seen from Kazakhstan
seen from United States
seen from Malaysia
seen from Australia
seen from China
seen from Switzerland
seen from United Kingdom
seen from United States
seen from Japan
seen from Switzerland
seen from United States
seen from United Kingdom
seen from Switzerland
seen from United States
seen from Greece
seen from United States
seen from Canada
seen from United States
seen from United Kingdom
seen from United States
掃網域下主機名稱的方式...
掃網域下主機名稱的方式…
原文是講滲透測試的前置作業,需要將某個特定 domain 下的主機名稱掃出來:「A penetration tester’s guide to sub-domain enumeration」。 最直接的還是 DNS zone transfer (AXFR),如果管理者沒設好 DNS server 的話,這會是最快的方式。當沒有這個方法時就要用各種其他方式來掃了。 看了一下有幾種方式: 透過各種第三方記錄撈:用 Google 以及 Bing 的 site: 指令過濾;用 VirusTotal 列;翻 Certificate Transparency 記錄;透過 ASN 資訊;透過 Forward DNS。 程式類的 DNS query:用 DNSRecon;Altdns 其他:透過 NSEC 的 ldns-walk;甚至是 NSEC3 的 nsec3walker。…
View On WordPress
Estou trabalhando nisso, sei que há essa parte de mim que é simplesmente detestável, não posso mudar isso, mas, posso tentar ser a melhor versão de mim mesmo.
NorthKoreaDNSLeak - Snapshot of North Korea's DNS data taken from zone transfers.
Mandatory, at it again.
Secondary unallowed AFXR to Primary
(thanks M@!)
Video de como aprovecharse de la vulneravilidad AXFR en servidores DNS con mala configuracion y tambien demostrando la fuerza bruta hacia los subdominios (en base a un ataque de diccionario) de un determinado objetivo.
