• 98 | Chapter 3: Reconnaissance
    		•

    DNS Reconnaissance and whois | 97




    Download 22,59 Mb.
    Pdf ko'rish
    bet97/225
    Sana14.05.2024
    Hajmi22,59 Mb.
    #232856
    1   ...   93   94   95   96   97   98   99   100   ...   225
    Bog'liq
    learningkalilinux

    DNS Reconnaissance and whois | 97

    #
    # The following results may also be obtained via:
    # https://whois.arin.net/rest/nets;q=8.9.10.0?showDetails=true&showARIN=
    # false&showNonArinTopLevelNet=false&ext=netref2
    #
    NetRange: 8.0.0.0 - 8.255.255.255
    CIDR: 8.0.0.0/8
    NetName: LVLT-ORG-8-8
    NetHandle: NET-8-0-0-0-1
    Parent:
    ()
    NetType: Direct Allocation
    OriginAS:
    Organization: Level 
    3
    Communications, Inc. 
    (
    LVLT
    )
    RegDate: 1992-12-01
    Updated: 2012-02-24
    Ref: https://whois.arin.net/rest/net/NET-8-0-0-0-1
    When larger blocks are broken up, a 
    whois
    lookup will tell you not only who owns the
    block you are looking up but also what the parent block is and who it came from.
    Let’s take another chunk out of the 8.0.0.0–8.255.255.255 range. In 
    Example 3-14
    , you
    can see a subset of that block. This one belongs to Google, as you can see. However,
    before the output you see here, you would see the same block as you saw in the earlier
    example, where Level 3 Communications owns the complete 
    8.
    block.
    Example 3-14. whois query showing a child block
    # start
    NetRange: 8.8.8.0 - 8.8.8.255
    CIDR: 8.8.8.0/24
    NetName: LVLT-GOGL-8-8-8
    NetHandle: NET-8-8-8-0-1
    Parent: LVLT-ORG-8-8 
    (
    NET-8-0-0-0-1
    )
    NetType: Reallocated
    OriginAS:
    Organization: Google LLC 
    (
    GOGL
    )
    RegDate: 2014-03-14
    Updated: 2014-03-14
    Ref: https://whois.arin.net/rest/net/NET-8-8-8-0-1
    OrgName: Google LLC
    OrgId: GOGL
    Address:
    1600
    Amphitheatre Parkway
    City: Mountain View
    StateProv: CA
    PostalCode: 94043
    98 | Chapter 3: Reconnaissance

    Country: US
    RegDate: 2000-03-30
    Updated: 2017-10-16
    Ref: https://whois.arin.net/rest/org/GOGL
    OrgTechHandle: ZG39-ARIN
    OrgTechName: Google LLC
    OrgTechPhone: +1-650-253-0000
    OrgTechEmail: arin-contact@google.com
    OrgTechRef: https://whois.arin.net/rest/poc/ZG39-ARIN
    The way we can use this is to take an IP address we have located, such as a web server
    or an email server, and determine who owns the whole block. In some cases, such as
    the O’Reilly web server, the block belongs to a service provider, so we won’t be able to
    get other targets from that block. However, when you find a block that belongs to a
    specific company, you have several target IP addresses. These IP blocks will be useful
    later, when we start doing some more active reconnaissance. In the meantime, you
    can also use 
    dig
    or 
    nslookup
    to find the hostnames that belong to the IP addresses.
    Finding the hostname from the IP requires the organization to have a reverse zone
    configured. To look up the hostname from the IP address, there needs to be pointer
    records (PTRs) for each IP address in the block that has a hostname associated with
    it. Keep in mind, however, that a relationship doesn’t necessarily exist between the
    reverse lookup and the forward lookup. If 
    www.foo.com
    resolves to 1.2.3.42, that
    doesn’t mean that 1.2.3.42 necessarily resolves back to 
    www.foo.com
    . IP addresses may
    point to systems that have many purposes and potentially multiple names to match
    those purposes.

    Download 22,59 Mb.
    1   ...   93   94   95   96   97   98   99   100   ...   225




    Download 22,59 Mb.
    Pdf ko'rish