SlideShare a Scribd company logo

Names and virtual host discovery

J
jekil

How to discover new host names and virtual host during your penetration test

Internet
1 of 20
Download to read offline
Names and virtual host discovery Can you spot all names?
@jekil Cuckoo Sandbox (cuckoosandbox.org) Malwr (malwr.com) Secdocs (secdocs.org) Ghiro (getghiro.org) Hostmap
How many entry points?
Virtual hosting 21/tcp (FTP) 42.0.0.42 80/tcp (HTTP) default (42.0.0.42) ftp.antani.com corp.antani.com default (42.0.0.42) www.antani.com admin.antani.com
Check Enumeration process 42.0.0.42 DNS Query Vulnerability Brute force Public DB Info leaks IP list Name list
DNS names enumeration
DNS queries PTR (reverse lookup) NS (name server lookup) MX (mail server lookup) AXFR (zone transfer vuln) SRV (service location lookup) Many resource record types http://en.wikipedia.org/wiki/List_of_DNS_record_types
DNS names brute force Perform many A (AAAA) queries It takes a lot of time It could overload DNS servers You need a good wordlist Not stealth
Service fingerprints
Banner grabbing Services prone to host name leak Host names in response banner By default, by design $ nc 216.18.179.54 25! 220 barracuda.ord1.reflected.net ESMTP (e5fb20dbadbd8bd56b3600247242f162)
SSL/TLS
X.509 Certificate Services over SSL/TLS Some properties could expose host names or IP Example: Common Name (CN) $ openssl s_client -showcerts -connnect 151.22.70.92:443! ....! subject=/C=IT/ST=Venezia/L=Venezia/OU=IT/ O=SAVE S.P.A./CN=my.veniceairport.it
Application layer
Tough applications Host name leak in application/protocol Following HTTP redirects, crawling website Host names in application errors Virtual host names brute forcing at application layer Application host names could be missing in DNS
Passive enumeration
Public data Search engines (dorking) GPG key databases WHOIS DNS history sites Passive DNS Shodan Webarchive Internet census / scans Pick one...
Tools
Tools Bile suite Blacksheepwall DNSenum.pl DNSrecon Hostmap Fierce2 Maltego Metasploit Nmap Recon-ng Theharvester Txdns A pleteora of small scripts...
@jekil - http://jekil.sexy

Recommended

Linux Commands
Linux CommandsLinux Commands
Linux CommandsUtkarsh Sengar
 
Rpm Introduction
Rpm IntroductionRpm Introduction
Rpm IntroductionShrinivasan T
 
Doing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions SouthDoing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions SouthTom Croucher
 
Awk primer and Bioawk
Awk primer and BioawkAwk primer and Bioawk
Awk primer and BioawkHoffman Lab
 
Linux_commands
Linux_commandsLinux_commands
Linux_commandsRohit Kumar
 
Streams for the Web
Streams for the WebStreams for the Web
Streams for the WebDomenic Denicola
 
RedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetch
RedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetchRedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetch
RedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetchRedis Labs
 
Rustでパケットと戯れる
Rustでパケットと戯れるRustでパケットと戯れる
Rustでパケットと戯れるShuyaMotouchi1
 

Recommended

Linux Commands
Linux CommandsLinux Commands
Linux CommandsUtkarsh Sengar
 
Rpm Introduction
Rpm IntroductionRpm Introduction
Rpm IntroductionShrinivasan T
 
Doing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions SouthDoing Horrible Things with DNS - Web Directions South
Doing Horrible Things with DNS - Web Directions SouthTom Croucher
 
Awk primer and Bioawk
Awk primer and BioawkAwk primer and Bioawk
Awk primer and BioawkHoffman Lab
 
Linux_commands
Linux_commandsLinux_commands
Linux_commandsRohit Kumar
 
Streams for the Web
Streams for the WebStreams for the Web
Streams for the WebDomenic Denicola
 
RedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetch
RedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetchRedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetch
RedisConf17 - Internet Archive - Preventing Cache Stampede with Redis and XFetchRedis Labs
 
Rustでパケットと戯れる
Rustでパケットと戯れるRustでパケットと戯れる
Rustでパケットと戯れるShuyaMotouchi1
 
101 3.2 process text streams using filters
101 3.2 process text streams using filters101 3.2 process text streams using filters
101 3.2 process text streams using filtersAcácio Oliveira
 
101 3.2 process text streams using filters
101 3.2 process text streams using filters101 3.2 process text streams using filters
101 3.2 process text streams using filtersAcácio Oliveira
 
Unix Basics Commands
Unix Basics CommandsUnix Basics Commands
Unix Basics CommandsSameeran Jenna
 
Tendências e Evoluções em Armazemamento de Dados
Tendências e Evoluções em Armazemamento de Dados Tendências e Evoluções em Armazemamento de Dados
Tendências e Evoluções em Armazemamento de Dados Jefferson Alcantara
 
Unix Commands
Unix CommandsUnix Commands
Unix CommandsDr.Ravi
 
Alta vista indexing and search engine
Alta vista indexing and search engineAlta vista indexing and search engine
Alta vista indexing and search enginedaomucun
 
Large scale nlp using python's nltk on azure
Large scale nlp using python's nltk on azureLarge scale nlp using python's nltk on azure
Large scale nlp using python's nltk on azurecloudbeatsch
 
Redis, Resque & Friends
Redis, Resque & FriendsRedis, Resque & Friends
Redis, Resque & FriendsChristopher Spring
 
3.2 process text streams using filters
3.2 process text streams using filters3.2 process text streams using filters
3.2 process text streams using filtersAcácio Oliveira
 
Garbage Collection in .NET
Garbage Collection in .NETGarbage Collection in .NET
Garbage Collection in .NETYuriy Shapovalov
 
Mercurial
MercurialMercurial
Mercurialguest4ea435
 
Fun with Ruby and Redis
Fun with Ruby and RedisFun with Ruby and Redis
Fun with Ruby and Redisjavier ramirez
 
Natural Language Toolkit (NLTK), Basics
Natural Language Toolkit (NLTK), Basics Natural Language Toolkit (NLTK), Basics
Natural Language Toolkit (NLTK), Basics Prakash Pimpale
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamCodemotion
 
Node Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionNode Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionYunong Xiao
 
Linux basics
Linux basicsLinux basics
Linux basicsBhaskarNeeluru
 
Basic unix
Basic unixBasic unix
Basic unixRaghu nath
 
PyCon Russian 2015 - Dive into full text search with python.
PyCon Russian 2015 - Dive into full text search with python.PyCon Russian 2015 - Dive into full text search with python.
PyCon Russian 2015 - Dive into full text search with python.Andrii Soldatenko
 
Serializing Ruby Objects in Redis
Serializing Ruby Objects in RedisSerializing Ruby Objects in Redis
Serializing Ruby Objects in RedisBrian Kaney
 
Linux midterm quiz
Linux midterm quizLinux midterm quiz
Linux midterm quizAndrew Ibrahim
 
5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2phanleson
 

More Related Content

What's hot

101 3.2 process text streams using filters
101 3.2 process text streams using filters101 3.2 process text streams using filters
101 3.2 process text streams using filtersAcácio Oliveira
 
101 3.2 process text streams using filters
101 3.2 process text streams using filters101 3.2 process text streams using filters
101 3.2 process text streams using filtersAcácio Oliveira
 
Tendências e Evoluções em Armazemamento de Dados
Tendências e Evoluções em Armazemamento de Dados Tendências e Evoluções em Armazemamento de Dados
Tendências e Evoluções em Armazemamento de Dados Jefferson Alcantara
 
Unix Commands
Unix CommandsUnix Commands
Unix CommandsDr.Ravi
 
Alta vista indexing and search engine
Alta vista indexing and search engineAlta vista indexing and search engine
Alta vista indexing and search enginedaomucun
 
