Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: anonymous Zonetransfer (AXFR) exploatation

From: Volker Tanger <vtlists () wyae de>
Date: Tue, 18 Mar 2008 20:49:38 +0100
Greetings!

On Tue, 18 Mar 2008 17:09:19 +0200
Radu Oprisan <radu () securesystems ro> wrote:


LordDoskias wrote:

The best thing that I can think if to use the information obtained 
from the zone transfer. Perhaps some "private" hosts will come up
that you can look into? To my mind AXFR transfers should be
considered as part of the  reconnaissance stage of a pen-test.


Actually, they were, a long time ago.


...and some still are. You might be lucky, you might be not.

The Fierce DNS bruteforcer tries an AXFR first, and if not successful,
it DNS-bruteforces a domain. Thus it covers both approaches with one
tool.

But I am time and again surprised how often an AXFR request still is
successful.

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: