Background Info Gathering & Open Source Flashcards

1
Q

What is Registration Records (Domain Name)?

A

Info in IP and domain registries (WHOIS)

WHOIS usually has name and contact info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is DNS?

A

Domain Name Server
Used to translate a domain name to IP address - such as google.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are 3 DNS Queries?

A
  • Recursive Query
  • Iterative Query
  • Non-Recursive Query
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is DNS Query - Recursive Query?

A

DNS Client sends request to DNS Resolver.
Resolver must return an answer - but will query to Authoritative Name Servers before answering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is DNS Query - Iterative Query?

A

DNS Client sends request to DNS Resolver.
Resolver gives good as possible answer.
if no answer - will refer client to other authoritative name servers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is DNS Query - Non-Recursive?

A

DNS Client sends request to DNS Resolver.
DNS already knows the answer - so responds immediately.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a DNS Zone Transfer?

A

The process of copying contents of the zone file on a primary DNS server to a secondary DNS server.
- Used when deploying a new DNS server in local environment or internet
- Uses TCP to transfer the DNS Zone/

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

DNS Zone Transfer Attack
What is it? What information is revealed?

A

The attack will reveal nameservers, or subdomains that can be attacked or further enumerated.

dig axfr @<DNS_IP>
dig axfr @<DNS_IP> <DOMAIN></DOMAIN></DNS_IP></DNS_IP>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Identify 9 DNS Records

A
  • A record: Holds IP address of domain
  • CNAME record: Forwards one domain or subdomain to another domain. Doesn’t provide IP address
  • MX record: Directs mail to email server
  • TXT record: Lets admin store text notes in the record
  • NS record: Stores name server for DNS entry
  • SOA record: Stores admin info about a domain
  • SRV record: Specifies a port for specific services
  • PTR record: Provides a domain name in reverse-lookups
  • HINFO: Stores the host info, such as OS, CPU type etc
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Customer Website Analysis
- Command to get analysis of info from target website:
AND
- To view from HTML source

A

Command:
whatweb -v -a 3 <target_IP></target_IP>

View Page Source:
- Check network tab
- Check cookies
- Check page source for app name, versions, etc

Burpsuite for HTTP request interception, forwarding and analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What could be used to gain information about a target?

A

Google Dorks - a google hacking database

Google search parameters:
inurl:
intitle:
site:
keywords include target app name, or words like ‘admin’ ‘login’ ‘camera’ etc

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Network News transfer Protocol (NNTP)

A
  • Specifies a protocol for distribution, inquiry, retrieval and posting of news articles using a stream-based transmission of news.
  • Designed to store news articles in a central database allowing subscriber to select only items they want to read.
  • Indexing, cross referencing and expiration of ages messages are provided.

nmap - script=nntp-ntlm-info <target_ip></target_ip>

How well did you know this?
1
Not at all
2
3
4
5
Perfectly