Information Gathering
This time i will explain about information gathering website, there are :
- IS2C-DOJO.NET
-IS2C-DOJO.COM
-SPENTERA.COM
1. the first i will explain IS2C-DOJO.NET about information have i got.
to get the information i use some tools by backtrack.
like this
>>> #root@bt:~# dmitry -snpfbw is2c-dojo.net
-Host Ip
-Host Name
-Domain Name
-Registrar
-Who is server
-Referral URL
-Name Server
-Port = 80 (in this session just get one port = 80)
-etc..
>>> root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl is2c-dojo.net
dnsenum.pl VERSION:1.2.2
----- is2c-dojo.net -----
Host's addresses:
__________________
is2c-dojo.net
28800 IN A 216.239.32.21
Name Servers:
______________
partnerit1.earth.orderbox-dns.com
172800 IN A 67.15.47.189
partnerit1.earth.orderbox-dns.com
172800 IN A 67.15.47.188
partnerit1.earth.orderbox-dns.com
172800 IN A 67.15.253.219
partnerit1.earth.orderbox-dns.com
172800 IN A 67.15.253.220
partnerit1.mars.orderbox-dns.com
172800 IN A 184.173.150.57
partnerit1.mars.orderbox-dns.com
172800 IN A 184.173.149.222
partnerit1.mars.orderbox-dns.com
172800 IN A 184.173.150.58
partnerit1.mars.orderbox-dns.com
172800 IN A 184.173.149.221
partnerit1.mercury.orderbox-dns.com
172800 IN A 50.23.136.174
partnerit1.mercury.orderbox-dns.com
172800 IN A 50.23.136.173
partnerit1.mercury.orderbox-dns.com
172800 IN A 50.23.136.230
partnerit1.mercury.orderbox-dns.com
172800 IN A 50.23.136.229
partnerit1.venus.orderbox-dns.com
172800 IN A 50.23.75.44
partnerit1.venus.orderbox-dns.com
172800 IN A 50.23.75.96
partnerit1.venus.orderbox-dns.com
172800 IN A 50.23.75.45
partnerit1.venus.orderbox-dns.com
172800 IN A 50.23.75.97
Mail (MX) Servers:
___________________
Trying Zone Transfers and getting Bind
Versions:
_________________________________________________
Trying Zone Transfer for is2c-dojo.net
on partnerit1.earth.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.earth.orderbox-dns.com Bind
Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
Trying Zone Transfer for is2c-dojo.net
on partnerit1.mars.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.mars.orderbox-dns.com Bind
Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
Trying Zone Transfer for is2c-dojo.net
on partnerit1.mercury.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.mercury.orderbox-dns.com
Bind Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
Trying Zone Transfer for is2c-dojo.net
on partnerit1.venus.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.venus.orderbox-dns.com Bind
Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
brute force file not specified, bay.
>>> root@bt:/pentest/enumeration/dns/dnsenum#
./dnsenum.pl -f dns.txt is2c-dojo.net
dnsenum.pl VERSION:1.2.2
----- is2c-dojo.net -----
Host's addresses:
__________________
is2c-dojo.net
28118 IN A 216.239.38.21
is2c-dojo.net
28118 IN A 216.239.32.21
is2c-dojo.net
28118 IN A 216.239.34.21
is2c-dojo.net
28118 IN A 216.239.36.21
Name Servers:
______________
partnerit1.earth.orderbox-dns.com
172118 IN A 67.15.47.189
partnerit1.earth.orderbox-dns.com
172118 IN A 67.15.253.219
partnerit1.earth.orderbox-dns.com
172118 IN A 67.15.253.220
partnerit1.earth.orderbox-dns.com
172118 IN A 67.15.47.188
partnerit1.mars.orderbox-dns.com
172118 IN A 184.173.149.222
partnerit1.mars.orderbox-dns.com
172118 IN A 184.173.150.57
partnerit1.mars.orderbox-dns.com
172118 IN A 184.173.150.58
partnerit1.mars.orderbox-dns.com
172118 IN A 184.173.149.221
partnerit1.mercury.orderbox-dns.com
172118 IN A 50.23.136.229
partnerit1.mercury.orderbox-dns.com
172118 IN A 50.23.136.230
partnerit1.mercury.orderbox-dns.com
172118 IN A 50.23.136.173
partnerit1.mercury.orderbox-dns.com
172118 IN A 50.23.136.174
partnerit1.venus.orderbox-dns.com
172118 IN A 50.23.75.96
partnerit1.venus.orderbox-dns.com
172118 IN A 50.23.75.97
partnerit1.venus.orderbox-dns.com
172118 IN A 50.23.75.44
partnerit1.venus.orderbox-dns.com
172118 IN A 50.23.75.45
Mail (MX) Servers:
___________________
Trying Zone Transfers and getting Bind
Versions:
_________________________________________________
Trying Zone Transfer for is2c-dojo.net
on partnerit1.earth.orderbox-dns.com ...
