymous Zonetransfer (AXFR) exploatation Ok, ok, so i used the verb in the wrong way :). I was just amazed at "should be considered". I myself still try it from time to time, but in this part of the world (yeah, i know Romania has a bad reputation) it seldom works. So, let's stick to the matter at hand: i agree, it should be part of a standard pen-test if there are no specific laws against using it even in test conditions. Cheers, Radu Oprisan Jason Thompson wrote:
Were? I still do them and find axfr's allowed... not a lot, but for the 10 seconds it takes to check there's been a few times where I've downloaded an AD domains' worth of hosts. Even just getting a list of hosts with a few interesting CNAME entries can give you a few potential targets or point to domains you weren't previously aware of. -J On Tue, Mar 18, 2008 at 11:09 AM, Radu Oprisan <radu () securesystems ro> wrote:LordDoskias wrote: >> >> > The best thing that I can think if to use the information obtained > from the zone transfer. Perhaps some "private" hosts will come up that > you can look into? To my mind AXFR transfers should be considered as > part of the reconnaissance stage of a pen-test. Actually, they were, a long time ago.
____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: anonymous Zonetransfer (AXFR) exploatation, (continued)
- Re: anonymous Zonetransfer (AXFR) exploatation Jamie Riden (Mar 13)
- RE: anonymous Zonetransfer (AXFR) exploatation Shenk, Jerry A (Mar 13)
- Re: anonymous Zonetransfer (AXFR) exploatation LordDoskias (Mar 13)
- Re: anonymous Zonetransfer (AXFR) exploatation Radu Oprisan (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Jason Thompson (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Radu Oprisan (Mar 19)
- Re: anonymous Zonetransfer (AXFR) exploatation Volker Tanger (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Dave Howe (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation mouss (Mar 20)
- Re: anonymous Zonetransfer (AXFR) exploatation Radu Oprisan (Mar 18)
- Re: anonymous Zonetransfer (AXFR) exploatation Jamie Riden (Mar 18)