Wednesday, 27 March 2013

Information Gathering : DNS Analysis

Hello guys, in this post i will try to gather information from websites with provided tools in backtrack. the target website is www.is2c-dojo.com and www.spentera.com. i will try the active and passive Information Gathering, and i will try to get information from that website as many as i can.
as we know, information gathering consist of two techniques, the passive information gathering and active information gathering . now let's get started.

Active information gathering
how can we get information if we just know the domain? firstly we can use nmap to get information about IP, operating system and open ports. general syntax for nmap : nmap [Scan Type(s)] [Options] {target specification}let's give a try!

nmap -O www.is2c-dojo.com


nmap -O www.spentera.com


from the syntax above i can get the information about IP, OS version, firewall type, and open ports. now let's dig deeper into the system.

One of the valuable information in website is DNS, and i will try to get DNS information using dnsenum. 
general syntax : dnsenum.pl [Options] <domain>

./dnsenum.pl www.is2c-dojo.com


./dnsenum.pl www.spentera.com

from dnsenum we obtained information about host addresses, name servers, and mail server.

not satisfied with the finding? now let's try one more tools, called  dnsmap. dnsmap is a tool to get the IP addresses associated with a domain name. general syntax of dnsmap is : dnsmap <target-domain> [options].

 now let's use dnsmap for is2c-dojo.com and spentera.com
./dnsmap is2c-dojo.com

./dnsmap spentrea.com
Passive Information Gathering
there are numbers of technique for passive information gathering, but i only write about some of them. first tool that i use is "googling". i will input simple query to the google website and see how many results found.

site:is2c-dojo.com

found 516 results

site:spentera.com

found 317 results

the second tool that i will use is whois to obtain the informations legally provided for the domain name rental. she syntax is : whois <domain>. let's try in is2c-dojo.com and spentera.com.

whois is2c-dojo.com




whois spentera.com




i think that's enough for today's post, i will continue my writing about information security in the next time, and last but not least sorry for my bad english :)
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)