AXFR record query failed: query timed
out
Unable to obtain Server Version for
partnerit1.earth.orderbox-dns.com : query timed out
Trying Zone Transfer for is2c-dojo.net
on partnerit1.mars.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.mars.orderbox-dns.com Bind
Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
Trying Zone Transfer for is2c-dojo.net
on partnerit1.mercury.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.mercury.orderbox-dns.com
Bind Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
Trying Zone Transfer for is2c-dojo.net
on partnerit1.venus.orderbox-dns.com ...
AXFR record query failed: NOERROR
partnerit1.venus.orderbox-dns.com Bind
Version: LServed by POWERDNS 3.0 $Id: packethandler.cc 2231
2011-07-11 07:25:27Z ahu $
Brute forcing with dns.txt:
____________________________
www.is2c-dojo.net
28800 IN CNAME
ghs.google.com
601675 IN CNAME
ghs.l.google.com
171 IN A 74.125.31.121
is2c-dojo.net class C netranges:
_________________________________
216.239.32.0/24
Performing reverse lookup on 1024 ip
addresses:
________________________________________________
0 results out of 1024 IP addresses.
is2c-dojo.net ip blocks:
_________________________
done.
>>> root@bt:~# nmap -sV 216.239.32.21
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-26 19:08 WIT
Nmap scan report for any-in-2015.1e100.net (216.239.32.21)
Host is up (0.052s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
113/tcp closed ident
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 207.24 seconds
2. the Second IS2C-DOJO.COM
>>> root@bt:~# nmap -sV 216.239.32.21
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-26 19:08 WIT
Nmap scan report for any-in-2015.1e100.net (216.239.32.21)
Host is up (0.052s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http?
113/tcp closed ident
Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 207.24 seconds
root@bt:~# nmap -A 216.239.32.21
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-01-26 20:13 WIT
Nmap scan report for any-in-2015.1e100.net (216.239.32.21)
Host is up (0.057s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE VERSION
80/tcp open http Google httpd 2.0 (GFE)
|_http-title: Error 404 (Not Found)!!1
|_http-methods: No Allow or Public header in OPTIONS response (status code 404)
113/tcp closed ident
Device type: router|general purpose
Running (JUST GUESSING): Adtran embedded (87%), Microsoft Windows Vista (85%)
OS CPE: cpe:/o:microsoft:windows_vista::sp1:home_premium
Aggressive OS guesses: Adtran NetVanta 1224R router (87%), Microsoft Windows Vista Home Premium SP1 (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 11 hops
Service Info: OS: Linux; CPE: cpe:/o:linux:kernel
TRACEROUTE (using port 113/tcp)
HOP RTT ADDRESS
1 2.83 ms 192.168.1.1
2 6.03 ms 118.96.144.1
3 6.24 ms 125.160.15.181
4 37.49 ms 17.subnet118-98-57.astinet.telkom.net.id (118.98.57.17)
5 42.10 ms 118.98.15.29
6 41.37 ms 181.subnet118-98-57.astinet.telkom.net.id (118.98.57.181)
7 42.81 ms 37.subnet118-98-56.astinet.telkom.net.id (118.98.56.37)
8 38.53 ms 6.subnet118-98-59.astinet.telkom.net.id (118.98.59.6)
9 36.35 ms 42.subnet118-98-59.astinet.telkom.net.id (118.98.59.42)
10 69.41 ms 180.240.190.13
11 37.06 ms any-in-2015.1e100.net (216.239.32.21)
OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 371.10 seconds
2. the Second IS2C-DOJO.COM
to get the information i use some tools by backtrack.
like this
#root@bt:~# dmitry -snpfbw is2c-dojo.com
we can see about information :
-Host Ip
-Host Name
-Domain Name
-Registrar
-Who is server
-Referral URL
-Name Server
-Port = 21,25,26 (in this session just get some ports)
-etc..
>>>
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl is2c-dojo.net
we can see information about :
-Host's addresses
-Name Servers
-Mail (MX) Servers
3. the Last
SPENTERA.COM
we can see about information :
-Host Ip
-Host Name
-Domain Name
-Registrar
-Who is server
-Referral URL
-Name Server
-Port = 21,25,26 (in this session just get some ports)
-etc..
>>> root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl spentera.com
we can see information about :
-Host's addresses
-Name Servers
-Mail (MX) Servers
INFORMATION PASSIVE
1. Online testing www.netcraft.com
WWW.IS2C-DOJO.NET
WWW.IS2C-DOJO.COM
WWW.SPENTERA.COM
Tidak ada komentar:
Posting Komentar