Large scale nlp using python's nltk on azure
Large scale nlp using python's nltk on azureLarge scale nlp using python's nltk on azure
Large scale nlp using python's nltk on azurecloudbeatsch
 
3.2 process text streams using filters
3.2 process text streams using filters3.2 process text streams using filters
3.2 process text streams using filtersAcácio Oliveira
 
Garbage Collection in .NET
Garbage Collection in .NETGarbage Collection in .NET
Garbage Collection in .NETYuriy Shapovalov
 
Fun with Ruby and Redis
Fun with Ruby and RedisFun with Ruby and Redis
Fun with Ruby and Redisjavier ramirez
 
Natural Language Toolkit (NLTK), Basics
Natural Language Toolkit (NLTK), Basics Natural Language Toolkit (NLTK), Basics
Natural Language Toolkit (NLTK), Basics Prakash Pimpale
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamCodemotion
 
Node Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionNode Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionYunong Xiao
 
PyCon Russian 2015 - Dive into full text search with python.
PyCon Russian 2015 - Dive into full text search with python.PyCon Russian 2015 - Dive into full text search with python.
PyCon Russian 2015 - Dive into full text search with python.Andrii Soldatenko
 
Serializing Ruby Objects in Redis
Serializing Ruby Objects in RedisSerializing Ruby Objects in Redis
Serializing Ruby Objects in RedisBrian Kaney
 

What's hot (20)

101 3.2 process text streams using filters
101 3.2 process text streams using filters101 3.2 process text streams using filters
101 3.2 process text streams using filters
 
101 3.2 process text streams using filters
101 3.2 process text streams using filters101 3.2 process text streams using filters
101 3.2 process text streams using filters
 
Unix Basics Commands
Unix Basics CommandsUnix Basics Commands
Unix Basics Commands
 
Tendências e Evoluções em Armazemamento de Dados
Tendências e Evoluções em Armazemamento de Dados Tendências e Evoluções em Armazemamento de Dados
Tendências e Evoluções em Armazemamento de Dados
 
Unix Commands
Unix CommandsUnix Commands
Unix Commands
 
Alta vista indexing and search engine
Alta vista indexing and search engineAlta vista indexing and search engine
Alta vista indexing and search engine
 
Large scale nlp using python's nltk on azure
Large scale nlp using python's nltk on azureLarge scale nlp using python's nltk on azure
Large scale nlp using python's nltk on azure
 
Redis, Resque & Friends
Redis, Resque & FriendsRedis, Resque & Friends
Redis, Resque & Friends
 
3.2 process text streams using filters
3.2 process text streams using filters3.2 process text streams using filters
3.2 process text streams using filters
 
Garbage Collection in .NET
Garbage Collection in .NETGarbage Collection in .NET
Garbage Collection in .NET
 
Mercurial
MercurialMercurial
Mercurial
 
Fun with Ruby and Redis
Fun with Ruby and RedisFun with Ruby and Redis
Fun with Ruby and Redis
 
Natural Language Toolkit (NLTK), Basics
Natural Language Toolkit (NLTK), Basics Natural Language Toolkit (NLTK), Basics
Natural Language Toolkit (NLTK), Basics
 
Redis - for duplicate detection on real time stream
Redis - for duplicate detection on real time streamRedis - for duplicate detection on real time stream
Redis - for duplicate detection on real time stream
 
Node Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In ProductionNode Interactive Debugging Node.js In Production
Node Interactive Debugging Node.js In Production
 
Linux basics
Linux basicsLinux basics
Linux basics
 
Basic unix
Basic unixBasic unix
Basic unix
 
PyCon Russian 2015 - Dive into full text search with python.
PyCon Russian 2015 - Dive into full text search with python.PyCon Russian 2015 - Dive into full text search with python.
PyCon Russian 2015 - Dive into full text search with python.
 
