Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anonymous Zonetransfer (AXFR) exploatation

From: "Jason Thompson" <securitux () gmail com>
Date: Tue, 18 Mar 2008 15:28:49 -0400
Were? I still do them and find axfr's allowed... not a lot, but for
the 10 seconds it takes to check there's been a few times where I've
downloaded an AD domains' worth of hosts. Even just getting a list of
hosts with a few interesting CNAME entries can give you a few
potential targets or point to domains you weren't previously aware of.

-J

On Tue, Mar 18, 2008 at 11:09 AM, Radu Oprisan <radu () securesystems ro> wrote:

LordDoskias wrote:
 >>
 >>
 > The best thing that I can think if to use the information obtained
 > from the zone transfer. Perhaps some "private" hosts will come up that
 > you can look into? To my mind AXFR transfers should be considered as
 > part of the  reconnaissance stage of a pen-test.


 Actually, they were, a long time ago.




 ------------------------------------------------------------------------
 This list is sponsored by: Cenzic

 Need to secure your web apps NOW?
 Cenzic finds more, "real" vulnerabilities fast.
 Click to try it, buy it or download a solution FREE today!

 http://www.cenzic.com/downloads
 ------------------------------------------------------------------------




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: