Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anonymous Zonetransfer (AXFR) exploatation

From: xx yy <thenucker2004 () yahoo com>
Date: Wed, 19 Mar 2008 02:21:37 -0700 (PDT)
I never heard of laws that forbids you to get DNS content from a server. Maybe I am late with the news, but
as long as it is only an information disclosure it shouldnt be less legal than a port scan.

But back to the topic I successfully extracted information using AXFR and I am thinking of a poisoning, 
but again there is a lack of good documentation on this areas or maybe lack of interest.

I have found this as a good reading about AXFR and poisoning
http://cr.yp.to/djbdns/axfr-notes.html#poison
 


----- Original Message ----
From: Radu Oprisan <radu () securesystems ro>
To: Jason Thompson <securitux () gmail com>
Cc: LordDoskias <lorddoskias () gmail com>; xx yy <thenucker2004 () yahoo com>; pen-test () securityfocus com
Sent: Wednesday, March 19, 2008 2:52:45 AM
Subject: Re: anonymous Zonetransfer (AXFR) exploatation

Ok, ok, so i used the verb in the wrong way :).
I was just amazed at "should be considered". I myself still try it from 
time to time, but in this part of the world (yeah, i know Romania has a 
bad reputation) it seldom works.
So, let's stick to the matter at hand: i agree, it should be part of a 
standard pen-test if there are no specific laws against using it even in 
test conditions.

Cheers,
Radu Oprisan


Jason Thompson wrote:

Were? I still do them and find axfr's allowed... not a lot, but for
the 10 seconds it takes to check there's been a few times where I've
downloaded an AD domains' worth of hosts. Even just getting a list of
hosts with a few interesting CNAME entries can give you a few
potential targets or point to domains you weren't previously aware of.

-J

On Tue, Mar 18, 2008 at 11:09 AM, Radu Oprisan <radu () securesystems ro> wrote:
  

LordDoskias wrote:
 >>
 >>
 > The best thing that I can think if to use the information obtained
 > from the zone transfer. Perhaps some "private" hosts will come up that
 > you can look into? To my mind AXFR transfers should be considered as
 > part of the  reconnaissance stage of a pen-test.


 Actually, they were, a long time ago.

    







      ____________________________________________________________________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: