Background Info Gathering & Open Source Flashcards
What is Registration Records (Domain Name)?
Info in IP and domain registries (WHOIS)
WHOIS usually has name and contact info
What is DNS?
Domain Name Server
Used to translate a domain name to IP address - such as google.com
What are 3 DNS Queries?
- Recursive Query
- Iterative Query
- Non-Recursive Query
What is DNS Query - Recursive Query?
DNS Client sends request to DNS Resolver.
Resolver must return an answer - but will query to Authoritative Name Servers before answering.
What is DNS Query - Iterative Query?
DNS Client sends request to DNS Resolver.
Resolver gives good as possible answer.
if no answer - will refer client to other authoritative name servers
What is DNS Query - Non-Recursive?
DNS Client sends request to DNS Resolver.
DNS already knows the answer - so responds immediately.
What is a DNS Zone Transfer?
The process of copying contents of the zone file on a primary DNS server to a secondary DNS server.
- Used when deploying a new DNS server in local environment or internet
- Uses TCP to transfer the DNS Zone/
DNS Zone Transfer Attack
What is it? What information is revealed?
The attack will reveal nameservers, or subdomains that can be attacked or further enumerated.
dig axfr @<DNS_IP>
dig axfr @<DNS_IP> <DOMAIN></DOMAIN></DNS_IP></DNS_IP>
Identify 9 DNS Records
- A record: Holds IP address of domain
- CNAME record: Forwards one domain or subdomain to another domain. Doesn’t provide IP address
- MX record: Directs mail to email server
- TXT record: Lets admin store text notes in the record
- NS record: Stores name server for DNS entry
- SOA record: Stores admin info about a domain
- SRV record: Specifies a port for specific services
- PTR record: Provides a domain name in reverse-lookups
- HINFO: Stores the host info, such as OS, CPU type etc
Customer Website Analysis
- Command to get analysis of info from target website:
AND
- To view from HTML source
Command:
whatweb -v -a 3 <target_IP></target_IP>
View Page Source:
- Check network tab
- Check cookies
- Check page source for app name, versions, etc
Burpsuite for HTTP request interception, forwarding and analysis
What could be used to gain information about a target?
Google Dorks - a google hacking database
Google search parameters:
inurl:
intitle:
site:
keywords include target app name, or words like ‘admin’ ‘login’ ‘camera’ etc
What is Network News transfer Protocol (NNTP)
- Specifies a protocol for distribution, inquiry, retrieval and posting of news articles using a stream-based transmission of news.
- Designed to store news articles in a central database allowing subscriber to select only items they want to read.
- Indexing, cross referencing and expiration of ages messages are provided.
nmap - script=nntp-ntlm-info <target_ip></target_ip>