Serializing Ruby Objects in Redis
Serializing Ruby Objects in RedisSerializing Ruby Objects in Redis
Serializing Ruby Objects in Redis
 
Linux midterm quiz
Linux midterm quizLinux midterm quiz
Linux midterm quiz
 

Similar to Names and virtual host discovery

5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfsphanleson
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2phanleson
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016Maarten Balliauw
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealMaarten Balliauw
 
DoSs, DDoS, DrDoS Attacks
DoSs, DDoS, DrDoS AttacksDoSs, DDoS, DrDoS Attacks
DoSs, DDoS, DrDoS AttacksWasim Halani
 
Domain name system
Domain name systemDomain name system
Domain name systemVivek Gautam
 
DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name ServiceJohnny Fortune
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Servervipulvaid
 
PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...
PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...
PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...Puppet
 
CSE dns ppt.pptx
CSE dns ppt.pptxCSE dns ppt.pptx
CSE dns ppt.pptxPandajangal
 

Similar to Names and virtual host discovery (20)

5.Dns Rpc Nfs
5.Dns Rpc Nfs5.Dns Rpc Nfs
5.Dns Rpc Nfs
 
5.Dns Rpc Nfs 2
5.Dns Rpc Nfs 25.Dns Rpc Nfs 2
5.Dns Rpc Nfs 2
 
DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016DNS for Developers - NDC Oslo 2016
DNS for Developers - NDC Oslo 2016
 
DNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo MontrealDNS for Developers - ConFoo Montreal
DNS for Developers - ConFoo Montreal
 
Introduction
IntroductionIntroduction
Introduction
 
Hands-on DNSSEC Deployment
Hands-on DNSSEC DeploymentHands-on DNSSEC Deployment
Hands-on DNSSEC Deployment
 
Dns
DnsDns
Dns
 
DoSs, DDoS, DrDoS Attacks
DoSs, DDoS, DrDoS AttacksDoSs, DDoS, DrDoS Attacks
DoSs, DDoS, DrDoS Attacks
 
Domain name system
Domain name systemDomain name system
Domain name system
 
DNS.pptx
DNS.pptxDNS.pptx
DNS.pptx
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
dns.04f.ppt
dns.04f.pptdns.04f.ppt
dns.04f.ppt
 
DNS Attacks
DNS AttacksDNS Attacks
DNS Attacks
 
DNS – Domain Name Service
DNS – Domain Name ServiceDNS – Domain Name Service
DNS – Domain Name Service
 
Domain Name Server
Domain Name ServerDomain Name Server
Domain Name Server
 
PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...
PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...
PuppetConf 2017: What's in a Name? Scaling ENC with DNS- Cameron Nicholson, A...
 
CSE dns ppt.pptx
CSE dns ppt.pptxCSE dns ppt.pptx
CSE dns ppt.pptx
 
Domain Name System ppt
Domain Name System pptDomain Name System ppt
Domain Name System ppt
 
DNS in the Cloud
DNS in the CloudDNS in the Cloud
DNS in the Cloud
 
D.N.S
D.N.SD.N.S
D.N.S
 

More from jekil

Cuckoo Sandbox: Automated malware analysis
Cuckoo Sandbox: Automated malware analysisCuckoo Sandbox: Automated malware analysis
Cuckoo Sandbox: Automated malware analysisjekil
 
Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...
Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...
Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...jekil
 
Client Side Security Settordici Lugts
Client Side Security Settordici LugtsClient Side Security Settordici Lugts
Client Side Security Settordici Lugtsjekil
 
Android: Introduzione all'architettura, alla programmazione e alla sicurezza
Android: Introduzione all'architettura, alla programmazione e alla sicurezzaAndroid: Introduzione all'architettura, alla programmazione e alla sicurezza
Android: Introduzione all'architettura, alla programmazione e alla sicurezzajekil
 
Security by example
Security by exampleSecurity by example
Security by examplejekil
 
Sviluppo web con Ruby on Rails
Sviluppo web con Ruby on RailsSviluppo web con Ruby on Rails
Sviluppo web con Ruby on Railsjekil
 
XPath Injection
XPath InjectionXPath Injection
XPath Injectionjekil
 
Web Application Insecurity Uncensored
Web Application Insecurity UncensoredWeb Application Insecurity Uncensored
Web Application Insecurity Uncensoredjekil
 
Web Application Insecurity L D2007
Web Application Insecurity L D2007Web Application Insecurity L D2007
Web Application Insecurity L D2007jekil
 
Anonimato In Rete Summer Of Linux2007
Anonimato In Rete Summer Of Linux2007Anonimato In Rete Summer Of Linux2007
Anonimato In Rete Summer Of Linux2007jekil
 
Linux Nelle Aziende Summer Of Linux 2007
Linux Nelle Aziende Summer Of Linux 2007Linux Nelle Aziende Summer Of Linux 2007
Linux Nelle Aziende Summer Of Linux 2007jekil
 
Linux Nelle Aziende Installfest2007
Linux Nelle Aziende Installfest2007Linux Nelle Aziende Installfest2007
Linux Nelle Aziende Installfest2007jekil
 
Sicurezza Informatica Nelle Aziende Installfest2007
Sicurezza Informatica Nelle Aziende Installfest2007Sicurezza Informatica Nelle Aziende Installfest2007
Sicurezza Informatica Nelle Aziende Installfest2007jekil
 
Introduzione all'analisi forense
Introduzione all'analisi forenseIntroduzione all'analisi forense
Introduzione all'analisi forensejekil
 
MySQL
MySQLMySQL
MySQLjekil
 
MySQL 5
MySQL 5MySQL 5
MySQL 5jekil
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systemsjekil
 
La sicurezza informatica nello studio legale
La sicurezza informatica nello studio legaleLa sicurezza informatica nello studio legale
La sicurezza informatica nello studio legalejekil
 

More from jekil (18)

Cuckoo Sandbox: Automated malware analysis
Cuckoo Sandbox: Automated malware analysisCuckoo Sandbox: Automated malware analysis
Cuckoo Sandbox: Automated malware analysis
 
Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...
Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...
Android Introduzione All Architettura Programmazione Sicurezza Serate A Tema ...
 
Client Side Security Settordici Lugts
Client Side Security Settordici LugtsClient Side Security Settordici Lugts
Client Side Security Settordici Lugts
 
Android: Introduzione all'architettura, alla programmazione e alla sicurezza
Android: Introduzione all'architettura, alla programmazione e alla sicurezzaAndroid: Introduzione all'architettura, alla programmazione e alla sicurezza
Android: Introduzione all'architettura, alla programmazione e alla sicurezza
 
Security by example
Security by exampleSecurity by example
Security by example
 
Sviluppo web con Ruby on Rails
Sviluppo web con Ruby on RailsSviluppo web con Ruby on Rails
Sviluppo web con Ruby on Rails
 
XPath Injection
XPath InjectionXPath Injection
XPath Injection
 
Web Application Insecurity Uncensored
Web Application Insecurity UncensoredWeb Application Insecurity Uncensored
Web Application Insecurity Uncensored
 
Web Application Insecurity L D2007
Web Application Insecurity L D2007Web Application Insecurity L D2007
Web Application Insecurity L D2007
 
Anonimato In Rete Summer Of Linux2007
Anonimato In Rete Summer Of Linux2007Anonimato In Rete Summer Of Linux2007
Anonimato In Rete Summer Of Linux2007
 
Linux Nelle Aziende Summer Of Linux 2007
Linux Nelle Aziende Summer Of Linux 2007Linux Nelle Aziende Summer Of Linux 2007
Linux Nelle Aziende Summer Of Linux 2007
 
Linux Nelle Aziende Installfest2007
Linux Nelle Aziende Installfest2007Linux Nelle Aziende Installfest2007
Linux Nelle Aziende Installfest2007
 
Sicurezza Informatica Nelle Aziende Installfest2007
Sicurezza Informatica Nelle Aziende Installfest2007Sicurezza Informatica Nelle Aziende Installfest2007
Sicurezza Informatica Nelle Aziende Installfest2007
 
Introduzione all'analisi forense
Introduzione all'analisi forenseIntroduzione all'analisi forense
Introduzione all'analisi forense
 
MySQL
MySQLMySQL
MySQL
 
MySQL 5
MySQL 5MySQL 5
MySQL 5
 
Intrusion Detection Systems
Intrusion Detection SystemsIntrusion Detection Systems
Intrusion Detection Systems
 
La sicurezza informatica nello studio legale
La sicurezza informatica nello studio legaleLa sicurezza informatica nello studio legale
La sicurezza informatica nello studio legale
 

Recently uploaded

Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtrahman018755
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...SUHANI PANDEY
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋nirzagarg
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...SUHANI PANDEY
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...SUHANI PANDEY
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 

Recently uploaded (20)

Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Real Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirtReal Men Wear Diapers T Shirts sweatshirt
Real Men Wear Diapers T Shirts sweatshirt
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
(INDIRA) Call Girl Pune Call Now 8250077686 Pune Escorts 24x7
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Bilaspur Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
6.High Profile Call Girls In Punjab +919053900678 Punjab Call GirlHigh Profil...
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Pollachi 7001035870 Whatsapp Number, 24/07 Booking
 
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
Sarola * Female Escorts Service in Pune | 8005736733 Independent Escorts & Da...
 
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
Shikrapur - Call Girls in Pune Neha 8005736733 | 100% Gennuine High Class Ind...
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 

Names and virtual host discovery

  • 1. Names and virtual host discovery Can you spot all names?
  • 2. @jekil Cuckoo Sandbox (cuckoosandbox.org) Malwr (malwr.com) Secdocs (secdocs.org) Ghiro (getghiro.org) Hostmap
  • 3. How many entry points?
  • 4. Virtual hosting 21/tcp (FTP) 42.0.0.42 80/tcp (HTTP) default (42.0.0.42) ftp.antani.com corp.antani.com default (42.0.0.42) www.antani.com admin.antani.com
  • 5. Check Enumeration process 42.0.0.42 DNS Query Vulnerability Brute force Public DB Info leaks IP list Name list
  • 7. DNS queries PTR (reverse lookup) NS (name server lookup) MX (mail server lookup) AXFR (zone transfer vuln) SRV (service location lookup) Many resource record types http://en.wikipedia.org/wiki/List_of_DNS_record_types
  • 8. DNS names brute force Perform many A (AAAA) queries It takes a lot of time It could overload DNS servers You need a good wordlist Not stealth
  • 10. Banner grabbing Services prone to host name leak Host names in response banner By default, by design $ nc 216.18.179.54 25! 220 barracuda.ord1.reflected.net ESMTP (e5fb20dbadbd8bd56b3600247242f162)
  • 12. X.509 Certificate Services over SSL/TLS Some properties could expose host names or IP Example: Common Name (CN) $ openssl s_client -showcerts -connnect 151.22.70.92:443! ....! subject=/C=IT/ST=Venezia/L=Venezia/OU=IT/ O=SAVE S.P.A./CN=my.veniceairport.it
  • 14. Tough applications Host name leak in application/protocol Following HTTP redirects, crawling website Host names in application errors Virtual host names brute forcing at application layer Application host names could be missing in DNS
  • 16. Public data Search engines (dorking) GPG key databases WHOIS DNS history sites Passive DNS Shodan Webarchive Internet census / scans Pick one...
  • 17. Tools
  • 18. Tools Bile suite Blacksheepwall DNSenum.pl DNSrecon Hostmap Fierce2 Maltego Metasploit Nmap Recon-ng Theharvester Txdns A pleteora of small scripts...
  • 19.