Info BackTrack

Linux & Security Tutorial

Information Gathering DNS Menggunakan Dnsmap – Subdomain brute-forcing


Dnsmap berfungsi untuk pengumpulan / pencacahan informasi sebagai penilaian keamanan infrastruktur.

Dnsmap dapat digunakan untuk:

1. Mencari subdomain (misalnya: https://extranet.example.com)

2. Mencari konfigurasi atau unpatched server (misalnya: test.example.com)

3. Menemukan nama domain yang memetakan netblocks non-obvious/hard-to-find

4. Mmenghitung server internal dari server target ke Internet dengan hanya menggunakan standar DNS resolving (sebagai oppossed untuk zona transfer).

-Cara menggunakan Dnsmap dalam tes penetrasi.

lindo@laptop:/pentest/enumeration/dns/dnsmap# ./dnsmap rcti.tv -r results.txt
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)

[+] searching (sub)domains for rcti.tv using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests

email.rcti.tv
IP address #1: 202.147.204.168

ftp.rcti.tv
IP address #1: 203.153.106.35

localhost.rcti.tv
IP address #1: 127.0.0.1
[+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)

m.rcti.tv
IP address #1: 202.147.193.214

mail.rcti.tv
IP address #1: 202.147.204.147

vpn.rcti.tv
IP address #1: 202.147.204.130

webmail.rcti.tv
IP address #1: 202.147.204.147

www.rcti.tv
IP address #1: 202.147.200.138

[+] 8 (sub)domains and 8 IP address(es) found
[+] regular-format results can be found on results.txt
[+] completion time: 5106 second(s)


lindo@laptop:/pentest/enumeration/dns/dnsmap# head results.txt
email.rcti.tv
IP address #1: 202.147.204.168

ftp.rcti.tv
IP address #1: 203.153.106.35

localhost.rcti.tv
IP address #1: 127.0.0.1
[+] warning: domain might be vulnerable to "same site" scripting (http://snipurl.com/etbcv)

–done

Artikel Terkait:

4 responses to “Information Gathering DNS Menggunakan Dnsmap – Subdomain brute-forcing

  1. renzrawk August 11, 2012 at 3:05 pm

    om jadi ini guna nya buat apa ?

  2. jay August 25, 2012 at 5:13 am

    bisa buat mecari user dan pass gk?
    ^^

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: